Setup SSH Keys for remote access

SSH keys are a more secured way to connect to your servers / VPS, compared to simple password authentication. Once you’ve setup a SSH key pair they can be deployed on all your servers in order to allow secured access. To add an additional layer of protection you can also password protect your SSH keys.

Creating SSH keys

There are few options and tools to generate SSH keys, but for windows based systems the PuTTYgen is the way to go.

putty-key-generator

I use SSH-2 RSA and 2048 bits for generated key (increasing the bits makes it harder to crack the key by brute-force methods).

After generating the keys you should store them in a safe place (specially the private one). If you lose your keys and have disabled username/password logins, you will no longer be able log in!)

NOTE: PuTTY and OpenSSH use different formats for public SSH keys. If the SSH Key you copied starts with “—- BEGIN SSH2 PUBLIC KEY …”, it is in the wrong format. Be sure to follow the instructions carefully. Your key should start with “ssh-rsa AAAA ….”

Deploy the Public Key on your Server

You need to upload the public key in the file ~/.ssh/authorized_keys on your server.

1. Log in to your destination server using puTTY.

2. If your SSH folder does not yet exist, create it manually:

3. Paste/insert the content of the public key in autorized_keys file.

Create the Putty Profile

1. Open putty.exe and specify the hostname (FQD name or IP), select connection type to SSH.

2. Navigate to Connection -> Data -> Login details -> Autologin username -> specify the username for the account you want to login.

3.Navigate to Connection -> SSH -> Auth -> Browse -> private key file saved from PuttyGen.

putty-settings

4. Go to Session and hit Save button to keep the settings.

5. Enjoy

Disable Password Login

You can go further and add the extra security that SSH keys offer by disabling password login to your server. Before you do this it is essential you keep your SSH key files in a safe place and take a backup… in another safe place.

When password login is disabled you won’t be able to login without these keys.

On debian/Ubuntu systems the SSH password authentication can be disabled by editing /etc/ssh/sshd_config.

Please don’t forget to restart your SSH daemon service:

Now your servers should be secured with SSH keys.

If you’re on linux as a client, things are much easier:

The public key can now be traced to the link ~/.ssh/id_rsa.pub

Now it’s time to place the public key on the server that we intend to use:

While a password stands the risk of being finally cracked, SSH keys are rather impossible to decipher using brute force.