Ssh key integration for your server


#1

This was made by @JMSolo

##Generate keys

###Linux (on your server)

Use the ssh-keygen utility to create your key. For a 2048 bit RSA key do:
ssh-keygen -t rsa

For increased security you can make an even larger key with the -b option.
For example, for 4096 bits do:
ssh-keygen -t rsa -b 4096

We recommend using RSA over DSA because DSA keys are required to be only 1024 bits.

  • When prompted, you can press Enter to use the default location ~/.ssh/id_rsa if you don’t already have a key installed, or specify a custom location if you are creating a second key (or just want to for whatever reason).

  • Enter a passphrase at the prompt. This is just a password used to unlock your key. If someone else gets a copy of your private key they will be able to log in as you on any account that uses that key, unless you specify a passphrase. If you specify a passphrase they would need to know both your private key and your passphrase to log in as you. Be advised however that this is purely optional.

  • After you re-enter your passphrase (or just hit ENTER to leave blank with not password), ssh-keygen may print a little picture representing your key ((you don’t need to worry about this now, but it is meant as an easily recognizable fingerprint of your key, so you could know if it is changed without your knowledge - but it doesn’t seem to be widely used)) then exit.

  • Your private key should now be in the location you specified, and your public key will be at that same location but with ‘.pub’ tacked onto the filename.

It is good practice to remove both of these from the server and place them in a secure location on your computer.

You may later convert these if needed inside an application such as PuTTYgen to an acceptable PuTTY (.ppk) format.

###Windows
In Windows, use PuTTYgen to generate your public and private keys.

  1. If needed, download PuTTYgen from the PuTTY download page. (PuTTYgen might have been installed previously with PuTTY or WinSCP.)

  2. Launch the program, and then click the Generate button. The program generates the keys for you.

  3. Enter a unique key passphrase in the Key passphrase and Confirm passphrase fields.

  4. Save the public and private keys by clicking the Save public key and Save private key buttons.

  5. From the Public key for pasting into OpenSSH authorized_keys file field at the top of the window, copy all the text (starting with ssh-rsa) to your clipboard by pressing Ctrl-C. You need this key available on your clipboard to paste either into the public key tool in the Control Panel or directly into the authorized keys on your server.

###Assign your SSH Key to an existing server

To make use of your newly generated RSA key pair, you must tell PuTTY to use it when connecting to your server.

First, be sure to create the needed ~/.ssh directory if it doesn’t already exist. YOu can do this by typing the following:

mkdir -p /root/.ssh && chmod 700 /root/.ssh && cd ~/.ssh

Next, follow the directions below to continue:

  1. To edit the file (or create it), run the following command on the server:
nano ~/.ssh/authorized_keys
  1. Paste the text onto its own line in the file.

    You must have the key available in your clipboard to paste it. The key and its associated text (the ssh-rsa identified at the start and the comment at the end) must be on one line in the file. If the text is word-wrapped onto multiple lines an error might occur when connecting.

  2. If you created the authorized_keys file, change its permissions after you’re done editing it by running the following command:

 chmod 600 ~/.ssh/authorized_keys
  1. Open PuTTY, and go to the SSH > Auth section.

  2. Browse to the location of the key file, and load the private key.

  3. Go to the Session page, and save the session. This saves the configuration so that PuTTY uses the key every time that you connect to your server.

After you save your session, your key is loaded automatically when you connect to your server.


How to login with the accout root directly after run your script
SSH Authorized Keys (probably permissions)
Google Two Factor Authentication - SSH
Public ssh key authentication ? How?