Creating an SSH key pair
In order to make your Linux system more secure, you can add an SSH key pairs. A pair consists of a private and a public key. As the names suggest, the public key is shareable and your private key should be kept private. In this tutorial, we will explain how to create a public and private key pair, how to install the key on your server, and how to use the key as a form of two-factor authentication.
Before you start make sure you have PuTTY installed on the system that you want to use to login securely. When PuTTY is installed you can use PuTTYGen to create a key pair. Follow these steps:
- Press the button and move your mouse to create a pair.
- At field enter a secure password. and
- Save both the . and the
Note that a passphrase is not necessary when creating a key pair. The upside of using a passphrase is that no one can open or use your private key without the passphrase. By default, an RSA-key will be generated with 2048 bits. This can be adjusted at ‘Parameters’. You could consider this a two-factor authentication.
Once you have saved the key you can paste the public key shown in PuTTYGen in this file:
[root@worldstream ~#] ~/.ssh/authorized_keys
Pasting the file there would authenticate the root user as you are logged in as root. If this folder does not exist, create it as explained below at the command that starts with touch.
However, if you want to authenticate another user please follow the below steps. In this example, the user is called simply user. Change this to your situation. If you have not created a user, you can follow this tutorial.
[root@worldstream ~#]su username
[username@worldstream ~#]cd /home/username
[username@worldstream ~#]mkdir .ssh
[username@worldstream ~#]chmod 700 .ssh
[username@worldstream ~#]cd .ssh
The steps above will log you in as user and create the . we will create the file folder in the respective home folder of your user. Then it will assign the correct rights to the folder. In
[username@worldstream ~#]touch ~/.ssh/authorized_keys
[username@worldstream ~#]chmod 644 ~/.ssh/authorized_keys
Now you have added the key. If you ever create an additional SSH keypair, you can simply paste the new public key in . This can be helpful if you want multiple people have access to the same account. A best practice would be to have one authorized key for every user on your system.
Once you have authenticated your created SSH key, you are still able to login as root with a password. We will disable this method. To exclusively login with your private key to your server you will have to make a few changes to .
Once you have opened the SSH config file take a look at the following lines:
Set PermitRootLogin to no if you have a sudo user. If you want to login as a root user with your SSH key set PasswordAuthentication to no. To save these changes restart the service with . We would recommend to consider changing your SSH port as well. You can read more about this option or here.
Before you logout of your session, create an alternative session and try to login with your newly created key pair. If this works exactly how you want it to, you can safely close the session. You have now successfully created a key pair.
If you have any questions or comments about creating a SSH key pair feel free to email us here.