Creating SSH Keys
SSH keys provide a secure method of authentication and removes the need to transmit or store passwords for access to a server shell. All Advomatic servers require SSH keys for authentication. While using SSH keys is often a new way of working for many clients, they usually find that the many benefits they provide outweigh the potential initial hassle of setup and orientation. We hope you will find this to be the case as well!
This section describes how to generate ssh keys on either Mac OSX/Linux or Windows.
Please email any questions regarding the instructions below to email@example.com.
** Please remember that your private key must be kept secure. Never email it. If you need to move it between computers, use a USB drive or similar removable storage media, do not transmit it over a network.
- Creating A Key
To create the most simple key, with the default encryption, open up a console, and enter the following command :
$ ssh-keygen -t rsa
It will output the following (the "key fingerprint" will be different):
Generating public/private rsa1 key pair.
Enter file in which to save the key (/home/(youruserdir)/.ssh/id_rsa):
Enter passphrase :
Enter same passphrase again:
Your identification has been saved in /home/(youruserdir)/.ssh/id_rsa.
Your public key has been saved in /home/(youruserdir)/.ssh/id_rsa.pub.
The key fingerprint is:
At the "Enter file in which to save the key" prompt, just hit enter to store the keys in the default location indicated.
At the "passphrase" prompts, enter a secure password you can remember. Enter the same password both times.
- In the .ssh directory, located in your home directory, there will be two files that were generated: your public key and your private key, collectively referred to as your 'key-pair'. They will be named id_rsa and id_rsa.pub unless you changed the location to save them when prompted. The one with the .pub extension is your public key. The public key can be transmitted over insecure channels, such as email and instant messenger, and can even be posted in public places like a website safely. Your private key should never be transmitted over a network, or allowed to be downloaded and distributed in any way. If someone gets your private key and cracks your password, they will have access to every system your public key is installed on.
- Go to Loading The Key Onto The Server
Windows has no native console, so we use a pair of programs called Putty, and Puttygen to generate the ssh keys and connect to the server using the keys and SSH.
- Download Putty and Puttygen here.
They are standalone applications and no installation is required.
- Launch Puttygen
- Select SSH2 for type, and remove any value in the bit length field.
- Click Generate and follow the instructions. The key information is displayed in the upper section of the dialog box.
- Select all the text in the "Public key for pasting into authorized_keys file" section and copy by pressing Ctrl-C. Paste this public key into an email and send that email to firstname.lastname@example.org You may also want to save it to a text file on your computer where you can retrieve it later as it is your public key, and may be shared freely.
- Type a passphrase in the Key passphrase and Confirm passphrase edit boxes.
- Click Save private key. Save the Putty private key file into a directory private to your Windows login (in the Documents and Settings/(userid)/My Documents subtree in Windows 2000/XP) where you will be able to remember and find it later.
You can send an email to email@example.com with the public half of the key attached. The most reliable way to transfer an SSH key is to send it as a file attachment in your email program. To easily copy it to your home directory, issue the following command in a terminal:
cp ~/.ssh/id_rsa.pub ~/
We will install the public key on the server you require access to.
The location of your public key for different operating systems:
Windows 2000, XP and 2003: \Documents and Settings\MyUserName\MyLabel_private_SSH2_RSA.ppk
Windows Vista and 7: \Users\MyUserName\MyLabel_private_SSH2_RSA.ppk
Mac OSX: /Users/MyUserName/.ssh/id_rsa.pub
Linux and Mac users: As any file that begins with a "." is a hidden file, use the location bar to select the id_rsa.pub file.
When logging in over ssh or sftp you will be prompted for a password, use the one you provided when you generated your keys. Essentially, you have locked your private key with a password, and have to unlock it in order to use it to login.
Connecting to the server with your SSH key and Putty
Remember you will need to either load the key yourself or wait for the system administrator to add your key before you can connect.
- Invoke putty.exe
- Click "Session" in the sidebar.
- Enter ip address or hostname of your server (e.g., 192.168.1.2)
- Click "SSH" in the Protocol option
- Choose "SSH" under "Connection" in the sidebar
- In "Preferred SSH protocol version", select "2 only"
- Click "Auth" under "SSH"
- Click the Browse button, select the private key file you saved in Step 7, likely named "id_rsa.ppk".
- Click "Session" again, like in step 9
- Enter a name (e.g. "toylet.session") in the textbox directly under "Saved Sessions".
- Hit the "Save" button. The name "toylet.session" would appear in the listbox of "Saved Sessions".
- Double-click "toylet.session". Now you would be presented with a login screen for OpenSSH.
- Enter the linux user name for the server, generally the shortname we have given the client.
- Enter the passphrase for your private key that you specified in step 6. You should get:
Login as: (username provided)
Authenticating with public key "imported-openssh-key"
Passphrase for key "imported-openssh-key":
Last login: Wed May 31 12:35:00 2006 from 192.168.1.10
- You have successfully logged into your Linux server via OpenSSH.
- Type "exit" and hit enter to logout. You now at least know the keys are working, so connection problems with other clients is likely a configuration or setting on the client as opposed to a problem with the key.
images used from http://www.linux-sxs.org/networking/openssh.putty.html