n6cloud blog

Step-by-Step Guide to Implementing SSH Keys for Linux VPS Security

Securing access to your server is crucial, especially when managing a Linux Virtual Private Server (VPS). One standard method is through SSH (Secure Shell), which typically relies on passwords. However, this method can be vulnerable. Hackers can use brute-force attacks, trying countless password combinations until they find the right one. They can also take advantage of weak or default passwords that are easy to guess or have been exposed in data breaches.

Using SSH keys is a highly effective measure  to counter these threats. This method provides a more secure option compared to password-based authentication. In this article, we are going to explore three different methods to set up SSH keys on your Linux VPS: through N6 Cloud’s Clients area, by using command-line commands, and manually transferring the key to your server. By implementing SSH keys, you not only enhance your security but also streamline your access process by eliminating the need to enter a password each time you connect to your server. Whether you’re a beginner or an experienced user, these detailed instructions will help you secure your server efficiently.

What are SSH Keys?

SSH keys serve as a pair of cryptographic keys utilized for authenticating to an SSH server instead of using passwords. An SSH key pair consists of a public key, which you install on your server, and a private key, which you keep secure on your local computer. When you attempt to connect to the server, the server checks if the public key matches a private key. If there is a match, access is automatically granted. This method is more secure and user-friendly than passwords, as it eliminates the need to enter a password each time you connect to your server. Imagine the relief of not having to recall and enter a password every time you connect to your server.

Preparing Your SSH Keys

Before securing your server, it is essential to create an SSH key pair.

Detailed instructions for both Linux/macOS and Windows users are provided below.

For Linux and macOS Users:

  1. Open a terminal. This is your starting point on Linux and macOS.
  2. Generate the SSH key pair by entering the following command:
ssh-keygen -t rsa -b 2048

Using RSA encryption with 2048 bits, this command creates a new SSH key which is a solid choice for security and compatibility.

  • Follow the prompts. Decide where to save the keys. If you choose the default location, the keys will be placed in ~/.ssh/. At this step, you can also set a passphrase for more security.
  • Understand the generated files: Two files will be generated in your chosen directory. If you used the default settings, these will be id_rsa and id_rsa.pub.
  • The id_rsa file is your private key, and it is crucial to keep it secure. Never share this file with anyone. It acts as your identity for the SSH protocol, and its security relies on its remaining confidential.
  • The id_rsa.pub file is your public key. You will install it on any server you wish to access securely.

related post: linux web hosting

For Windows Users Using PuTTY:

  1. Download and install PuTTY. Make sure to include PuTTYgen in your installation from the official PuTTY download page.
  2. Open PuTTYgen from your Start menu or the folder where PuTTY was installed.
  3. Generate the key pair: Click ‘Generate’ and move your mouse randomly in the area below to create randomness. After generating the key, you’ll see your public key displayed in the window.
  4. Set a passphrase: Adding a passphrase in the ‘Key passphrase’ and ‘Confirm passphrase’ fields will secure your key further. This passphrase is needed each time the key is used, adding an extra layer of security.
  5. Save the private key. Click the ‘Save private key’ button and store it securely on your computer. It is crucial to protect this file as it is your identity for SSH connections.
  6. Copy the public key. You can copy the public key directly from the PuTTYgen window or click the ‘Save Public Key’ button to save it as a file. Either approach is suitable for uploading the key to your server.

Installing the SSH Key on the Server

After creating your SSH key pair, you can install the public key on your Linux VPS. This is a critical step in enhancing the security of your server access, as it allows the server to recognize and authenticate your private key without needing a password. Here, we will explore three different methods to install an SSH key, each with its advantages and suited for users with different levels of familiarity with server management.

Method 1: Using N6 Cloud’s Client Area to Install SSH Keys

For those utilizing N6 Cloud for their VPS services, the client area provides a user-friendly interface to manage and install SSH keys directly.

Below are the steps to configure your SSH key utilizing this particular technique:

  1. Log in to the N6 Cloud’s Clients area. Access the client area using the following URL: https://n6cloud.com/clients/. Enter your credentials to log in.
  2. Navigate to your VPS services. After logging in, click on ‘Services’ in the sidebar and select ‘VPS’ to view the list of your virtual private servers.
  3. Access VPS details. Find the VPS on which you want to install the SSH key and click on the gear icon next to it. This will take you to the specific VPS details page.
  4. Manage SSH Keys. On the VPS details page, click on the ‘SSH Keys’ section to open the SSH key management area.
  5. Add a new SSH Key. Click on ‘Add new SSH Key.’ In the form that appears, enter a friendly name for the key to help you identify it later and paste your public key into the designated field. Click on the ‘Submit’ button to save the key.
  6. Activate the SSH Key. Go to the ‘Used’ tab within the SSH Keys section, select the SSH key you just added from the dropdown menu, and click ‘Submit’ to associate the key with your VPS.
  7. Restart the VPS. To make the SSH key applied, return to the VPS details page. Turn off the VPS using the ‘Switch Off’ button. Once the VPS is completely off, turn it back on to apply the changes.

Method 2: Using Command Line Commands

This approach involves directly adding the SSH public key to the server using command-line tools, providing a straightforward and efficient method for those comfortable with terminal or command-prompt operations.

For Linux and macOS Users:

Linux and macOS users can use the ssh-copy-id command to install their public key on a server easily. Here’s how:

  1. Open your terminal.
  2. Execute the ssh-copy-id command: Use the following command to copy your SSH public key to the server:
ssh-copy-id -i ~/.ssh/id_rsa.pub username@server-ip

Replace username with your server’s username and server-ip with your server’s IP address. You will be prompted for your server’s password initially.

This command will add your public key to the ~/.ssh/authorized_keys file on the server, allowing SSH access without requiring a password in future connections.

For Windows Users:

For Windows users, it is now possible to install their public key on a server using the SSH command directly. To use this feature, users need to have SSH capabilities installed on their devices. This can be done through Windows 10’s built-in SSH client or third-party applications like Git Bash.

The following steps should be followed:

  1. Open Command Prompt or PowerShell.
  2. Use the following command to append your public key to the authorized_keys file on your server:
type path-to-your-public-key\id_rsa.pub | ssh username@server-ip "cat >> .ssh/authorized_keys"

Replace path-to-your-public-key with the full path where your id_rsa.pub file is located, username with your server’s username, and server-ip with your server’s IP address. Make sure that you are connected to the internet and can reach your server.

This command will copy the contents of your public key file and append them to the authorized_keys file on your server. This will enable you to authenticate via SSH without entering a password on subsequent connections.

Method 3: Manually Copying the Key to the Server

If you prefer to manually install your SSH keys, this method allows you to directly manage the authorized_keys file on your server. This hands-on method requires editing and setting permissions from the command line.

Step-by-Step Guide:

  1. Connect to your server via SSH.
  2. Check and prepare the .ssh directory. First, ensure the .ssh directory exists in your home folder:
ls -la ~/.ssh

If the directory doesn’t exist, create it and set the correct permissions:

mkdir ~/.ssh
chmod 700 ~/.ssh
  • Open the authorized_keys file using the vi editor. Access or create this file within the .ssh directory:
vi ~/.ssh/authorized_keys

If the file does not exist, vi will start with an empty document.

  • Append your public key. In vi, switch to insert mode by pressing i. Carefully paste your public key, ensuring it is entered as a single line without any breaks or alterations.
  • Save and exit vi. After pasting your key, press Esc to exit insert mode. Save the changes and close the editor by typing :wq.
  • Set the correct permissions for the authorized_keys file. It’s essential to secure this file by restricting its permissions, allowing only your user to read and write:
chmod 600 ~/.ssh/authorized_keys

Testing the SSH Connection

Once you have installed your SSH keys, it is crucial to test the connection to ensure everything is configured correctly. This will verify that the server recognizes the public key and enables you to log in without a password.

For Linux and macOS Users:

  1. Open your terminal. Use the terminal application where you initially created your SSH keys or any terminal on your Linux or macOS system.
  2. Connect to your server via SSH: Using the following command, make sure to replace username with your server’s username, server-ip with the server’s IP address or hostname, and path-to-private-key with the path to your private key if you are not using the default location:
ssh -i path-to-private-key/id_rsa username@server-ip

This command specifies the private key for the SSH connection, bypassing the need for password authentication. If prompted for a password, make sure that the SSH key is installed correctly, and that file permissions are configured properly.

For Windows Users:

For Windows users setting up SSH keys for the first time with PuTTY, here’s how to proceed:

  1. Open PuTTY. Launch the application to configure your initial SSH session.
  2. Configure your session: Enter your server’s IP address in the ‘Host Name’ field.
  3. Set up SSH authentication:
  4. Navigate to Connection > SSH > Auth > Credentials
  5. Click the Private key file for authentication’s ‘Browse’ button to locate and select your private key file (*.ppk). This file should have been created and saved when you generated your SSH keys, possibly through PuTTYgen.
  6. Return to the Session category: To save this setup for future use, return to the ‘Session’ category, enter a name for the session in the ‘Saved Sessions’ field, and click ‘Save.’ This will enable you to load these settings quickly in the future.
  7. Open the connection: Click ‘Open’ to initiate the connection to your server.
  8. Login as specified: When prompted, enter the username associated with the public key you installed on the server. If the key setup was successful, you should gain access without being prompted for a password.

Security Tips: Disabling SSH Password Authentication

One of the most effective security measures to safeguard your Linux VPS is to turn off SSH password authentication. By disabling this feature, the server can only be accessed through SSH keys, significantly boosting security and thwarting brute-force attacks.With password authentication disabled, even if attackers discover your password, they cannot gain server access without the corresponding private key.

For detailed instructions on how to disable SSH password authentication and ensure that your server is solely accessible via SSH keys, please refer to our comprehensive guide, “How to Disable SSH Password Authentication.”

Conclusion

Setting up SSH keys on your Linux VPS is a crucial security measure that fortifies your server against unauthorized access and streamlines the connection process for authorized users.

Remember, SSH keys are just part of a robust security strategy. As mentioned earlier, disabling SSH password authentication further strengthens your defence against potential security breaches.

For in-depth guidance on this and other advanced security measures, check out our supplementary resources. By implementing these security protocols, you contribute to a safer and more efficient management environment for your Linux VPS. Continue to stay informed and proactive in updating and securing your server configurations to maintain a high level of protection.

Protecting Your VPS Against Brute Force Attacks PrevProtecting Your VPS Against Brute Force AttacksJuly 1, 2024
How to Disable Password Authentication in SSHJuly 6, 2024 How to Disable Password Authentication in SSH Next

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *