Benefits of SSH keys
If VPS/Dedicated server is visible over the Internet, you should use public key authentication instead of passwords, if at all possible. This is because SSH keys provide a more secure way of logging in compared to using a password alone. While a password can eventually be cracked with a brute-force attack, SSH keys are nearly impossible to decipher by brute force alone. With public key authentication, every computer has (i) a public and (ii) a private “key” (two mathematically-linked algorithms that are effectively impossible to crack).
Setup SSH Keys on your Windows computer/laptop using PuttyGEN
Step 1
Download PuttyGEN from the Homepage website.
Scroll down until you find puttygen.exe and download either 32 or 64bit version.
Step 2
Start PuttyGEN by double clicking on its icon
Step 3
From top menu, click on “Key” and select “SSH-2 RSA” and in the bottom right box change the number 2048 to 4096
Step 4
Click “Generate” button
Step 5
Move your mouse pointer around in the blank area of the Key section, below the progress bar (to generate some randomness) until the progress bar is full
Step 6
Click the “Save public key” button & choose whatever filename you’d like (some users create a folder in their computer named my_keys)
Step 7
Click the “Save private key” button & choose whatever filename you’d like
NOTE! Both public and private files will have to stay on your computer, do not delete them.
Step 8
Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and choose Select All, right-click again and choose Copy
Step 9
Login to your VPS or Dedicated server
Step 10
Run the following commands:
mkdir ~/.ssh chmod 0700 ~/.ssh touch ~/.ssh/authorized_keys chmod 0644 ~/.ssh/authorized_keys
Step 11
Paste the SSH public key which you copied in step 8 into your ~/.ssh/authorized_keys file
Lets setup Putty on your windows computer/laptop
Step 1
Start PuTTY by double-clicking its executable file
Step 2
PuTTY’s initial window is the Session Category (navigate PuTTY’s various categories, along the left-hand side of the window)
Step 3
In the Host Name field, enter the IP address of your VPS or its fully qualified domain name (FQDN)
Step 4
Enter the port number in the Port field (for added security, consider changing your server’s SSH port to a non-standard port.
Step 5
Along the left-hand side of the window, select the Data sub-category, under Connection
Step 6
Specify the username that you plan on using, when logging in to the SSH server, and whose profile you’re saving, in the Auto-login username field
Step 7
Expand the SSH sub-category, under Connection
Step 8
Highlight the Auth sub-category and click the Browse button, on the right-hand side of the PuTTY window
Step 9
Browse your file system and select your previously-created private key
Step 10
Return to the Session Category and enter a name for this profile in the Saved Sessions field, e.g. user@123.456.78.9 or user@host.yourdomain.tld
Step 11
Click the Save button
Now you can go ahead and log in to your server and you will not be prompted for a password.
Finally let’s disable username/password login on your vps/dedicated server
Step 1
Open /etc/ssh/sshd_config
nano /etc/ssh/sshd_config
Step 1
Lets change both “PasswordAuthentication” and “UsePAM” options to “no”
[...] PasswordAuthentication no [...] UsePAM no [...]
Step 2
Restart your SSH server
service sshd restart or sudo reload ssh
Leave a Reply