Setting up SSH Keys can make connecting to your servers so much easier, they remove the need for remembering the server password and mean password login can be turned off entirely, enhancing your servers security. In this guide we'll show you how to use ssh-keygen to generate a new SSH key and add it to your server.
SSH Keys are a pair of files usually named by default as id_rsa
and id_rsa.pub
. The first one (id_rsa
) is the private key and one which should never be shared with anyone and will always live on your local machine. The second one (id_rsa.pub
) is the public key of the pair. This is the file that will be shared with servers and services to grant you access to them.
On it's own the public key is useless, so sharing it with 3rd party services such as ServerAuth is perfectly safe. Only when combined with the private key, which should never leave your local machine, can the public key be used to log in to anything.
Open your favourite terminal app and use the command below to generate a new key, remember to swap out your email address before hitting enter.
ssh-keygen -t rsa -b 4096 -C "mike@example.com"
This will start generate a new SSH key with your email as the label, when prompted to save the file, press enter to save it in the default location.
If you are on Mac this will be /Users/yourusername/.ssh/id_rsa
, or if you are on Linux this will be /home/yourusername/.ssh/id_rsa
.
You will then be prompted to enter a secure passphrase, if this machine is your personal computer and not shared with anyone, press enter and then again to confirm. This will create a SSH key without a passphrase.
For windows, we recommend using Git BASH which brings a lot of *nix type functionality to Windows.
Once installed, open Git Bash and type the following command, swapping out the email address for your own.
ssh-keygen -t rsa -b 4096 -C "mike@example.com"
When prompted, press enter to save the key in the default location which will be /c/Users/yourusername/.ssh/id_rsa
.
On the next prompt, press enter and then again to confirm. This will create a SSH key without a passphrase.
ssh-agent is a program that runs on your local machine in the background that is used to store keys and passphrases in memory and communicate with SSH clients using a Unix domain socket.
First we need to start the ssh-agent in the background. You can do that with the following command.
eval "$(ssh-agent -s)"
It should output something like Agent pid 32159
.
Next we need to add your newly generated SSH key to the agent, you can do that with the following command. If you changed where your SSH key was stored or the name you will need to modify the line below before running it. If you used the default options, simply copy the line below and run it in your terminal window.
ssh-add ~/.ssh/id_rsa
If you have downloaded and installed Git Bash as mentioned earlier, you can use the same command as Mac / Linux users to start the agent.
eval "$(ssh-agent -s)"
As with Mac / Linux, it should output something like Agent pid 32159
.
Once running, we need to add the SSH key to the agent. If you changed the default save location or default filename, you will need to modify the snippet below before running it.
ssh-add /c/Users/yourusername/.ssh/id_rsa
First you will need to log on to your server, remembering to add in the details for your server. Do this in a new, second terminal window.
ssh -p PORT youruser@hostname
Then navigate to ~/.ssh
, once there run.
ls
Depending on what your server is doing, you may already have some files within this folder. The one we are interested in however, is called authorized_keys
. The authorized_keys
file is used to hold all the SSH keys that have access to login to the server as the username you connected as. So when you try to connect without a password, SSH first checks this file against your local machine file to see if it contains your SSH Key, if not then it will either ask for a password or show permission denied if you have turned off password login.
If you already have an authorized_keys
file skip ahead to Updating Authorized_keys, otherwise follow the next few steps to create one.
First create the file using the touch command.
touch ~/.ssh/authorized_keys
We then need to make sure that file has the correct permissions set.
chmod 600 ~/.ssh/authorized_keys
All done!
First we need to copy your public key from your local machine. Go back to your first terminal window where we ran the ssh-keygen
and ssh-agent
commands and navigate to the folder where it stored your keys.
As default, /Users/yourusername/.ssh
on mac, /home/yourusername/.ssh
on linux or /c/Users/yourusername/.ssh
in Git Bash on Windows.
Next run the "cat" command, this will print the contents of the file we select to the terminal window.
cat ./id_rsa.pub
This should output something like this to your terminal screen
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwQgfXajx0XezIrX74LJJdzaPEGTO8iWv1loQboV3RaPGxHSbQeRGLsKiHUG46zrNIssq73eCqtzXh9OYBHB8308/QYlXpYBsbgW5q+U+dYL4eTJde5S3oDoKD09EgWJ/NY8vXoJ/iJAlSbvaTUr98xCRQ3F7BUDh9gr7DYpyWNXAjF+XJp4dETT02/y0o+cQ4vITGu0OljvwCIkDSFt+QNQn6Wggd+C1bbQRPY8N0DchzqhF3ixU+XF1Q3KKUC7QTldfnrlRCr6qDKI2eSfUL+iG2N0KuLTSLvCe+84XqM1I2IwfujQtUcAgxyWF2nRp0xYHiKty60nrI1dNbQl5/uEJUHpL5sCo8kcjMfMS0lhTDyoaNBKTt/j3zu+cBiXj2IZa7lBQuLuH+/oTiBtuJ7g+XO8E8zXQKXmbZiFiC/7TA5A4Z9SkB6lcZqGLF5xbnKFnHywUPN1mdrDL8XyDQrNBmdqyzuqVZieDkCyrVraT12ruWjgR8UB0jM+j6yLKqmN9uUzBIvhavlHpzw/YeJ4pZSqjuicWLPnK9BzKSAqx0WbtQa0aCY0O1f6PVeirW6JM9zUvV7H0Yy4QGRyllaahy7z7kD4kxXQX07K0ep2SbmzstpRizRp38dG71fvNpel8dFtKPxOaTy4bBAARUc6UcW1RtJPrHQnxWZmdigQ== mike@example.com
The email address at the end, should match the email address you entered in the first few steps of this guide.
Next you need to select the whole thing from ssh-rsa
through to your email address and then "right click and copy".
Switch to the second terminal window we opened to get back to your server, and open up the authorized_keys
file with the following command
nano ./authorized_keys
This will open up the file within the "nano" editor. Once opened, simply "right click and paste" to drop in the the public ssh key you just copied.
If you already had an authorized_keys
file, move the cursor to the end of the file before pasting in your public key.
Once your public key has been pasted into the file, save and exit with CTRL + x
, then Y
and ENTER
to confirm the save.
Kick the tires on our platform and sign up for free. Avoid having to login to all of your servers to add different SSH Keys, the ServerAuth platform and Open Source Agent can help you easily manage your team's server access from a central dashboard.
If we open up another new terminal window and attempt to connect to your server again
ssh -p PORT youruser@hostname
We should now get logged straight into the server without having to enter your password.
Now you've added your public SSH Key to your server, why not take a look at how to disable SSH password login to enhance your servers security.
ServerAuth provides a whole host of management tools, from controlling who can access your server, to managing your website deployments. And with an ever-growing suite of tools you'll always be one step ahead!
Start for free