Introduction
In our experience, using SSH keys has been a big struggle for many of the users attempting to connect via the command-line interface. Interestingly, this method appears to be much preferred as opposed to the password authentication approach. It does not involve typing a password on your keyboard, making it less susceptible to a key-logger type of malware that aims to steal your password. In addition to that, the login process is completely automated. With this guide, we will try to acquire all our clients with the know-how to use SSH keys correctly, enabling them to feel more comfortable and secure when connecting to the server.
Brief information about SSH keys.
Before we dive into the explanation about connecting using SSH keys, let's go over what they are and how they work.
SSH keys consist of two parts - a private key and a public key, referred to as an SSH key-pair. Creating this pair happens simultaneously, and you can imagine them being a puzzle that matches perfectly together. The private key is a randomly generated string which the user must place on his local machine. The public key remains on the server, and the user will pair it with the private key on his device to connect. You can perceive the public key as a door lock opened by your private key ONLY. An additional layer of protection can add for your private key that serves as two-factor authentication - a passphrase. Note that you must enter it to log in when you establish a connection between your local computer and the server and create a passphrase.
How to create an SSH key-pair
As we offer our clients access to the world's most robust hosting control panel - cPanel, creating keys is as simple as clicking a few times. We created a tutorial that you can follow to make the keys here. Please proceed further with this tutorial, where we will explain what to do to connect!
Linux
If you are using Linux-based OS, you may be familiar with using SSH keys, but let's go over the process for those that don't.
After generating the SSH key-pair from the cPanel and you authorized your Public key - it is time to download the private key locally so you can use it to connect. You can click the button "Download Key" to download the file directly, or you could manually create the file on your Linux OS, copy the content of the key and then paste it inside.
You should save the file in the "/home/user/.ssh" directory (where "user" is your actual Linux username), but you can also leave it anywhere on your computer. Finally, you need to write the following command:
ssh -p19199 -i <name_of_your_key> cpaneluser@hostname
here is an example:
ssh -p19199 -i ha_key [email protected]
If you are using the above command, PLEASE make sure that you are inside the directory where you saved the key. In addition to that, please be sure to set the permissions for the public key to "600"
As the key has a passphrase, you will receive a prompt requiring that passphrase. After entering it, you will connect to the account via SSH.
IMPORTANT!!!
If you placed the key inside the "/home/user/.ssh" directory, you need to define the absolute path to the file:
ssh -p19199 -i /home/user/.ssh./ha_key [email protected]
macOS
As macOS is Linux-based, you can use the same steps explained above. After utilizing the cPanel to generate a key-pair, please save the public key on your Mac. You can click the button "Download Key" to download the file directly, or you could manually create the file on your macOS, copy the content of the key and then paste it inside.
Finally, you need to write the following command:
ssh -p19199 -i <name_of_your_key> cpaneluser@hostname
here is an example:
ssh -p19199 -i ha_key [email protected]
If you are using the above command, PLEASE make sure that you are inside the directory where you saved the key. In addition to that, please be sure to set the permissions for the public key to "600"
As the key has a passphrase, you will receive a prompt requiring that passphrase. After entering it, you will connect to the account via SSH.
Windows 10
Windows 10 terminal has incorporated the same means to generate an SSH key-pair like Linux, so it is pretty easy to do now. Open your windows "Run" window by pressing the Windows key + r.
Type in "cmd" and your Windows 10 terminal will open. When the screen shows up, please type in:
ssh-keygen
You will receive a prompt asking you for the name of the key you are creating. Please type it in. After that, you are going to see a question asking you about a passphrase. This step is optional, so you can press enter to skip it. If you set a passphrase, each time you connect using these keys will require you to type it in.
When the above process is complete, it is time to copy the public key inside the cPanel and enable your computer to log in using it. To do so, execute the command:
more ha_key.pub
Highlight the command's output using your mouse cursor and press CTRL + C on your keyboard to copy it. Go to your cPanel's SSH access and select "Import Key". Choose a name for your key, and then please paste the key inside the second text box. When done, please press the "Import" button on the bottom. After importing the key, please be sure to Authorize it.
Finally, go back to your Windows 10 cmd and type in the command:
ssh -p19199 -i <key_name> user@hostname
for example
ssh -p19199 -i ha_key [email protected]
And you will immediately connect!
PuTTy
On the older windows operating systems, SSH does not come natively. To establish an SSH connection, you need to use third-party clients to add keys and connect. These third-party clients are also methods that many users are used to, so they will use them, regardless of the Windows version. PuTTy is a widely-spread SSH client which we recommend to anyone, as it is very user-friendly. It is available for Linux and macOS as well, so if you prefer using it, keep reading this tutorial.
After you generate a key-pair from the cPanel, you will have an option to convert the private key to PPK format, which PuTTy requires to connect.
To do so, please click the "View/Download" button. After that, scroll down to the bottom of the page, where you will find a password field. Inside, you need to add your passphrase and then click the "Convert" button.
After clicking the "Convert" button, you will see the key converted into PPK format, and you can either copy it from the content box or click the "Download Key" button to download it locally.
Now it's time to import the key inside PuTTY so you can use it to log inside your account using SSH. To do so, please open PuTTy on your computer. After that, expand the "SSH" menu and then click on "Auth". You will see a text field on the right side and the "Browse" button. Please click it and select the key you downloaded from cPanel.
Afterward, it is time to log in. Please click on the "Sessions" option inside PuTTY, which will be on the top application window. Type in the required details - hostname and port. The hostname will vary based on your server, while the port will always be 19199.
After entering your login information, please click on the "Open" button on the bottom right of the screen! You will see a new screen pop-up that requires your passphrase. After pasting your passphrase inside, you will connect to the account:
Conclusion
In HostArmada, we value security overall. That is why we disabled password authentication, and we only allow SSH connection with keys to ensure that our clients can safely connect and hackers cannot brute-force their way inside their accounts unless they have access to the keys.