The Secure Shell (SSH) protocol is perhaps the best-known way to establish a secure connection between a client machine (your laptop, phone, or desktop computer) and a remote server in an office, data center, data or in your home network. You’ll probably use SSH if you want command line access on your web hosting service or on a headless Raspberry Pi. SSH is available in one form or another for almost every operating system and is often built into the operating system.
Most servers give you the choice of connecting to SSH via a password or via SSH keys, which are more secure. The SSH key method uses cryptographically generated public and private keys to create an encrypted connection between devices.
Our public key is stored on the remote machine and a private key is stored on our machine. Both SSH keys are required to establish a secure connection. Keys can also be used with passwords to add another level of security, but they can also be used without, for example in automated processes.
In this guide, we will learn how to create SSH keys using PuTTY, the most popular SSH client, and Windows command prompt/Linux terminal.
Preparing the remote server for SSH keys
Our remote machine may be in a data center managed by a web hosting service, our office or our home. Typically, Linux servers such as VPS and cloud hosting will have SSH running by default, using passwords for secure connections. If not, you will need to enable SSH through your VPS/cloud service control panel. If you are using a home server, it may not be installed. If so, follow these steps before continuing.
1. Open a terminal and find an SSH service running on the machine. If the SSH service is running, it will return Active: active (running).
sudo service ssh status
2. On the physical server, open a terminal and install OpenSSH Server. You will need to be seated in front of the machine to issue these commands.
sudo apt update
sudo apt install openssh-server3. Start the SSH service.
sudo service ssh start4. In your home directory, create a hidden directory called .ssh.
mkdir .ssh5. Close the connection by pressing CTRL+D or typing exit and pressing Enter.
Using PuTTY to connect to a remote server using SSH keys
PuTTY is an application for creating and managing SSH and serial connections to devices. PuTTY comes with its own key generation application and in this part of the guide we will create an audience for our remote server and our private key on our trusted device.
1. Download and install PuTTY. Windows has its own command prompt, which can be used with SSH, but PuTTY is by far the most accessible way to open an SSH connection.
2. Search puttygen and open the app.
3. Click RSA and set the bits to 4096. Click Generate to create a key.
4. Move the mouse around the blank area of the dialog box to generate a random seed for the key.
5. Create a passphrase for the key. This is recommended for SSH keys that will be used in interactive sessions.
6. Save the public key as id_rsa_putty.pub in a folder called .ssh.
7. Save the private key as id_rsa_putty.ppk. The ppk file is Putty’s own private key format.
8. Highlight the public key and copy the text.
Copy of the public key to the remote server
1. Launch PuTTY.
2. Enter the IP address or hostname of your remote server and click Open.
3. When prompted, enter your username and password for the remote server. Note that the password is not displayed. This is a safety feature to prevent “shoulder surf”.
4. Using the nano text editor, create a new file named authorized_keys in the .ssh directory.
5. Right click and paste the public key (created in PuTTYGen) in the blank folder. to safeguard by pressing CTRL+X, then Y and Enter.
6. Log out of the SSH session by pressing CTRL+D.
7. Reopen putty and go to SSH >> Auth.
8. Select the Putty private key (ppk) that we just created.
9. Return to Session, enter your server’s hostname/IP address and click open to start a connection.
10. Enter your user name and then the passphrase for your key. Press Enter to connect.
Image 1 of 2
You now control the remote server, using a Linux terminal running in the Linux filesystem. To close a connection, use CTRL+D or click the X to close the window.
How to create an SSH key pair via command prompt/terminal
Creating an SSH key pair from the Linux command prompt/terminal can be done with a single command and a few questions to answer. We configure the public and private keys on our client machine, by copying the public key to the remote server. These steps apply to Windows Command Prompt and Linux Terminal.
1. Open a command prompt by pressing the Windows key and search for CMD. Press Enter to run.
2. Use the ssh-keygen command to create an SSH key using the RSA key type, with 4096 bits.
ssh-keygen -t rsa -b 4096
3. When prompted to name your key, press Enter. This will save the private and public key in the .ssh directory for your named account. For example, our keys were saved in C:Userslespo.ssh. Linux users, the keys will be saved in .ssh in your home directory homeuser.ssh
4. When prompted, give your key a passphrase as an extra level of security. A passphrase is an extra security step for SSH keys that will be used by real users (interactively). A passphrase is not required if the SSH connection is used in an automated script.
5. Change directory to the location of your SSH keys. Here we assume you are in your named account. For example C:Userslespo is ours. On Linux it would be /home/les/.ssh
cd .ssh6. List the files in the directory. There should be id_rsa and id_rsa.pub.
Windows Command
dir
Linux Command
ls
Copy of the public key to the remote server
The public key is stored on our remote server and interacts with the private key on our trusted machine to form a secure connection. In order to get the public key from our server, we need to copy (scp) the file securely.
1. In a command prompt, use the scp command to safely copy id_rsa.pub to your home directory on the remote server. You will need to know the remote computer’s IP address or hostname. In our example, we copied the file to testuser@192.168.0.10:/home/testuser/
scp id_rsa.pub user@hostname:/home/username2. SSH into the remote computer.
ssh user@hostname3. Check that the id_rsa.pub file is present in your home directory.
ls *.pub4. Copy the contents of the file to a new file in the .ssh directory. Using the cat command, we pipe the contents to the file, authorized_keys using a pipe that appends the data to the file (>>).
cat id_rsa.pub >> .ssh/authorized_keys5. Close the SSH connection by pressing CTRL+D or typing exit.
6. Reconnect via SSH to the remote computer. If you created a passphrase for your SSH key, you will be prompted to enter it.
Use SSH keys on another machine
Reusing your private SSH key is possible, but it is not security best practice. Losing a laptop with the key means you will need to regenerate your keys. Best practice would be to generate a new key pair for each device that wants to connect. Added the public key to the authrozied_keys file on the server. That said, it’s relatively easy to reuse a private key across multiple devices.
Reuse a PuTTY private key
PuTTY stores the private key as a PPK key and this file is all we need for a machine to connect to a remote server using our public key.
1. Navigate to your .ssh folder and copy the PPK file to a USB drive. Keep this USB drive safe as it can be used by anyone to access your server.
2. Insert the USB drive into another computer.
3. Create an .ssh folder in your home directory. For Windows it would be C:Usersusername.ssh and Linux /home/user/.ssh.
4. Copy the PPK file to the .ssh directory.
5. Follow step 7 of Copying the public key to the remote server to connect.
Reusing a command prompt/terminal private key
1. Navigate to your .ssh folder and copy the private key file to a USB drive. Keep this USB drive safe as it can be used by anyone to access your server.
2. Insert the USB drive into another computer.
3. Create an .ssh folder in your home directory. For Windows it would be C:Usersusername.ssh and Linux /home/user/.ssh.
4. Copy the private key file to the .ssh directory.
5. Start an SSH session on the remote computer. If you created a passphrase for your SSH key, you will be prompted to enter it.
ssh user@hostname
Comments are closed.