Building Professional Web Hosting Solution
<< Linux Basic Setup and Configuration Course
>> Configuring SSH-Key Based Authentication Section
- Understanding SSH-Keys Based Authentication
- Creating SSH-Keys using Putty Keys Generator
- Creating Public VPS Droplet using DigitalOcean
- Managing Linux VPS Instance via Putty SSH Client
- Managing Linux VPS Instance via WinSCP Client
- Creating SSH-Keys using Terminal Keys Generator
- Switching SSH Password to SSH-Keys Authentication
- Uploading Admins and Friends SSH-Keys to VPS
- Uploading SSH Public Keys using VPS Panel
- SSH Hopping using SSH Agent Forwarding
- Deploying Public VPS instance using Vultr Provider
- Securing and Hardening SSH Server Configuration
- SSH Server and Client Most Known Error Messages
Creating SSH-Keys using Terminal Keys Generator is highly recommended before deploying your VPS instance, hence, SSH-Keys Authentication will be used instead of Password Authentication. SSH-Keys are part of the OpenSSH package which provides secure and encrypted communication between SSH Client (Admin Station) and the OpenSSH Server (VPS). SSH-Keys make it possible to have Multifactor Authentication mechanism between your Admin Station and your VPS.
Objectives:
Creating SSH-Keys using Linux Terminal
Prerequisites:
A. Basic Debian or Red Hat Linux Knowledge
B. Login to your DigitalOcean or Vultr Account
Recommendations:
For better performance, use VPS with at least 2 CPUs, 4G Memory, 1G Bandwidth, and SSD Storage drive.
Creating SSH-Keys using Linux Terminal
At your Linux or UNIX station, run the following steps to generate SSH-Keys Pair.
Run the following steps ( 1 to 5)
1. Create SSH Directory
mkdir -p /root/.ssh/
2. Generate SSH Keys
ssh-keygen -t rsa -b 2048 -C "RSA-2048-by-YourName-email@yourdomain.com-Client14"
As you probably guessed, -t switch used to choose rsa encryption (RSA is an Encryption Standard), -b switch used to pick Key Length 2048, -C switch used to insert comment such “RSA-2048-by-YourName-email@yourdomain.com-Client14” or something like “RSA-2048-Vultr-Apache-Debian7-VPS” be informative as possible. Besides, the Private and Public Keys should be saved under /root/.ssh/ directory.
“Passphrase” protects your Private Key in case someone access it without your permission.
TIP: Passphrase can be easy to remember and very strong to break, pick Few Words and Numbers as sentence to remember it. E.g. “I was born in Europe 1985, but I was raised in NY, USA since 90’s.” your Passphrase would be as follows Iwbie1biwrinus9 – it starts with capital ” I “. It would take a desktop PC approximately 8,707,845,285 years and 28 days to Brute Force and Crack this Passphrase! Notice, that I picked the first alphabet and the first digit to build the passphrase, besides, you can write these sentences safely on your personal notebook.
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):> Leave it as is - Press Enter
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
bb:f6:fc:01:cf:af:12:dc:0c:1b:28:e6:e0:37:05:cb RSA-2048-DigitalOcean-Apache-Debian7-Droplet
The key's randomart image is:
+--[ RSA 2048]----+
| |
| . |
| . o . |
| . E o o |
| . + oS..* |
| . + .++o |
| . .. .+ |
| .o. o |
| ...ooo.. |
+-----------------+
3. List SSH-Keys
ls -lah /root/.ssh/
You should be able to list the Private and Public Keys as shown below:
[root@node ~]# ls -lah /root/.ssh/ total 16K drwxr-xr-x 2 root root 4.0K May 15 15:35 . drwx------ 5 root root 4.0K May 15 15:31 .. -rw------- 1 root root 1.8K May 15 15:35 id_rsa -rw-r--r-- 1 root root 403 May 15 15:35 id_rsa.pub
For security reasons, the private key Must be readable and writable only by root, and the public key can be readable by others.
4. View the Public Key
cat /root/.ssh/id_rsa.pub
You should be able to see a Public Key String similar to the following:
Example of Public Key String
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtPn5Q0Iu1YggYYySnSA3mEh440jgj1zNo5Gy6p4Puj8xakBz2qJHM0nMPpL/ZMXWb0h7EvrnZ2aJSmQKJYX2IzNW0L8gScXdbUndxwFiWfsOGpFukhn2E3dBM+E4sCwK0uqBhf6FIyVmq9LSvNW1de0ZqfAzD8NbcxGmRgAFIIl0Rjrdotj9IFTBrKGnT6SwDquRfD6HwcodvpNNpFxPPrhDNBJmhhTs/0f6SDluJmMQoHmRAm3Cq2/+cb14Z+cd3hnmIltRHvKjRbEWVJDmFn4eIwbcW0r2/thG3TghHhxyAZ9xk+2FE5IHSej5xcU2VT+Fwr62asvDZAJa7yTav RSA-2048-DigitalOcean-Apache-Debian7-Droplet
5. View the Private Key
cat /root/.ssh/id_rsa
You should be able to see a Private Key similar to the following:
Example of Private Key String
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,6783FEF8CB4A9CBD8574C63B80FFA9EE ZAoBmMIUi83mGa5DzIqczlIpnC4LWGyYlHHrw5zSvxiSjmHQ3p1dIudTM+BBEy1E KiYwr1WTwj60EmssylZbdMH7NEdxu4w57/mxrIptvYhVbAJd0KNqAbz2Ete7hysu o2Nz+ztm+9JyDRCYdLPAFYHXbdhcJs+qJskrxR69xmY9K+phFNx0Ae1HDptq8w/P LZrcTaofwmuBCwsCzYkg9fuRlwKTsqEbPHwsd+kP+5hO/VrSSwhFaHWpWmVeeR6r wrpmZHstxGQnAnTihKcTvvgV7v7t68OaWCgKHGu+vwArKqLmtSNetGDuLLmwFWJI qfre+Z6te+yktY69p/2blqah9JmoaJbBPgLegclIXu7sUKgSoPlKyY8yFDkYl6Pm ELBAjgKtHK8GBL+/oJ+kZqgl63JxqYxCdYL5DQIYMyJZIHle5tvOCRxmJNzpYaeO udFnClxpdJBZVa5ekGMSTNJLRukdM65wGHfwKiGImaYLmMq1plAGYi5wSWSHPYzO 21rnWP5HjuwJEQe7xEttrjqiHBUsIy0HN4N68yNpJyse3CiCW8aUUDJHM7yWPHFi [...] -----END RSA PRIVATE KEY-----
Note: Never copy a Private key out of your station, send it as attachment, or move it to different station. Only Public Key is needed to be outside of your station. If you want to access your VPS from different Admin station, create another SSH-keys on that station and upload the Public key part to the Server. Public key can be used across unlimited number of VPS instances, and any VPS can hold multiple Public Keys form different IT professionals.
Subject Related
By Wikipedia SSH | About SSH | Debian HowTo SSH-Keys | CentOS HowTo SSH-Keys | IBM SSH Key management Part1 and Part2
Building Professional Web Hosting Solution
<< Linux Basic Setup and Configuration Course
>> Configuring SSH-Key Based Authentication Section
- Understanding SSH-Keys Based Authentication
- Creating SSH-Keys using Putty Keys Generator
- Creating Public VPS Droplet using DigitalOcean
- Managing Linux VPS Instance via Putty SSH Client
- Managing Linux VPS Instance via WinSCP Client
- Creating SSH-Keys using Terminal Keys Generator
- Switching SSH Password to SSH-Keys Authentication
- Uploading Admins and Friends SSH-Keys to VPS
- Uploading SSH Public Keys using VPS Panel
- SSH Hopping using SSH Agent Forwarding
- Deploying Public VPS instance using Vultr Provider
- Securing and Hardening SSH Server Configuration
- SSH Server and Client Most Known Error Messages
LEAVE A COMMENT