Configure SSH Keys

In this article, we will look at how to create SSH keys on devices with different operating systems and how to copy them to a server for SSH connections.

Create SSH Keys

Follow these steps to create an SSH key pair on your local machine.

This guide will work for Linux, MacOS, and the newer versions of Windows 10 starting from 1809, which have a built-in SSH client. If you have an older version of Windows, you will need to use an SSH client such as PuTTY.

1. Launch a terminal or Windows PowerShell on your computer and run the command:

ssh-keygen

2. You will see a similar message:

Generating public/private rsa key pair.

Enter file in which to save the key (/home/user/.ssh/id_rsa):

3. Press Enter to save the key to the default directory.

4. Next, set a passphrase or press Enter to leave it blank. Using a passphrase increases security, but you will have to enter it every time you log in to the server.

That’s it; the keys are created. 

The private key will be stored on your machine, while the public key should be copied to the server. This can be done manually as described below or, more conveniently, by using your Hostman control panel.

Create SSH Keys with PuTTY

Old Windows versions don’t have OpenSSH, so you'll need a special program, PuTTYgen. You can download the puttygen.exe distribution from the official PuTTY website.

1. Launch the program.

2. Select RSA in the Type of key to generate block and click Generate.

3. Move your mouse randomly in the space below the loading line to generate random values.

4. After the key is created, you can set the Key passphrase. This is optional; you can leave the line blank. If you choose to set a passphrase, please note that you will need to enter it each time you log in using the key.

5. Next, save the created keys by clicking on the Save public key and Save private key buttons, for example, as id_rsa.pub and mykey.ppk.

6. Also, copy and save the contents of the Public key for pasting... window as a text file, as you will need them later when copying the SSH key to the server or the Hostman panel.

Copy an SSH Key to the Server

You can also transfer the public SSH key to the server via Hostman control panel.

Run the following command on your local computer's terminal. In place of user, enter a username created on the server, and in place of server, enter the server IP address.

Linux and MacOS

ssh-copy-id user@server

For example:

ssh-copy-id root@38.62.228.244

Windows

type $env:USERPROFILE\.ssh\id_rsa.pub | ssh user@server "cat >> .ssh/authorized_keys"

For example:

type $env:USERPROFILE\.ssh\id_rsa.pub | ssh root@38.62.228.244 "cat >> .ssh/authorized_keys"

As a result, the contents of the id_rsa.pub file with the public key will be copied to the ~/.ssh/authorized_keys file on the server, and in the future, you will be able to establish a connection to the server using the command:

ssh user@server

For example:

ssh root@38.62.228.244

Windows (with PuTTY)

On older Windows versions, you will need the pageant utility to copy the SSH key to your server. You can download the pageant.exe distribution from the official PuTTY website.

1. Connect to the server via SSH via Putty and run the command to create a file on the server to store keys:

chmod 0700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 0644 ~/.ssh/authorized_keys

2. Open the file:

nano ~/.ssh/authorized_keys

3. Paste the text public key, previously copied from the PuTTYgen window, into it and save the file.

4. Launch pageant. Its icon will appear in the tray. Right-click on it and select Add Key.

5. Enter the path to the private key mykey.ppk, saved earlier, and click Open. If you added a passphrase when creating the key, pageant will ask for it at this stage.

To check that key authorization works, run PuTTY, connect to your server, and enter your login. If everything is configured correctly, you will see an output similar to this in the console window:

Authenticating with public key "rsa-key-20151220" from agent

Disable Password Authentication

You can disable password authentication on your server to ensure that it can only be accessed with the SSH key. To do this, you need to edit the /etc/ssh/sshd_config file on your server.

1. Connect to the server via SSH and open the file with the command:

sudo nano /etc/ssh/sshd_config

2. Find the PasswordAuthentication line in it and replace its value with:

PasswordAuthentication no

3. Save the changes, then restart the SSH service:  

sudo service ssh restart