What is an SSH key and how to create one

SSH, also referred to as Secure Shell, is a remote administration protocol designed to help you operate your system remotely. The protocol is mainly utilized to establish a secure connection between you and the server. Additionally, the protocol also transfers your input to the server and displays the output back on your machine. This makes SSH an essential tool when it comes to server management.

What is an SSH key?

SSH keys are used to authenticate and establish the connection from your machine to the server. In general, they function in a similar way to passwords, however, they are much more secure due to the extra layers of security. Because of this, it is essential and recommended to use SSH keys when connecting to your server remotely.

Each SSH key consists of a public and private key pair. The public key is stored on the server and determines who can gain access to the system. The private key is sent to you separately each time you log into the remote system. You should never share your private key with anyone!

How to use SSH to control your server

When it comes to using SSH, there are a number of steps that you need to complete before you can securely get access to your server. However, if you are a Windows user, you will need to take a few extra ones in order to make it work such as utilizing a SSH client to open SSH connections.

If you are a Mac or Linux user, the process is quite simplified. All you will need to do is to open up your terminal and enter a few commands. The SSH command consists of 3 parts:

ssh {user}@{host}

This command tells your system that you want to open an encrypted Secure Shell Connection, while {user} and {host} respectively represent the account and the machine or server (which can also be an IP address or a domain name) that you are trying to access.

Once you press ENTER, you will be asked to enter the password for the account you are trying to log into. Type your password and press ENTER once again and you will be successfully logged into the remote access terminal.

How to generate SSH keys with OpenSSH (Linux/macOS)

As already mentioned, it’s generally easier to use SSH if you’re using Linux or Mac. Both operating systems have the standard OpenSSH suite of tools already installed including the utility ssh-keygen which are required in order to generate SSH key pairs.

Firstly, type the following command into your terminal:

$ ssh-keygen

After that, you will be asked to select a location for the keys. By default, the keys are stored in the ~/.ssh directory with the filenames id_rsa (private key) and id_rsa.pub (public key).

We recommend you keep the default locations because it will allow your SSH client to automatically locate your SSH keys upon authentication. If you would like to keep the default placement hit ENTER:

Output
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):

IMPORTANT: If you have already generated a key pair before, you will be asked to confirm that you would like to overwrite the existing key with a similar message:

Output
/home/user/.ssh/id_rsa already exists.
Overwrite (y/n)?

If you decide to overwrite the existing key, you won’t be able to authenticate with it anymore. If you are confident that you would like to continue and overwrite it, you can do that by typing Y and clicking ENTER.

If you have selected the default location, your private and public keys will be located in /home/user/.ssh/id_rsa.pub and /home/user/.ssh/id_rsa respectively as we mentioned before.

Once you select the keys’ location, you will be asked to enter an optional passphrase to encrypt your private key file on the disk. This step is entirely optional. However, if you decide to enter the passphrase, you will need to provide it every time you use this key. While this can be an additional extra step when logging in, we recommend doing it as it adds another layer of security. If you wish to skip this step, just press ENTER.

Output
Created directory '/home/user/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Once completed, your system will generate a pair of SSH keys.

Output
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
a9:49:EX:AM:PL:E3:3e:a9:de:4e:77:11:58:b6:90:26 user@203.0.113.0
The key's randomart image is:
+--[ RSA 2048]----+
|     ..o         |
|   E o= .        |
|    o. o         |
|        ..       |
|      ..S        |
|     o o.        |
|   =o.+.         |
|. =++..          |
|o=++.            |
+-----------------+

That’s all - you now have a public and private key that you can use for authentication and secure connection to your server.

How to generate an SSH key pair on Windows

In order to generate an SSH key pair on your Windows machine, we recommend installing PuTTY. Once you have downloaded and installed the client, you will also get the PuTTY keygen tool, which can be used to generate SSH keys. The process is really simple, consisting of a few steps, which are:

1. Open the PuTTY keygen tool.
2. Click on the Generate button.
3. Move your cursor around in the gray box until you fill the green bar located above.
4. Then click on the ‘Save public key’ and choose a name and location to which you want to save the key.
5. Click on the ‘Save private key’ button. You can also set a passphrase for your key, but similarly to Mac or Linux -  is not necessary. Finally, choose a name and location to which you would like to save the private key to.

That’s it - you have successfully generated an SSH key pair.

How to use my SSH key pair to connect to my server

As we already mentioned, using SSH keys to establish an authenticated connection between you and your server is substantially more secure than doing it in any other way. To utilize your SSH key to log into your server, you will need to manually place and configure your public key, located in the /home/user/.ssh/id_rsa.pub file, onto the remote server. You should paste your public key in the authorized_keys file for the specific user.

For example, if you want to use this key to log in as the root user, you have to place your public key in /root/.ssh/authorized_keys. If you want to login as another user such as ‘example’, you will want to paste your public key in /home/example/.ssh/authorized_keys.

Once you have configured your keys, your server shouldn’t ask you for a password the next time you log in.

IMPORTANT: If your private key is not in the default directory (/home/user/.ssh/id_rsa), it will not be discovered automatically. You have to manually add the path to your private key when you log into your server. You can do so by typing in the -i parameter followed by the path of your private key such as: ssh root@your_server_ip -i /home/user/.ssh/my-key.