What is an SSH Key?

SSH is a widely-used protocol for interacting with remote servers for configuration and general usage. SSH Keys are a special kind of credential for logging in to SSH services and encrypting information. They can be used to log into a server without using a password, which is what will be covered in this tutorial.

 

Step 1: Creating a Keypair (Linux/Mac)

For passwordless logins to work, an SSH Keypair must be created. This means that two keys will be created - a private key which will be stored on your computer, and a public key that will be stored on the server.

 

On your local computer, run:

$ ssh-keygen

 

Press ‘enter’ through the prompts as the default values will work perfectly for us.

You will be prompted for a passphrase - this is optional, but will encrypt your keys on your disk for an extra layer of security.

 

After this process completes, two new files will be in your ~/.ssh directory - id_rsa (your private key) and id_rsa.pub (your public key).


Creating a Keypair (Windows)

Download PuTTYgen from: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

 

Launch PuTTYgen and click ‘generate’

 

You will be prompted for a passphrase - this is optional, but will encrypt your keys on your disk for an extra layer of security.

 

Save both keys by clicking the “Save public key” and “Save private key” buttons.

 

Copy the value of the field labelled “Public key for pasting into OpenSSH authorized_keys file field

 

Step 2: Server configuration

We now need to copy our public key to our server so we can authenticate without passwords.

 

If on Linux/Mac (and your client supports ssh-copy-id):

The command ssh-copy-id automatically creates all directories and files needed to set up your public key for passwordless logins.

$ ssh-copy-id <username>@<IP or hostname>

 

If on Linux/Mac (and your client does not support ssh-copy-id):

Get the public key from your local machine by running this command:

$ cat ~/.ssh/id_rsa.pub

 

SSH into your VPS under the user account you wish to install the key to:

$ ssh <username>@<IP or hostname>

 

If on Windows:

Open up PuTTY. In the hostname field, enter the IP or hostname you wish to connect to and click “Open”.

 

All platforms (and your client does not support ssh-copy-id):

Then create a file called “authorized_keys” in ~/.ssh and copy your key to it (If on Windows, the key should still be in your clipboard):

$ echo “<public key>” >> ~/.ssh/authorized_keys
$ chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys

 

Exit out of this SSH session and open a new one to test if passwordless logins work correctly.

 

If you are logged in and weren’t prompted for a password, your VPS is correctly set up for passwordless logins.

 

Step 3: Disable password logins (optional)

Some users choose to disable password logins to increase security. While this may not be suitable for all use cases, we recommend doing so.

 

On your server, run:

$ sudo nano ~/etc/ssh/sshd_config

 

Search for the string:

PasswordAuthentication

 

Uncomment the line and change the line to the following:

PasswordAuthentication no

 

$ sudo service sshd restart


Congratulations! You have successfully set up passwordless logins through keypairs on your VPS. If you are on Windows, consider using Pageant, a tool bundled with PuTTY, to save your private key to memory to avoid having to specify keys for each user on a remote server as well as typing in a passphrase upon every authentication attempt.

Was this answer helpful? 50 Users Found This Useful (82 Votes)