Secure shell (SSH) keys are cryptographically secure, string pairs - used to authenticate a client to a server. Each key is made up of 2 parts, a private component, and a public component: the private section should be safely guarded by the user, whereas the public part can be shared freely with any server the user wishes to connect to. Once the public key has been successfully configured, the user can then connect without the hassle of having to remember/enter a passcode every time. SSH keys have their faults, (like any form of digital verification), but they are very difficult to decode, and are unlikely to be guessed - even if the connection were to be intercepted or tampered with. Traditional passwords, on the other hand, can eventually be deciphered or hacked using brute force, and are significantly less secure as a result.
- SSH keys can be generated in the terminal using the following command:
$ ssh keygen.
$ ssh remote-hostcan also be used - although please note that this method assumes that the name of the user is the same on both the local machine and within the server environment.
- If this is not the case, the remote user name needs to be passed also, using:
$ ssh username@remote-host.
- If this is the first time the user is connecting to the server, the following (or a variation) will then be displayed, alongside a prompt to proceed with the connection:
The authenticity of host 'XXX.XXX.XX.XXX (XXX.XXX.XX.XXX)' can't be established. ECDSA key fingerprint is a7:b1:3e:3d:84:24:a2:5a:91:5f:6f:e9:cf:dd:2b:6a. Are you sure you want to continue connecting (yes/no)?
Upon typing and submitting "yes", the user will be prompted for the password to their remote account. It is worth noting that, if SSH keys are already being used, the user will be prompted for the passphrase associated with their private key instead - if one has been configured. Once through however, the user will be logged in, and a shell session will be spawned.
To avoid having to enter the private key repeatedly, the user can run an SSH agent using the command:
$ eval (ssh-agent), which will store the passphrase for the duration of the terminal session. This needs to be done before the initial SSH command, (before the shell session is commenced). Running the agent will return a PID (process identifier) number, for example:
SSH_AUTH_SOCK=/tmp/ssh-RFrEqn6pDsAe/agent.21110; export SSH_AUTH_SOCK; SSH_AGENT_PID=21113; export SSH_AGENT_PID; echo Agent pid 21113; $
The user then needs to add their private key, using:
$ ssh-add. The terminal will then ask for the private passphrase one final time, before adding an identity file to the agent - preventing the need for further passphrase entries for the remainder of the terminal session.
Another way of copying a public SSH key across to a host is via:
ssh-copy-id username@host, although this will only work if the user has access to the account, and the relevant password.
- To download the free installer, visit this link.
- Navigate to Start -> All Programs -> PuTTY --> PuTTYgen.
- Click "Generate".
- The program will ask you to make some random movements with your mouse - this is a verification process that is personal to you, and therefore can not be predicted by an attacker or viral threat.
- When the key appears in the window, you can generate a passphrase for the key. Do so when prompted.
- When finished, click "Save Private Key", and store the generated file somewhere safe and secure. This should not be done on a public computer.
- With both OpenSSH and Tectia SSH servers, access to your account is granted by adding your key to the
~/.ssh/authorized_keysfile from within the shell session.
- Tell PuTTY to use your key by changing the access path in
- Test to see if access is permitted!
- The navbar to the left of the Civo homescreen contains a link to the SSH Keys index.
- This navigates to a table that displays all of the SSH keys that are associated with the current user account.
- To add a new one, click the button labelled "+ Add SSH Key".
- A window will pop-up asking for a name for the new key, and the key itself.
- As stated, you can drag and drop your public key into this field. This will assign the key to your Civo account.
Adding an SSH key to an instance is simple - you will be able to select from your available keys during the launch process. Just select the one you wish to use. If you do not choose one, a random password will be generated for you instead. You options will be displayed as below.