Set-up SSH keys

Set-up SSH keys

Introduction:

Setting up SSH based security to access your server is a much more effective way than the use of a manual root password. Cracking the security system of a VPS depending on SSH keys is nearly impossible since it secures your VPS in a more sophisticated way by the use of encoded keys.

How do SSH keys work:

  • A key pair will be generated on your local PC.
  • Generating a key pair provides you with two long string of characters: a public and a private key.
  • The public key will be added to your VPS.
  • The corresponding private key pair will be saved on your local PC.
  •  Every time you access your VPS, the SSH system will look up for the private key pair of the public key added to it. The system will unlock only when the two keys match.
  • You can also disable the root password after the SSH keys are set up.

[ht_message mstyle="danger" title="Secure the private key" " show_icon="" id="" class="" style="" ]Make sure that you add the public key to the servers and the private key is saved in a secure location on your PC.[/ht_message]

Follow the below given steps to set up SSH keys:

Step One—Create the RSA Key Pair:

Open the Terminal on your PC

Enter the following command in the terminal:

ssh-keygen -t rsa

Step Two—Save the Keys and Passphrase

The above key generating command will follow up with a couple of questions:

Enter file in which to save the key (/home/user/.ssh/id_rsa):

You can hit Enter, which will save the keys to the user home.

Enter passphrase (empty for no passphrase):

In this step, you will be asked for a passphrase for protecting your private key. We recommend you to add a passphrase since the whole point of setting up SSH is security. You will need to enter the passphrase every time you use the key pair.

If you do not want a passphrase associated with your private key, then simply hit enter leaving the passphrase field empty.

This will complete the key generation process:

ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/demo/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/demo/.ssh/id_rsa.
Your public key has been saved in /home/demo/.ssh/id_rsa.pub.
The key fingerprint is:
4a:dd:0a:c6:35:4e:3f:ed:27:38:8c:74:44:4d:93:67 demo@a
The key's randomart image is:
+--[ RSA 2048]----+
|          .oo.   |
|         .  o.E  |
|        + .  o   |
|     . = = .     |
|      = S = .    |
|     o + = +     |
|      . o + o .  |
|           . o   |
|                 |
+-----------------+

In the above example:

The private key's location: /home/demo/.ssh/id_rsa

The public key's location: /home/demo/.ssh/id_rsa.pub

Step Three—Copy the Public Key to your VPS

Now, you can add your public key to the VPS you want to set up SSH on.

Enter the following command to copy your public key to your VPS:

ssh-copy-id user@xxx.xx.xx.xx

This will copy your public key to the authorized_keys file on your server.

[ht_message mstyle="info" title="" " show_icon="" id="" class="" style="" ]Make sure to replace xxx.xx.xx.xx with your actual Ip address and replace user with your actual username in the above command.[/ht_message]

Once you enter the ssh-copy-id command, you will see information similar to this:

The authenticity of host 'xx.xx.xx.xx (xx.xx.xx.xx)' can't be established.
RSA key fingerprint is b1:2d:33:67:ce:35:4d:5f:f3:a8:cd:c0:c4:48:86:12.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '12.34.56.78' (RSA) to the list of known hosts.
user@12.34.56.78's password: 
Now try logging into the machine, with "ssh 'user@12.34.56.78'", and check in:

  ~/.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

Step FourModifying permissions

Directory .ssh should have 700 permissions and authorized_keys file should have 400 or 600 permissions. To change the permissions, use the following commands:

$ cd
$ mkdir .ssh && touch .ssh/authorized_keys
$ chmod 700 .ssh/ && chmod 600 .ssh/authorized_keys
$ cat id_rsa.pub >> .ssh/authorized_keys && rm id_rsa.pub

Now log into the remote server using ssh or scp/sftp:

$ ssh username@< server-ip >

    • Related Articles

    • How to setup SSH keys using PuTTy Tool- Windows Os?

      About SSH keys: Use of SSH keys favors a very boosted form of security against the brute forces attacking a virtual private server. Use of passwords, independent of their complex nature is always vulnerable towards security threats. SSH keys provides ...

    • Disabling reverse dns lookups in ssh

      Sometimes it is very annoying to wait ten's of seconds to finish remote ssh server's reverse dns lookup procedure. Steps to disable 1. Open configuration file /etc/ssh/sshd_config. 2. Find UseDNS directive and set value to no. 3. In case this ...

    • SSH::Generating a Key Pair for MAC

      Generating SSH keys on Mac OS X The following outlines the process of setting up key-based SSH login on Mac OS X and Mac OS X Server. To set up key-based SSH, you must generate the keys the two computers will use to establish and validate the ...

    • Creating SSH Tunnel From Linux or MacOS

      To create a ssh tunnel, Please follow the below steps: Use the following command to create a ssh tunnel. $ ssh -L 3306:127.0.0.1:3306 username@server.com username@server's password: We are creating SSH tunnel from local port 3306 from our computer to ...

    • Establish SSH server access via only a specific IP address

      Introduction The purpose of this article is to explain the procedure of manipulating Iptables in order to grant access to a particular server only through a specific IP address. To do this you need to append a rule into the Iptables chain. Follow the ...