SSH keys are by far the most secure way of logging into your cloud server via SSH. Passwords can be eventually cracked using brute-force attacks if they are too easy. If they are complex passwords, they become very hard to remember and writing them down defeats the purpose of a password.
SSH keys are nearly impossible to decipher using a brute force attack. If you generate an SSH key, you will get a pair of two very long string of characters: a public and private key.
Public keys are stored on the server that you’re trying to login to, the only possible tool which could unlock this public key is the private key which will be stored with you. SSH uses this to verify your identity by making sure that your private key can unlock the public key installed on the server.
Create the SSH key pairs
The first step is to generate the combination of the public and private key. This can easily be done by opening a terminal window on the machine you will be using to access the remote server (most likely your own workstation).
In this example, we will be using RSA keys. The default values should be the correct ones, so you can simply just press enter to accept the default values. However, you may choose to add a passphrase for additional protection.
The passphrase is a password which unlocks your private key, which means that in order for someone to gain access, they must have both the private key and your passphrase. You can opt to not using a passphrase if you do not want to type a password each time.
$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/Users/user/.ssh/id_rsa): test Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/user/.ssh/id_rsa. Your public key has been saved in /Users/user/.ssh/id_rsa.pub.
As you see by the results of the command, we now have an
id_rsa.pub file which contain your private and public key respectively. We can now distribute this public key to servers where we would like to use public key authentication.
Installing Public Key
The SSH software stack comes with a useful little program called
ssh-copy-id which facilitates the installation of SSH keys on your target server. All you have to do is run the following, replacing
host by the appropriate information for your remote host.
$ ssh-copy-id [email protected]
If your operating system does not have that command included, you can run the following command instead. If you get an error about your
.ssh folder not existing, you should login to your server and create that folder by running
$ cat /Users/user/.ssh/id_rsa.pub | ssh [email protected] "cat >> ~/.ssh/authorized_keys"
From now on, you can SSH to the server and you will note that your server will not ask for any passwords at all. The only thing it may ask for is your passphrase if you have configured one for your private key.
For our cloud compute customers, we offer the option of adding key pairs in our cloud system (you can upload your public key) and select the key pair when creating your server. It will automatically be added to your server, so that you can login to it right away with no passwords and there is no need to go through any of this process.