Usually when you create a VPS you will receive a password for a ‘root’ user, the most powerful user on the Linux platform.
You will use this account to connect to the server over the SSH protocol.
This method is not very secure. Hackers can use BruteForce attack to detect your password.
So you should switch to using SSH Key to connect to VPS.
In this article, I will guide you step by step to connect SSH using SSH key.
Contents
How SSH Keys Work
This connection is based on a key pair: public key and private key.
The public key you put on the server. The private key you use when connecting from the client to the server.
The connection is successful only if the private key matches the public key.
That’s the basic way it works. You can think of a public key as a lock. Private is the key.
The key matches the lock which means you can connect to the server.
The actual components of the SSH key include:
- Public key : you will copy this string to the file ~/.ssh/authorized_keys on the server you rent
- Private Key : you will save the file containing the private key to your local computer. Then you configure MobaXTerm to connect as instructed below
- Keyphare : Password to open private, every time you log in to the server, it will ask for this.
How to generate SSH key
Here I only guide with Windows. If your computer uses a different operating system, Google adds.
First you need to download the PuTTY-Gen tool .
After running the exe file, you will see the following window:
Click the Generate button to start generating the key pair.
Remember when the program is generating the key, you need to drag the mouse around the screen until it successfully generates the key.
Once created, you will see the following screen:
Now you will fill in the keyphrase:
Next, click on the Save private key button . Choose a safe place to save the file containing the private key.
Public key you do not need to save anything. You can use the load function to load the saved private key file. From there you can retrieve the public key.
How to put the public key on the server
First you use MobaXTerm to connect to the server (using the root account). If you have created another user then login with the user you need to connect via SSH Key.
Next, you run the group of commands below.
First, you create a .ssh directory in the current user’s home directory
|
1
|
mkdir ~/.ssh
|
Open the authorized_keys file using the nano editor. If you don’t have this file, nano will create a new file and open it for you to edit
|
1
|
nano ~/.ssh/authorized_keys
|
Copy and paste the public key. Click Ctrl+O and then Enter to save. Click Ctrl+X to exit nano
Run the following command to limit file permissions:
|
1
|
chmod 600 ~/.ssh/authorized_keys
|
Note : For SSH Key connection to work, SELinux needs to be disabled. You check if your server is turned off by opening the file /etc/selinux/config , if SELINUX is turned off, there will be a line SELINUX=disabled. If not, change that and then type reboot to restart the server.
Ok. We are done putting the public key on the server.
Still in MobaXterm, you modify the session you use to connect to the server. In the Advanced SSH Settings section, select Use private key and then browse to the private key file you saved. When done, click OK.
Now try opening a new connection tab. It will ask what the keyphrase is if you set the keyphrase. You paste the keyphrase you set up above.
If everything works, you should have successfully connected to the server.
Turn off the connection using a password.
After connecting with SSH Key successfully, you need to turn off the password authentication connection.
Connect to the server using SSH Key. Then open the file / etc/ssh/sshd_config .
Change the PasswordAuthentication line from yes to no.
Change the UsePAM line from yes to no.
After changing, run the command service sshd restart to update the new configuration
With this article you already know how to connect SSH using SSH Key.
Remember to do this step after creating the VPS.
