What Are the Benefits of SSH Key Based Authentication?
SSH (Secure Shell) is an open source — and most trusted — network protocol used for logging into servers remotely. This allows the execution of commands and programs through the server itself. SSH may also be used to transfer files between computers over the network using Secure Copy (SCP) protocol. The best way to ensure the security of the server is to use SSH Keys.
SSH Keys are a way to further secure your server against malicious activities directed at trying to SSH into your server. SSH Keys provide a level of authorization that can only be fulfilled by those who have ownership to the private key associated with the public key on the server. An unwanted visitor may be able to get access to the server’s public key, but without the associated private key they will be unable to gain access to the server, even if they know the password.
With an SSH Key set up, you can also safely login to your server without any need of a password at all. The server will require the connecting computer to have the private key associated to the server’s public key to connect. As a result, this means that with or without the password, only users with the private key generated with the public key can gain access.
How Do I Setup Key Based Authentication?
The following guide will help you create a public / private key pair, get them installed and ready to use for your SSH server;
Local Linux/Mac OS to Remote Linux Server (Cloud/Dedicated)
Step 1: Enter the following command locally
$ ssh-keygen -t rsa
This will generate two files in your hidden ~/.ssh directory
- id_rsa – your private key
- id_rsa.pub – your public key
Step 2: Choose whether or not you want a password upon setup; Hit “Enter” to set no password, otherwise type the password to be used and then hit “Enter” afterwards.
NOTE: When you add a passphrase to the SSH key, it will require both the private key and the passphrase when logging into the server.
Step 3: Then, set the Permissions on your folders and private key. This makes them only accessible as the owner of the files.
chmod 700 ~/.shh chmod 600 ~/.ssh/id_rsa
Step 4: Copy and install your public key (id_rsa.pub) to the server’s authorized_keys list.
cat ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keys
Note: Make sure to backup and authorized keys prior to making changes to this file or they will be lost.
Step 5: Set your server permissions. This makes the folder only accessible to the owner of the folder.
chmod 600 ~/.ssh/authorized_keys
Step 6: Set Proper SELinux context
restorecon -Rv ~/.shh
How to use an SSH Key?
To use the SSH key, you will need to use the private key and public key. Start by saving each to a local file on your computer. However, each SSH Client will be different on how to enter in the private and public key. Some may require you to upload the Files you created with the SSH key information, while others may just ask you to copy and paste the information into the SSH Client.
If you have an SSH client installed such as PuTTY, it should also come with a program called PuTTYgen. PuTTYgen will help you to create an SSH key based off of random inputs from you.
It will also help you to make the keys in the format PuTTY requires, simply click the Save Public/Private Key. You can also copy your Public Key as well from the box at the top, indicated by the arrow. The public key is what you will need to enter on your server to permit people logging in with the private key access to the server. You can also generate a Key Phrase from PuTTYgen as well.
To add the private key to PuTTY, Click on the + by the SSH option in the window, then Click Auth. On this page browse to your Private key. Then Click back on Session to login. You can then save this configuration on the lower half of the session window.
SSH Key through PuTTY
If you wish to know how to set up an SSH key for your Cloud VPS service, we have provided a step-by-step instructional guide for your convenience. The guide Setting up and SSH Key through Putty, should help you set this up. Setting up the SSH Key through PuTTY, you will need to upload the public key to the server (Commonly done through FTP or SFTP)