In our experience, using SSH keys has been a big struggle for many of the users attempting to connect via SSH. What is interesting is that this method appears to be much-preferred as opposed to the password authentication approach. It does not involve typing a password on your keyboard, making it less susceptible to a key-logger type of malware that aims to steal your password. In addition to that, the login process is completely automated. With this guide, we are going to try acquainting all our clients with the know-how on using SSH keys correctly, enabling them to feel more comfortable and secure when connecting to the server.
Brief information about SSH keys
Before we dive into the explanation about connecting using SSH keys, let's go over what they are and how they work. SSH keys consist of two parts - a private key and a public key also referred to as an SSH key-pair. Creating this pair happens simultaneously, and you can imagine them being a puzzle that matches perfectly together. The private key is a randomly generated string which the user must place on his local machine, while the public key remains on the server. You can perceive the public key as being a door lock that is opened by your private key ONLY. There is an additional layer of protection you can add for your private key that serves as two-factor authentication - a passphrase. Note that when you establish a connection between your local computer and the server, and you have created a passphrase, you have to enter it to log in.
On the older windows operating systems, SSH does not come natively, so to establish an SSH connection, you need to use third-party clients to generate keys and connect. Before that, though, you need to use additional software to create the key-pair. We at HostArmada recommend a completely free program called PuTTYgen. When you download it, please double-click the icon to start the process of generating a key-pair. If PuTTy is your software of choice, it is available for Linux and macOS so you can download and follow this guide to establish an SSH connection with keys using it. Here are the instructions:
- When the program starts, all you need to do is press the "Generate" button, as the type defaults to RSA, and the number of bits defaults to 2048.
- A loading screen shows up after you press the "Generate" button. A few seconds later, a content box is going to appear, and within, you are going to find your public key.
- If you want, there is the option of setting up a passphrase inside the "Key passphrase" text field, but this is entirely optional. The passphrase is going to allow you to add one more layer of security. Each time you attempt to connect to the server using SSH keys, you will have to enter this passphrase as well.
- To save both keys, please press the "Save public key" and "Save private key" buttons located on the PuTTYgen program window. Please name the public key "id_rsa.pub" and the private key "id_rsa.ppk," respectively.
- Please select the key contained within the "Public key for pasting into OpenSSH authorized_keys file" content-box and copy it.
- Log inside your HostArmada cPanel account using SSH through PuTTY.
- When you connect successfully, please execute the following command:
if [[ -d "/home/$USER/.ssh" ]]; then vim /home/$USER/.ssh/authorized_keys; else mkdir /home/$USER/.ssh && vim /home/$USER/.ssh/authorized_keys; fi
- The above command is going to check if the .ssh directory exists and if it does, it will open the file "authorized_keys" for editing, using the vim text editor. If the .ssh directory does not exist, it will create it and then compose the file "authorized_keys" by automatically opening it for editing.
- All you need to do when this file opens is to paste the key you copied earlier inside it and save it. To add the key inside, please press the "I" button on your keyboard. If you have the key copied already, you can press the Shift + insert button combination on your keyboard to add the key immediately inside the file. Note that this file may already contain a multitude of SSH keys. This case should not worry you at all, as you can press the I button on your keyboard. After that, please press the ENTER key, then the UP ARROW button. Afterward, please press the Shift + insert button combination to put the key inside. Finally, press the colon button (:) on your keyboard, followed by the sequence of the "wq!" buttons and hit ENTER.
- The final step is to set the correct permissions for the file and directory (if we created them via the above command). Please type in the following line in the terminal:
chmod 700 /home/$USER/.ssh && chmod 600 /home/$USER/.ssh/authorized_keys
- When done, please close the connection by typing "exit" and pressing the ENTER button on your keyboard or by pressing Ctrl + a + d in quick succession.
Here is an all-in-one command you can use to do the entire process for you, from the file creation (if needed) to the permission fix:
if [[ -d "/home/$USER/.ssh" ]]; then echo "INSERT KEY HERE" >> /home/$USER/.ssh/authorized_keys; else mkdir /home/$USER/.ssh && touch /home/$USER/.ssh/authorized_keys && echo "INSERT KEY HERE" >> /home/$USER/.ssh/authorized_keys && chmod /home/$USER/.ssh 700 && chmod /home/$USER/.ssh/authorized_keys 600 ; fi
We recommend placing this command within a text editor (such as notepad) first and then pasting the copied string where the INSERT KEY HERE text is located.
You have now created the SSH key-pair and stationed the public key on the HostArmada server. Feel free to proceed with the configuration of the PuTTy client to enable it to connect you over SSH using keys.
To connect to your hosting account using PuTTy, please refer to the steps below:
- Start PuTTy by double-clicking its icon.
- On the left side, you are going to see the "Category" section. Please expand the "SSH" dropdown menu and click on "Auth". This click is going to open the "Options controlling SSH authentication" section on the right side.
- At the bottom of this section, you are going to see the "Private key file for authentication:" text field and on its left side the "Browse..." button. Please press the "Browse..." button and select the "id_rsa.ppk" file you created earlier in this article
- When the above is complete, please select the "Session" option from the "Category" section.
- When you select the "Session," you are going to see the index screen of PuTTy. Inside the "Host Name (or IP address)" text field, please type in the following pattern: [email protected], replacing the user with your cPanel username and hostname with the hostname of the server hosting your Web Hosting Account. Inside the "Port" text field type in the SSH server port 22.
- The connection type is going to default to "SSH" so leave it as such.
- Within the "Saved Sessions" text field, write the name of the connection - for example, "HostArmada SSH" and press save.
- To connect to your cPanel account with HostArmada, please double-click the name for the connection you just typed in. You are going to land on the command-line interface of your hosting account immediately. If you set a passphrase earlier, you are going to need to type it in before you proceed.
- Now that you have successfully connected, you can begin executing Linux commands.
- To close the SSH connection, please type "exit" and hit ENTER or press Ctrl + a + d in quick succession.