What is an SSH key, and how to create one?
SSH (i.e., Secure Shell) is a remote administration protocol designed for remote operating system management. This protocol ensures that the connection between you and the server is secure, transfers your input to the servers and the output to your machine. It is widely used, and it is part of the essential tools.
What is an SSH key?
SSH keys are used in SSH for authentication. Practically, the SSH keys are almost the same as passwords, but it is definitely more secure to use SSH keys instead of passwords for login to your server. It is recommended to use SSH keys for authentication.
Each SSH key comes in pairs - one public and one private key. The public key is placed on the server, and it defines who can access this system. The private key is being sent every time you log in to the remote system. The private key should not be shared with anyone. You share only your public key.
How to use SSH to control your server?
It is not too complicated to use SSH if you are a Linux or Mac user. However, if you use Windows, you will need to take a few extra steps to make it work, like utilizing an SSH client (e.g., popular client PuTTY) to open SSH connections.
Now, for Mac and Linux users, go to your terminal program and follow the steps below.
The SSH command consists of three parts:
ssh {user}@{host}This command tells your system that you want to open an encrypted Secure Shell Connection. What do those things in the command refer to? {user} and {host} represent respectively the account and the computer (e.g., IP address or a domain name) that you want to access.
Once you press ENTER, you will be asked to enter the password for the account you are trying to access. Type your password and press ENTER once again. If your password is correct, the remote terminal window will appear.
How to generate SSH keys with OpenSSH (Linux and macOS)?
As we have already mentioned, it’s a bit easier to use SSH if you’re using Linux or Mac. Both of the operating systems should have the standard OpenSSH suite of tools already installed. This suite includes the utility ssh-keygen, which we will use to generate a pair of SSH keys.
Firstly, type the following command into your terminal:
$ ssh-keygenAfter that, you will be asked to select a location for the keys. By default, the keys are stored in the ~/.ssh directory with the filenames id_rsa (private key) and id_rsa.pub (public key).
We recommend you accept the default locations because it would allow your SSH client to automatically locate your SSH keys upon authentication. In order to do so, hit ENTER:
Output
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):note: if you have already generated a key pair before, you will be asked to confirm that you would like to overwrite the existing key:
Output
/home/user/.ssh/id_rsa already exists.
Overwrite (y/n)?If you decide to overwrite the existing key, you won’t be able to authenticate with it anymore. If you are confident that you would like to continue and overwrite it, you can do that by pressing Y and ENTER.
So, back to generating a pair of keys. If you select the default location, your private and public keys will be located in /home/user/.ssh/id_rsa.pub and /home/user/.ssh/id_rsa, respectively.
Once you select the keys’ location, you will be asked to enter an optional passphrase to encrypt your private key file on the disk. It is optional. However, if you decide to enter the passphrase, you will need to provide it every time you use this key. We recommend you do it. If you wish to skip this step, just press ENTER.
Output
Created directory '/home/user/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:Once it is done, your system will generate a pair of SSH keys.
Output
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
a9:49:EX:AM:PL:E3:3e:a9:de:4e:77:11:58:b6:90:26 user@203.0.113.0
The key's randomart image is:
+--[ RSA 2048]----+
| ..o |
| E o= . |
| o. o |
| .. |
| ..S |
| o o. |
| =o.+. |
|. =++.. |
|o=++. |
+-----------------+That’s all. Congratulations! You now have a public and private key for authentication. They can be used to connect with a remote server securely.
How to generate an SSH key pair on Windows?
In order to generate an SSH Key on your Windows machine, we recommend you install PuTTY. When you install this client, additional software will also be installed - PuTTY keygen tool. This tool can be used to generate SSH keys. Here is how:
-
Open the PuTTY keygen tool.
-
Click on the Generate button.
-
Move your cursor around in the grey box until you fill the green bar above.
-
Then click on the Save public key. Choose a name and location to save the key.
-
Click on the Save private key button. You can set a passphrase for your key, but it is not necessary. Again, choose a name and location to save the private key.
That’s it.
How to use my SSH key pair to connect to my server?
The SSH keys are a preferable way of authentication between you and the server because it is more secure. To use your SSH key to sign in to your servers, you need to set your public key (the content of the file /home/user/.ssh/id_rsa.pub, which we generated in the previous step) on the remote server. Your public key should be pasted in the authorized_keys file for the specific user.
For example, if you want to use this key to log in as a root user, you have to place your public key in /root/.ssh/authorized_keys. If you want to login as a johnny user, you put your public key in /home/johnny/.ssh/authorized_keys. You got the pattern.
That’s all. If you try to connect to your server again, it should not ask you for a password. Instead, you should be signed in to your server right away.
note: If your private key is not under the default name (/home/user/.ssh/id_rsa), it wouldn’t be discovered automatically. You have to add the path to your private key whenever you log in to your server. You can do so by adding the -i parameter followed by the path of your private key.
For example: ssh root@your_server_ip -i /home/user/.ssh/my-key