SSH Keys: How to generate an SSH Key for remote access to your server
SSH is a basic tool for system administrators to access your server. Access with username and password is not a very secure way, with SSH Keys it’s not just easier, its also more secure. Many bots try to break into your system. They make bruteforce attacks and if the password is weak, they will get access to your server.
The preferred way is to leave remote access open, because you need it, but you close the user/password authentication and you log in with an SSH-key. This method consists on authentication via asymmetric cryptography. The user’s private key is the one that grants the authentication.
Another advantage of SSH-keys is, that you do not need different passwords to log in to different servers. It is possible, that a user can authenticate on all servers, where his public key is installed.
How to generate SSH Keys
Generate an SSH Key on Mac-OS or Linux
On the client machine open your Terminal.
Enter the following in the command line:
ssh-keygen -t rsa -C "firstname.lastname@example.org"
instead of the email address you can also add your hostname, if you want. Press enter.
You will see the following output:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
on Mac OS your key will be saved here /Users/username/.ssh/id_rsa where username stands for your real username on your computer.
Let the path as suggested and just hit enter at this question.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
The same here: do not enter a passphrase, just hit enter.
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
Now 2 files have been created:
id_rsa is your private key. Never share this key, keep it private on your machine.
id_rsa.pub is your public key. This is the key you install on your server and you can share.
Generate an SSH Key on Windows
For Windows you need an additional program to create an SSH Key. We recommend to use PuTTY.
PuTTY is an SSH client for Windows and you can generate your SSH keys. You can download PuTTY from www.chiark.greenend.org.uk.
When you install the PuTTY client, you also install the PuTTYgen utility. PuTTYgen is the utility whith which one you generate your SSH key.
To generate an SSH key with PuTTYgen, follow these steps:
- Open the PuTTYgen program.
- For Type of key to generate, select SSH-2 RSA.
- Click the Generate button.
- Move your mouse in the area below of the progress bar. When the progress bar is full, PuTTYgen generates your key pair.
- Type a passphrase in the Key passphrase field. Type the same passphrase in the Confirm passphrase field. You can use a key without a passphrase, so you are not always been asked for a password if you use your key. So you can leave the fields blank.
- Click the button Save private key. Important! You must save the private key, because you need it to connect to your remote machine.
- Look now for the field “Public key for pasting into OpenSSH authorized_keys”. Right-click in the text field and choose Select All.
- Right-click again in the same text field and choose Copy.
- Also save your public key in a text file for further use. This is the key you can share.
Install the SSH Key on the server
Open the content of the file id_rsa.pub with an text editor which one the client created as outlined above. Copy the content of this file. On the server change to the user directory of the user which one should have access with this key.
open the file
~/.ssh/authorized_keys with an text editor.
append the key you have in your clipboard at the end of the file
Now you can access your server with SSH and SFTP by using your private key.