How to create and use SSH Key?

Sean101 · Sep 20, 2016

I heard that there was a way log into a VPS quite safe that is using SSH Key to replace the password. As the default setting, each VPS that you log in with, you will need a username root and password that have been sent by your VPS provider when you purchased a VPS package. Therefore, some peopled encouraged me to become familiar with SSH Key to login to VPS but I am new to this, does anyone guide me on how to create and use SSH Key?

VirtuBox · Sep 20, 2016

Yes using SSH key is a good practice to secure a server. You can find a complete guide here. And to avoid useless bruteforce change your ssh port in the file /etc/ssh/sshd_config from 22 to another one. (check there is no service using it)

Cort Ammon · Sep 20, 2016

@Sean101

Creating SSH Key
If you use Windows and using PuTTY to login to your VPS via SSH, you can use the software PuTTY-Gen to generate SSH key, you can download it from here View attachment puttygen.zip

Once your download is complete, choose the options as below and press Generate.

While creating, you need to move the mouse over the blank area as below (under the loading bar)

Once created, you will see it is like this.

Now put the keyphrase for it by filling keypharse above.

Then click Save Private Key and store it in a safe place or on Dropbox and you can use later.

Public key is charaters which starts with ssh-rsa....... This will need to copy to your server in ssh folder in next steps.

Adding public key into VPS

Code:

mkdir ~/.ssh
chmod 0700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 0644 ~/.ssh/authorized_keys

If ssh folder is created, just start from the command chmod 0700 ~/.ssh

Then open the file authorized_keys in directory .ssh in the user's home directory and copy the entire character of the public key into this file.

Code:

nano ~/.ssh/authorized_keys

Copy public key and right click to paste into authorized_keys file, Ctrl + O to save and Ctrl+X to exit.

Note:
SSH Key will not work if you are enabling SELinux. Please disable SELinux by opening the file /etc/selinux/config

Code:

nano /etc/selinux/config

Find SELINUX = enforcing and replaced with SELINUX = disabled
After that using reboot command to reboot your server

Code:

reboot

To check if SSH key is working or not, just create a new account and at SSH -> Auth, browse your public key file created before

Save this account for next logins

Now when you login to your VPS, it will prompt you the keyphrase and you need to type keyphases to login.

For example, you should see these

Code:

login as: root
Authenticating with public key "rsa-key-20160920"
Passphrase for key "rsa-key-20160920":
Last login: Mon Sep 19 23:34:26 2016 from YOUR_IP

Turn off password function

After the test, if you were able to log on to the server using SSH Key, you can disable the password with following ways

Code:

nano /etc/ssh/sshd_config

and change to

Code:

PasswordAuthentication no
UsePAM no

Hope it helps!

MooseLucifer · Sep 20, 2016

If you are using Linux, you don't need to have PuTTY-Gen to create SSH key, just using your Terminal.

After logged into your root account, type

Code:

ssh-keygen -t rsa

Press Enter when you are being asked where to store key file( the default is /root/.ssh/id_rsa)

Type your passphrase if needed.

Now you will have 2 files id_rsa.pub (public key) and id_rsa (private key) to use.

For example, it should be

Code:

[root@myvps1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
2c:0c:06:3e:a9:55:0e:d7:e6:8f:cf:93:24:35:8b:c2 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|  o o.           |
| . B  o          |
|  = +o           |
| o o o..o        |
|.  .  o=So       |
|    E +.+        |
|     . = .       |
|        =        |
|         .       |
+-----------------+

Using nano command to view public key

For example

Code:

[root@myvps1 ~]# nano /root/.ssh/id_rsa.pub

Code:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6rK8cgJpAt9beprKDGcWCnsmlaDeiBM7glTydl97iZb05ZYhoKARmDB9dzqBw8HhPv9uepfAa2q8HY21EiEynLrNscYiOlEwEFip0z19rJdfA2KS2647BA16QMrq5lL+bZwgAuBbZbw+ydhjhUdhAIZOiGgOxyhZ$

The next step, you can follow tips from Cort Ammon as above to add public key into your VPS.

Code:

mkdir ~/.ssh
chmod 0700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 0644 ~/.ssh/authorized_keys

Good luck!

livialivia · Dec 8, 2016

Maybe..BUt if you need to create a strong password you can use Password Manager and it can provide a good one for you

HostXNow · Dec 8, 2016

MooseLucifer said:
If you are using Linux, you don't need to have PuTTY-Gen to create SSH key, just using your Terminal.

After logged into your root account, type

Code:

ssh-keygen -t rsa

Yes, I use

ssh-keygen -t rsa -b 4096

BillEssley · May 11, 2017

Thanks for great article @Cort Ammon

livialivia said:
Maybe..BUt if you need to create a strong password you can use Password Manager and it can provide a good one for you

Can I trust Password Manager software?

How to create and use SSH Key?

Sean101

Member

VirtuBox

Well-known member

Cort Ammon

Member

Attachments

MooseLucifer

Well-known member

livialivia

New member

HostXNow

Well-known member

BillEssley

Well-known member

Latest posts New threads

Latest posts

New threads

Latest Hosting Offers New Reviews

Latest hosting offers

Popular Contributors - Past 30 Days

Sponsors

Tag Cloud