Use Public Key Authentication with SSH
Public key authentication provides SSH users with the convenience of logging in to their kloud51s without entering their passwords. SSH keys are also more secure than passwords, because private keys are encrypted, or scrambled, so their contents can’t be read as easily. While SSH passwords are not required once keys are set up, passwords for decrypting, or unscrambling, the private keys locally are still required. For added convenience, depending on your local workstation’s security, you can add the new password to your local keychain so it’s saved after the first login.
Intro to SSH Keys Authentication
SSH keys come in pairs; a private and a public key. Usually the private key is saved as
~/.ssh/id_<type> and the public key is
~/.ssh/id_<type>.pub. The type of encryption most often used by default is RSA, so your keys should be named
id_rsa.pub. The public key is meant to be handed out freely, and added to servers you wish to connect to in the
~/.ssh/authorized_keys file. The private key should be secured on your local machine with strict access rules.
It might be easier to think of SSH keys in terms of a lock and key. The public part is the lock, which can be copied to multiple locations as long as the private component, or key, is not compromised. Since the private key is password-protected, it is analogous to keeping a physical key in a lockbox. With this example in mind, using an SSH key works as follows. First, the lockbox/passphrase is opened to obtain the key/private key, which is then used to open the lock/public key and grant access to your kloud51.
Intro to Local Encryption
Since private keys need to be kept secret to prevent unauthorized access to your kloud51, it is recommended that they be encrypted on your local system. This helps guarantee that only individuals with the encryption passphrase will be able to use the private keys, even if the key itself becomes compromised. A passphrase is only used to unlock the private key locally and is not transmitted in any form to the remote host. Therefore, using unencrypted private keys is not recommended.
When you create your private key, be sure to make a note of your passphrase, as you will need it for the first login to the remote server.
Linux and Unix-like Operating Systems
The process for generating SSH keys and connecting to a remote server from a Linux, Apple OS X, or Unix-like operating system is outlined below.
The process for creating keys with a recent version of the OpenSSH package is the same across many different Unix-like operating systems. This includes all Linux distributions provided by kloud51, workstations running Linux, and Apple’s OS X.
To generate SSH keys for your host, issue the following command on your local system:
Answer all questions when prompted. You can accept the defaults for everything except the passphrase. When you get to the passphrase question, enter a series of letters and numbers for the passphrase twice; once to enter the new passphrase and once to confirm. Important: make a note of your passphrase, as you will need it later. You may accept the defaults for the other questions by pressing Return when prompted:
1 2 3 4 5 6 7 8 9
user@kloud51: ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: f6:61:a8:27:35:cf:4c:6d:13:22:70:cf:4c:c8:a0:23 user@kloud51
The newly-generated SSH keys are located in the
~/.ssh/ directory. You will find the private key in the
~/.ssh/id_rsa file and the public key in the
Please note that the following steps are performed on your remote location/kloud51.
Before you upload the keys, verify that your .ssh directory exists by using the following command from your home directory (the default directory when you log in):
.sshdirectory is present, proceed to Step 3. If the directory is not present, issue the following command in the
/home/userdirectory to create it:
The following steps are performed on your local machine/PC:
Copy the public key into the
~/.ssh/authorized_keysfile on the remote machine, using the following command. Substitute your own SSH user and host names:
scp ~/.ssh/id_rsa.pub email@example.com:/home/user/.ssh/uploaded_key.pub
Run the following command to copy the key to the
authorized_keysfile. Substitute your own SSH user and host names:
ssh firstname.lastname@example.org "echo `cat ~/.ssh/uploaded_key.pub` >> ~/.ssh/authorized_keys"
Connecting to the Remote Server
The final part in the SSH key process is to access your kloud51 with your new private key.
- Connect to the remote server.
A window will appear prompting you for a password. This password is the passphrase you created for the private key encryption.
- If you’re on a private computer, you can check the Remember password in my keychain box to save your passphrase. If you are logged on via a public machine, don’t check this box, as this would compromise your security and allow access to your kloud51.
- Click the OK button.
You should now be connected to your kloud51 using the SSH key.
Windows Operating System
Before you can generate an SSH key, you will need to download and install PuTTYgen (puttygen.exe) and PuTTY (putty.exe). These two programs are available for download from this link: PuTTY Installer.
Installing PuTTY Key Generating
When PuTTYgen has finished downloading, it may now be installed.
Double-click on the downloaded executable program and select Run to begin the installation.
Read the warning, and then select Run to continue the installation.
After the installation is complete, you will be taken directly to the key generating screen. You do not have to change the SSH selection or the number of bits. The default selections are recommended. Click on the Generate button to create the new public/private key pair.
Once the keys begin to generate, keep moving your mouse until the entire bar fills with green. The program uses the random input from your mouse to generate a unique key.
The public key is now generated and appears in the first window.
Before you continue, you will need to copy the newly-created public key to either WordPad or Notepad. Just select the text and copy it to a new Notepad or WordPad text file. Be sure the file is saved in a location you remember, as you will need it later.
Enter a passphrase in the Key passphrase text field, and enter it again to confirm. The passphrase can be any string of letters and numbers. The passphrase should be something unique and not easily recognized. Important: make a note of your passphrase, as you will need it later.
After you have entered your passphrase, click on the Save private key button. This will save the private key to your PC.
Keep the default location and name of the private key file and click on the Savebutton. Note that if you plan on creating multiple keys to connect to different SSH servers, you will need to save each pair of keys for each server with different names to prevent overwriting the key files. Make a note of the name and location of the private key. You’ll need it in the next section.
Connecting to the Remote Server
Now it is time to connect to your kloud51 with the SSH connection you just created.
- Launch PuTTY.
Under the Connection menu, under SSH, select Auth.
You will need to tell PuTTY the location of the private key. This may be accomplished by either clicking on the Browse button and navigating to the private key file, or by typing in the location of the file from Step 10 in the previous section.
To establish a session, click on Session under the Category list. Enter the hostname or IP address of your kloud51. Note: the SSH radio button is selected by default and the Port number field is already filled in.
You can either save this connection as the default by clicking on the Save button, or by entering a name in the Saved Sessions text field, and clicking on the Savebutton.
- Click the Open button to establish a connection. You will be prompted to enter your login name and password.
The combination of commands shown below will create a
.sshdirectory in your home directory on your kloud51, create a blank
authorized_keysfile inside, and set the access permissions. Enter the following commands at the prompt and press Enter:
mkdir ~/.ssh; touch ~/.ssh/authorized_keys; chmod 700 ~/.ssh
Edit the newly-created file by using a text editor such as nano:
- Copy the contents of the public key from your workstation to the
authorized_keysfile. Be sure you save the file on exit. Exit PuTTY.
- Reconnect to PuTTY and Load your saved session. (Or, follow Steps 3 and 4 again to start a new SSH session.) You will be prompted to enter your login name as before. However, this time you will be prompted for your SSH key’s passphrase, rather then your kloud51 user’s password. Enter your passphrase and press Enter.
You should now be connected to your kloud51 using the SSH key.
This guide is published under a CC BY-ND 3.0 license.
Was this answer helpful?
PuTTY is a free, open source SSH client for Windows and UNIX systems. It provides easy...
Using SSHFS on Linux and MacOS X
SSHFS allows users to securely access remote filesystems over the SSH protocol. This guide will...
Mosh is a free replacement for SSH that allows roaming and supports intermittent connectivity....
Setting up an SSH Tunnel with Your Linode for Safe Browsing
Often you may need to browse the web from a public Wi-Fi access point, such as a coffee shop or...
Using GNU Screen to Manage Persistent Terminal Sessions
GNU Screen is a tool which works with a terminal session to allow users to resume a session after...