Generating SSH keys for server connections

Generating SSH keys for server connections

Ashlee Muscroft

You should be using ssh for your standard web server connections. There are some added benefits in terms of security and keeping your password safe on your local machine only. I will quickly walk you through using ssh to connect to your hosting environment. I am using mac osx terminal, but the step should be the same on a linux terminal. First open up your terminal, ⌘ + space for mac os x spotlight search and begin typing in terminal. This should be in the Top Hits section so simply hit return to launch. Alternatively in finder navigating to Applications ⇢ Utilities ⇢ Terminal.

Quickly jump to the Application folder with ⌘ + ⌃ + A from any finder window.

Once the terminal is open, check for the existence of the .ssh directory by typing

ls ~/.ssh/

If the directory exist you will be shown all your current private and public keys and possibly a known_hosts file and authorized_keys files. If the terminal returns No such file or directory, we simply must create one by typing.

mkdir ~/.ssh

~/ is a shortcode for your default home directory, normally /Users/yourlocalusername/ . mkdir is the unix command for creating a directory. Next up by typing a few commands into the terminal, we will generate a new rsa key pair, copy the public key to the clipboard and add the key to make it active without needing to explicitly enter a password to use the key.

Generating the key

You can create a key pair by simply typing

ssh -keygen -t rsa

Or

ssh -keygen -t rsa -C “username”

-C is for comment, but in this case it is used to indicate the specified username for the server you are connecting to. By default the ssh -keygen generates a key for your local machine ‘localusername@localmachinename‘ ,which when you are connecting to a 3rd party server this will typically be a unique username.

The terminal will prompt you where you would like to save the key pairs by displaying the following: Enterfileinwhichtosavethekey(/User/localusername/.ssh/id_rsa):

This is where we can now specify the name of are private and public keys. However it is important to note that we must type the full path location where we will be storing these keys. When we created the .ssh directory we used the ~/ shortcode for our home directory. When we are creating the new key pairs we must type the full path.

/User/localusername/.ssh/newkey

You are free to name the keys to anything you like, the ssh -keygen will create two files, newkey and newkey.pub the .pub indicating public and is the version of the key you will copy and place onto various servers. Typically I opt to name my keys by the service they will be used for ‘_’ encryption protocol. For example github_rsa if I were to create a new RSA encrypted ssh key pair for use on github.com.

Next you will then be prompted to enter a password, further securing your ssh key. Enter and confirm your password and your key will be generated.

If you’re stuck thinking of a new password, we can use apple’s keychain access to generate one for us. Using spotlight search ⌘ + space again, type in keychain access again being the ‘Top Hit’ press enter or navigate back to Finder ⇢ Applications ⇢ Utilities ⇢ Keychain Access.

Then in the menu bar select File, New Password item or ⌘ + N once the new password item opens up click on the Key icon. A new Password Assistant window will open up with a generated suggestion.

password

 

By default the password type is ‘Memorable’ but there are several other options and you can even adjust the length of the password if desired. Simply copy the suggested password to paste into the terminal screen and hit return, paste and hit return again for the confirm password prompt.

The password input prompt does not update with your input entry, giving you no visual indication that anything has been entered. It is quite easy to make a simple mistake here that is why so it is much easier to paste your desired password into both prompts.

Now that we have the key generated we can view what the keys look like by entering

cat ~/.ssh/keyname_rsa

and

cat ~/.ssh/keyname_rsa.pub

Viewing the private key you will be required to enter the password you specified during the ssh key creation. Copy the results of the cat ~/.ssh/keyname_rsa.pub or type the following command (mac OS X) to add directly to your clipboard for pasting later.

pbcoby < ~/.ssh/keyname_rsa.pub

Next you will simply need to add your public key to the server. Luckly SSH access is very common and many web hosts and cloud platforms provide a ‘add ssh key’ option within their user accounts setting. Check with your provider on how to add your public key to their platform.

 

Image credit: http://en.wikipedia.org/wiki/Tortoise#/media/File:A._gigantea_Aldabra_Giant_Tortoise.jpg (unaltered) under CC BY SA 3.

Ashlee Muscroft

Author Ashlee Muscroft

More posts by Ashlee Muscroft