How to generate an SSH key to access the server

Working with remote servers requires a stable Internet connection and a high level of security. Traditional passwords are gradually giving way to a more reliable authorization method — SSH keys. 

In this article we will look in detail at how to create an encrypted connection to access the system and why this method is considered the gold standard in administration.

Why SSH keys are more secure than regular passwords

The main problem with any password is that it can be intercepted or brute-forced. SSH keys work differently: they are a pair of long sequences of characters. In this case, the public key is stored on the server, and the private key is located locally with you. 

It is almost impossible to hack such a connection, since it is based on complex mathematical algorithms. In addition, using keys eliminates the need to manually enter complex passwords each time, which greatly speeds up your workflow.

SSH keygen on Linux and macOS

For owners of Unix-based systems, the generation process is as simple as possible, since all the necessary tools are already built into the system. You don’t need to install any additional software.

First, open a terminal and enter the command:

ssh-keygen -t rsa

After pressing the key Enter the system will prompt you to select a path to save the file. If you do not have specific tasks, it is better to leave everything by default (usually the ~/.ssh/id_rsa folder) by simply clicking again Enter.

Then the program will prompt you to set a passphrase — this is a kind of “password for the key”. If you want maximum protection, enter a passphrase. However, you can skip this step by pressing Enter twice if you prefer automatic login without any additional prompts.

When the process is complete, a graphical image (randomart) will appear on the screen and information about where your keys are saved. Your public key is in a file with a .pub extension. To see its contents and copy it, run the command:

cat ~/.ssh/id_rsa.pub

The resulting string must be copied in its entirety and pasted into the control panel of your server. After the key is added to the settings, you can connect to the server with the command ssh root@[server_ip-address], and the system will recognize you automatically.

Instructions for Windows users

In Windows OS the situation is a little different. Although modern versions of the system already support OpenSSH in the console, many professionals still prefer the time-tested program — PuTTY. To generate keys, we need a helper utility from this package called PuTTYgen.

After launching the program, make sure that the RSA key type is selected at the bottom of the window and the length is set to 2048 bits. Click the Generate button.

This is where the fun begins: to create a truly random and unique key, the program will ask you to randomly move your mouse cursor around an empty area of ​​the window. These movements are used as a source of random data for the encryption algorithm.

After generation is complete, be sure to do the following:

1. Click Save public key and save the public key.
2. Click Save private key to save the private key (.ppk file). Take care of it: if this file gets into the hands of third parties, they will be able to gain access to your server.
3. Copy the text from the top field of the PuTTYgen window — this is exactly the code you need to add to your server settings.

What’s the result?

Setting up access using SSH keys is a case where security goes hand in hand with convenience. By spending just a couple of minutes to generate a key once, you protect your data from most automated attacks and save yourself the hassle of entering passwords.

No matter what operating system you use, the principle remains the same: your private key should be kept secret, and your public key should help the server recognize “its” user.

CONTENT:

Similar

All news