In this tutorial you will learn how to set up SSH keys on your local device and use the generated pair of keys for connecting to a remote server. This method is more convenient and provides a more secure way of connecting to the remote server/machine than simply using a password.
Additionally, you can check out this tutorial on “How to Connect to your VPS using Putty”. It will be very helpful if you are running Windows OS and not sure how to connect to the server: How to Connect to your VPS using Putty.
What you’ll need
Before you begin this guide you’ll need the following:
- Access to your local device.
- Access to the remote device.
- A terminal suitable for SSH connection.
Table of Contents
Step 1 — Generating the SSH keys
You can generate and set up the RSA keys on Linux / Unix system using any kind of Terminal type of environment which your local device has.
After entering the Terminal, you will be taken to a window similar to this:
Here you can start writing needed commands:
The first thing you need to do is generate the pair of keys on your local machine. You can do it with this simple command:
ssh-keygen -t rsa
Once you enter this command, a few new questions will pop up:
Enter file in which to save the key (/home/tautvydas/.ssh/id_rsa):
Generally it is recommended to simply leave it as it is (press ENTER without typing anything) so that the key generator could create the key pair in the default location (in this tutorial I entered a different name tut_id to avoid duplicate keys, since my local device already had an id_rsa keys generated). Second two questions which will pop up:
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Now for convenience reasons, I like to leave those empty as well. That way, after setting the keys up with your remote server, you won’t need to use any kind of password to log in. You will simply enter the
ssh user@serverip command and it will log you in as long as the keys are properly set up. But if you need even more security, you can enter a passphrase in this section. If you choose this option, you will need to enter the password every time you connect to the remote device.
That is basically it, you should see something like this in your Terminal:
Looking for a better way to host your website?
Transfer your website to the fastest web hosting platform with 24/7 dedicated support.
Your generated Image WILL look different from mine. As well as the key fingerprint.
IMPORTANT! There are two keys created here (PRIVATE and PUBLIC): tut_id and tut_id.pub (in your case, should be id_rsa and id_rsa.pub). Take a VERY good care of the file named id_rsa (this is the PRIVATE key), have it ONLY on your local device and DO NOT give it to ANYONE.
Other file, id_rsa.pub must be uploaded to your remote machine. So for example, if you and your friend is working on the same project in the same remote server, you both can put your public keys in that remote server. In the next step, we will learn how to do that.
Step 2 — Copying the Public key to your remote server
After generating the RSA key pair, we have to put our public key to the remote virtual server.
There is a simple command which will put your public key directly to the remote server’s authorized_keys file (this file keeps all the public keys:
Here instead of serverip, you have to enter your remote server’s IP address and instead of user, you have to enter the username of the server you are connecting to.
After entering the command, you should be greeted with a Warning message similar to this:
The authenticity of host 'Server's IP address' can't be established. RSA key fingerprint is ... Are you sure you want to continue connecting (yes/no)?
Type in yes in the command line and hit ENTER. This message appears only the first time you are performing this action.
Another message will pop up:
Warning: Permanently added 'SERVER IP' (RSA) to the list of known hosts. user@serverip's password:
Here you must enter the password of remote server user (in most cases username is root). After entering the password, that should basically be it. You will be greeted with another message:
Now try logging into the machine, with "ssh 'user@serverip'", and check in: ~/.ssh/authorized_keys* to make sure we haven't added extra keys that you weren't expecting.
as the new public key has been added to your remote server. Now every time you log into your remote server, you won’t be prompted for a password (unless you set up a passphrase for your RSA key in the generation process).
In this tutorial, you have learned how to generate SSH private/public key pair and use those keys with your remote server in order to set up a more secure connection than simply using the password.