All Posts

How to Set Up SSH Keys

Learn how to set up SSH Keys on your local machine and add them to your server.

Jun 23rd, 2020 • 7 min read

Setting up SSH Keys can make connecting to your servers so much easier, they remove the need for remembering the server password and mean password login can be turned off entirely, enhancing your servers security. In this guide we'll show you how to use ssh-keygen to generate a new SSH key and add it to your server.

What are SSH Keys?

SSH Keys are a pair of files usually named by default as id_rsa and id_rsa.pub. The first one (id_rsa) is the private key and one which should never be shared with anyone and will always live on your local machine. The second one (id_rsa.pub) is the public key of the pair. This is the file that will be shared with servers and services to grant you access to them.

On it's own the public key is useless, so sharing it with 3rd party services such as ServerAuth is perfectly safe. Only when combined with the private key, which should never leave your local machine, can the public key be used to log in to anything.

Using ssh-keygen to generate a new key

On Mac / On Linux

Open your favourite terminal app and use the command below to generate a new key, remember to swap out your email address before hitting enter.

ssh-keygen -t rsa -b 4096 -C "mike@example.com"

This will start generate a new SSH key with your email as the label, when prompted to save the file, press enter to save it in the default location.

If you are on Mac this will be /Users/yourusername/.ssh/id_rsa, or if you are on Linux this will be /home/yourusername/.ssh/id_rsa.

You will then be prompted to enter a secure passphrase, if this machine is your personal computer and not shared with anyone, press enter and then again to confirm. This will create a SSH key without a passphrase.

On Windows

For windows, we recommend using Git BASH which brings a lot of *nix type functionality to Windows.

Once installed, open Git Bash and type the following command, swapping out the email address for your own.

ssh-keygen -t rsa -b 4096 -C "mike@example.com"

When prompted, press enter to save the key in the default location which will be /c/Users/yourusername/.ssh/id_rsa.

On the next prompt, press enter and then again to confirm. This will create a SSH key without a passphrase.

Adding your SSH key to the ssh-agent

ssh-agent is a program that runs on your local machine in the background that is used to store keys and passphrases in memory and communicate with SSH clients using a Unix domain socket.

On Mac / Linux

First we need to start the ssh-agent in the background. You can do that with the following command.

eval "$(ssh-agent -s)"

It should output something like Agent pid 32159.

Next we need to add your newly generated SSH key to the agent, you can do that with the following command. If you changed where your SSH key was stored or the name you will need to modify the line below before running it. If you used the default options, simply copy the line below and run it in your terminal window.

ssh-add ~/.ssh/id_rsa

On Windows

If you have downloaded and installed Git Bash as mentioned earlier, you can use the same command as Mac / Linux users to start the agent.

eval "$(ssh-agent -s)"

As with Mac / Linux, it should output something like Agent pid 32159.

Once running, we need to add the SSH key to the agent. If you changed the default save location or default filename, you will need to modify the snippet below before running it.

ssh-add /c/Users/yourusername/.ssh/id_rsa

Adding your public SSH Key to your server

First you will need to log on to your server, remembering to add in the details for your server. Do this in a new, second terminal window.

ssh -p PORT youruser@hostname

Then navigate to ~/.ssh, once there run.

ls

Depending on what your server is doing, you may already have some files within this folder. The one we are interested in however, is called authorized_keys. The authorized_keys file is used to hold all the SSH keys that have access to login to the server as the username you connected as. So when you try to connect without a password, SSH first checks this file against your local machine file to see if it contains your SSH Key, if not then it will either ask for a password or show permission denied if you have turned off password login.

If you already have an authorized_keys file skip ahead to Updating Authorized_keys, otherwise follow the next few steps to create one.

First create the file using the touch command.

touch ~/.ssh/authorized_keys

We then need to make sure that file has the correct permissions set.

chmod 600 ~/.ssh/authorized_keys

All done!

Updating Authorized_keys

First we need to copy your public key from your local machine. Go back to your first terminal window where we ran the ssh-keygen and ssh-agent commands and navigate to the folder where it stored your keys.

As default, /Users/yourusername/.ssh on mac, /home/yourusername/.ssh on linux or /c/Users/yourusername/.ssh in Git Bash on Windows.

Next run the "cat" command, this will print the contents of the file we select to the terminal window.

cat ./id_rsa.pub

This should output something like this to your terminal screen

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwQgfXajx0XezIrX74LJJdzaPEGTO8iWv1loQboV3RaPGxHSbQeRGLsKiHUG46zrNIssq73eCqtzXh9OYBHB8308/QYlXpYBsbgW5q+U+dYL4eTJde5S3oDoKD09EgWJ/NY8vXoJ/iJAlSbvaTUr98xCRQ3F7BUDh9gr7DYpyWNXAjF+XJp4dETT02/y0o+cQ4vITGu0OljvwCIkDSFt+QNQn6Wggd+C1bbQRPY8N0DchzqhF3ixU+XF1Q3KKUC7QTldfnrlRCr6qDKI2eSfUL+iG2N0KuLTSLvCe+84XqM1I2IwfujQtUcAgxyWF2nRp0xYHiKty60nrI1dNbQl5/uEJUHpL5sCo8kcjMfMS0lhTDyoaNBKTt/j3zu+cBiXj2IZa7lBQuLuH+/oTiBtuJ7g+XO8E8zXQKXmbZiFiC/7TA5A4Z9SkB6lcZqGLF5xbnKFnHywUPN1mdrDL8XyDQrNBmdqyzuqVZieDkCyrVraT12ruWjgR8UB0jM+j6yLKqmN9uUzBIvhavlHpzw/YeJ4pZSqjuicWLPnK9BzKSAqx0WbtQa0aCY0O1f6PVeirW6JM9zUvV7H0Yy4QGRyllaahy7z7kD4kxXQX07K0ep2SbmzstpRizRp38dG71fvNpel8dFtKPxOaTy4bBAARUc6UcW1RtJPrHQnxWZmdigQ== mike@example.com

The email address at the end, should match the email address you entered in the first few steps of this guide.

Next you need to select the whole thing from ssh-rsa through to your email address and then "right click and copy".

Switch to the second terminal window we opened to get back to your server, and open up the authorized_keys file with the following command

nano ./authorized_keys

This will open up the file within the "nano" editor. Once opened, simply "right click and paste" to drop in the the public ssh key you just copied.

If you already had an authorized_keys file, move the cursor to the end of the file before pasting in your public key.

Once your public key has been pasted into the file, save and exit with CTRL + x, then Y and ENTER to confirm the save.

Want an easier way to manage your authorized_keys?

Kick the tires on our platform and sign up for free. Avoid having to login to all of your servers to add different SSH Keys, the ServerAuth platform and Open Source Agent can help you easily manage your team's server access from a central dashboard.

Test your keys

If we open up another new terminal window and attempt to connect to your server again

ssh -p PORT youruser@hostname

We should now get logged straight into the server without having to enter your password.

Further Reading

Now you've added your public SSH Key to your server, why not take a look at how to disable SSH password login to enhance your servers security.



Ready to secure your servers?
Get started for free today.

Copyright © 2020 ServerAuth.com, All Rights Reserved. | Terms of Service | Privacy Policy