Announcement

Collapse
No announcement yet.

[How-To] Setup SSH Key

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • [How-To] Setup SSH Key

    Here we will show to create and configure a SSH Key for more security and easy access to the server.

    For this we will use Puttygen, you can download it here: https://www.chiark.greenend.org.uk/~...ty/latest.html look for puttygen.exe and download the 32 or 64 bit version depending on your OS

    1. Open Puttygen and press Generate:






    2. Move the mouse inside the box until the green bar fills up:





    3. Give the Key a description/comment and password (Optional but recommended)





    4. Save the Public and Private key file somewhere you do not lose it.





    I also like to save the Public key that you see in the box to a separated file as it makes it easier in future to copy paste it on the servers where you want to use the key.
    (if you also do this make sure all the text you have in the box above (where it starts with "ssh-rsa AAAAB3") is pasted in 1 line only.)

    Now we have it all generated. We need to configure the Client and Server to use it.

    5a. Configure the Private Key on Putty:

    For this we need to open Putty load the SSH Session that you use and go to Connection -> SSH -> Auth





    There click on browse and open the .ppk file (private key) and then go back to Session tab and press save.





    5b. Using pageant (pageant is a small program that can store all SSH Keys that you use and automatically applys it to the connections). You can download it on the same page where you got the puttygen above. To use it just open the .exe, press Add Key and open your .ppk





    As you can see here in the Example on top is the key I did generate here and also my other keys that I use in my day to day work.

    6. Now we need to configure the SSH Key login on the Server. For that we need to connect to the Server normally using the password.

    7. Make the .ssh folder

    Code:
    mkdir ~/.ssh/
    8. Create the File that will save the public key and place inside the Public Key (each Public Key will be placed in one line only)

    Code:
    nano ~/.ssh/authorized_keys




    Save it.

    9. Now try to open a 2nd Session on the Server it should now login with no password required if you using pageant:

    Code:
    login as: root
    Authenticating with public key "CommunityGuideKey" from agent
    Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-042stab127.2 x86_64)
    
     * Documentation:  https://help.ubuntu.com
     * Management:     https://landscape.canonical.com
     * Support:        https://ubuntu.com/advantage
    Last login: Wed Mar 21 06:08:46 2018 from <removed>
    
    This server is powered by Plesk. Log in by browsing
    https://<removed>:8443/ or https://<removed>.serverprofi24.de:8443/
    
    You can log in as user 'root' or 'admin'. To log in as 'admin', use the 'plesk login' command.
    Use the 'plesk' command to manage the server. Run 'plesk help' for more info.
    
    root@<removed>:~#
    As you can see it did use the key stored in the pageant "Authenticating with public key "CommunityGuideKey" from agent"

    If you using just putty then it will ask you for the SSH Key Password:

    Code:
    login as: root
    Authenticating with public key "CommunityGuideKey"
    Passphrase for key "CommunityGuideKey":
    Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-042stab127.2 x86_64)
    
     * Documentation:  https://help.ubuntu.com
     * Management:     https://landscape.canonical.com
     * Support:        https://ubuntu.com/advantage
    Last login: Wed Mar 21 06:17:51 2018 from <removed>
    
    This server is powered by Plesk. Log in by browsing
    https://<removed>:8443/ or https://<removed>.serverprofi24.de:8443/
    
    You can log in as user 'root' or 'admin'. To log in as 'admin', use the 'plesk login' command.
    Use the 'plesk' command to manage the server. Run 'plesk help' for more info.
    
    root@<removed>:~#
    Here you can see that Putty does load the SSH Key: Authenticating with public key "CommunityGuideKey" and then asks for the Passphrasse: "Passphrase for key "CommunityGuideKey":"


    At this point the basic configuration is done. Now we can optionally for some more security disable the login with passwords.
    For this on the Server open the sshd_config to edit the Line that says: PasswordAuthentication

    Code:
    nano /etc/ssh/sshd_config

    The remove the # and change it to no
    Original should be:
    #PasswordAuthentication yes
    Change it to
    PasswordAuthentication no

    Save it and restart the SSHD Service

    Code:
    service sshd restart
    DO NOT CLOSE THIS SSH SESSION until you check all its working.

    Now try to login without the SSH Key, you should be rejected

    "Permission denied (publickey)."

    And then try with the SSH key it should work and allow the connection, if so now you can close any open session if you want.


    Please let me know if you have any Question, Issue or Suggestion.

    Best Regards,
    Martin

  • #2
    <Reserved for german Translation soon>

    Comment

    Working...
    X