Generate Ssh Keys Via Server
On Windows, you can create SSH keys in many ways. This document explains how to use two SSH applications, PuTTY and Git Bash.
SSH keys can serve as a means of identifying yourself to an SSH server using public-key cryptography and challenge-response authentication.The major advantage of key-based authentication is that in contrast to password authentication it is not prone to brute-force attacks and you do not expose valid credentials, if the server has been compromised. SSH keys can serve as a means of identifying yourself to an SSH server using public-key cryptography and challenge-response authentication.The major advantage of key-based authentication is that in contrast to password authentication it is not prone to brute-force attacks and you do not expose valid credentials, if the server has been compromised. Mar 27, 2019 Connect to your SSH server using WinSCP with the SSH protocol, using other means of authentication than public key, e.g. Typically using password authentication. Once logged in, configure your server to accept your public key. That varies with SSH server software being used. The most common SSH server is OpenSSH.
Joyent recommends RSA keys because the node-manta CLI programs work with RSA keys both locally and with the ssh agent. DSA keys will work only if the private key is on the same system as the CLI, and not password-protected.
PuTTY
PuTTY is an SSH client for Windows. You can use PuTTY to generate SSH keys. PuTTY is a free open-source terminal emulator that functions much like the Terminal application in macOS in a Windows environment. This section shows you how to manually generate and upload an SSH key when working with PuTTY in the Windows environment.
About PuTTY
PuTTY is an SSH client for Windows that you will use to generate your SSH keys. You can download PuTTY from www.chiark.greenend.org.uk.
When you install the PuTTY client, you also install the PuTTYgen utility. PuTTYgen is what you will use to generate your SSH key for a Windows VM.
This page gives you basic information about using PuTTY and PuTTYgen to log in to your provisioned machine. For more information on PuTTY, see the PuTTY documentation |
---|
Generating an SSH key
To generate an SSH key with PuTTYgen, follow these steps:
- Open the PuTTYgen program.
- For Type of key to generate, select SSH-2 RSA.
- Click the Generate button.
- Move your mouse in the area below the progress bar. When the progress bar is full, PuTTYgen generates your key pair.
- Type a passphrase in the Key passphrase field. Type the same passphrase in the Confirm passphrase field. You can use a key without a passphrase, but this is not recommended.
- Click the Save private key button to save the private key. You must save the private key. You will need it to connect to your machine.
- Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and choose Select All.
- Right-click again in the same text field and choose Copy.
Importing your SSH key
Now you must import the copied SSH key to the portal.
- After you copy the SSH key to the clipboard, return to your account page.
- Choose to Import Public Key and paste your SSH key into the Public Key field.
- In the Key Name field, provide a name for the key. Note: although providing a key name is optional, it is a best practice for ease of managing multiple SSH keys.
- Add the key. It will now appear in your table of keys under SSH.
PuTTY and OpenSSH use different formats of public SSH keys. If the text you pasted in the SSH Key starts with —— BEGIN SSH2 PUBLIC KEY
, it is in the wrong format. Be sure to follow the instructions carefully. Your key should start with ssh-rsa AAAA…
.
Once you upload your SSH key to the portal, you can connect to your virtual machine from Windows through a PuTTY session.
Git Bash
The Git installation package comes with SSH. Using Git Bash, which is the Git command line tool, you can generate SSH key pairs. Git Bash has an SSH client that enables you to connect to and interact with Triton containers on Windows.
To install Git:
- (Download and initiate the Git installer](https://git-scm.com/download/win).
- When prompted, accept the default components by clicking Next.
- Choose the default text editor. If you have Notepad++ installed, select Notepad++ and click Next.
- Select to Use Git from the Windows Command Prompt and click Next.
- Select to Use OpenSSL library and click Next.
- Select to Checkout Windows-style, commit Unix-style line endings and click Next.
- Select to Use MinTTY (The default terminal of mYSYS2) and click Next.
- Accept the default extra option configuration by clicking Install.
When the installation completes, you may need to restart Windows.
Launching GitBash
To open Git Bash, we recommend launching the application from the Windows command prompt:
- In Windows, press Start+R to launch the Run dialog.
- Type
C:Program FilesGitbinbash.exe
and press Enter.
Generating SSH keys
First, create the SSH directory and then generate the SSH key pair.
One assumption is that the Windows profile you are using is set up with administrative privileges. Given this, you will be creating the SSH directory at the root of your profile, for example:
- At the Git Bash command line, change into your root directory and type.
Change into the .ssh directory
C:Usersjoetest.ssh
- To create the keys, type:
- When prompted for a password, type apassword to complete the process. When finished, the output looks similar to:
Uploading an SSH key
256 bit random key generator. To upload the public SSH key to your Triton account:
- Open Triton Service portal, select Account to open the Account Summary page.
- From the SSH section, select Import Public Key.
- Enter a Key Name. Although naming a key is optional, labels are a best practice for managing multiple SSH keys.
- Add your public SSH key.
When Triton finishes the adding or uploading process, the public SSH key appears in the list of SSH keys.
What are my next steps?
- Adding SSH keys to agent.
- Set up the Triton CLI and CloudAPI on Windows.
- Set up the Triton CLI and CloudAPI.
- Create an instance in the Triton Service Portal.
- Set up the
triton-docker
command line tool. - Visit PuTTYgen to learn more about the PuTTYgen and to seethe complete installation and usage guide.
Set up your first SSH keys
Use SSH keys for authentication when you are connecting to your server, or even between your servers. They can greatly simplify and increase the security of your login process. When keys are implemented correctly they provide a secure, fast, and easy way of accessing your cloud server.
Follow our guide and learn how to set up your first SSH keys for authentication using OpenSSH or PuTTYTray.
Preparing your server
To add an SSH key pair, first, create a hidden folder to your user account home directory on your cloud server with the following command.
Then restrict the permissions to that directory to just yourself with the command below.
This creates a secure location for you to save your SSH keys for authentication. However, note that since the keys are stored in your user home directory, every user that wishes to connect using SSH keys for authentication has to repeat these steps on their own profile.
Using OpenSSH to generate a key pair
Now continue on your own computer if you are using Linux or any other OS that has OpenSSH. PuTTY users should skip to the next section.
1. Generate a new key pair in a terminal with the next command
The key generator will ask for location and file name to which the key is saved to. Enter a new name or use the default by pressing enter.
2. (Optional) Create a passphrase for the key when prompted
This is a simple password that will protect your private key should someone be able to get their hands on it. Enter the password you wish or continue without a password. Press enter twice. Note that some automation tools might not be able to unlock passphrase-protected private keys.
3. Copy the public half of the key pair to your cloud server using the following command
Replace the user and server with your username and the server address you wish to use the key authentication on.
This also assumes you saved the key pair using the default file name and location. If not, just replace the key path ~/.ssh/id_rsa.pub above with your own key name.
Enter your user account password for that SSH server when prompted.
You can now authenticate to your server with the key pair, but at the moment you would need to enter the passphrase every time you connect.
4. (Optional) Set up SSH Agent to store the keys to avoid having to re-enter passphrase at every login
Enter the following commands to start the agent and add the private SSH key.
Generate Ssh Keys Via Server Windows 10
Type in your key’s current passphrase when asked. If you saved the private key somewhere other than the default location and name, you’ll have to specify it when adding the key.
Afterwards, you can connect to your cloud server using the keys for authentication, and only having to unlock the key by repeating the last 2 steps once after every computer restart.
Using PuTTYTray to generate a key pair
If you are running Windows and PuTTYTray for SSH, you can use the built-in key generator from PuTTY to create a new key pair.
1. Click the Keygen button at the bottom of the PuTTY Configuration window to get started.
Then in the Key Generator window, check that the Type of key to generate at the bottom is set to SSH-2 RSA. The older SSH-1 was the first version on the standard but is now generally considered obsolete. Most modern servers and clients support SSH-2.
2. Click the Generate button to begin.
3. Keep moving your mouse over the blank area in any manner to help generate randomness for a few moments until the progress is complete.
With the keys finished, PuTTY will show the relative information about the pair along with the public key for easier copying.
4. (Optional) Enter a key passphrase in the 2 empty fields for the added security before continuing. The passphrase will protect your key from unauthorized use should someone be able to copy it. However, some automation tools might not be able to unlock passphrase-protected private keys.
5. Click the Save private key button and store it somewhere safe. Generally anywhere in your user directory is fine as long as your PC is password protected. Before closing the keygen, you may want to copy the public key to your clipboard, but you can always get it later as well.
Now that you have a new key saved on your computer, you’ll need to import it into the PuTTY key agent.
6. Click the Agent button to open the key manager in the PuTTY Configuration window.
Generate Ssh Keys Via Server Download
7. Click Add Key button in the Key List, then browse to the location you saved the private key, select it and click Open.
Enter your key passphrase if asked.
This will import the key to your PuTTY client, but you still need to copy the public key over to your server.
8. Open an SSH connection to your cloud server and go to the SSH key directory.
9. Open or create the default file OpenSSH looks for public keys called authorized_keys.
Generate Ssh Keys Via Server Password
10. Paste the public key into the file by simply right-clicking the SSH client window. Make sure the key goes on a single line for OpenSSH to be able to read it.
When you’ve copied the public key over to the authorized keys list, save the file and exit the editor. You can now test the public key authentication by logging in to your server again. You should not get asked for your password, but instead logged straight in with the key. If it’s not working, check that your private key is unlocked at your SSH Agent and try again.
Turn off password authentication
With SSH key authentication configured and tested, you can disable password authentication for SSH all together to prevent brute-forcing. When logged in to your cloud server.
1. Open the SSH configuration file with the following command.
2. Set the password authentication to no to disable clear text passwords.
3. Check that public key authentication is enabled, just to be safe and not get locked out from your server. If you do find yourself unable to log in with SSH, you can always use the Web terminal at your UpCloud control panel.
Then save and exit the editor.
4. Restart the SSH service to apply the changes by using the command below.
Ssh Generate Private Key
With that done your cloud server is now another step along towards security. Malicious attempts to connect to your server will results in authentication rejection, as plain passwords are not allowed, and brute-forcing an RSA key is practically impossible.
Conclusions
Generate Ssh Keys Via Server Settings
Remember to always keep your private keys safe. You can use the same key from multiple computers if you wish, or generate new ones on each client connecting to your cloud server for added security. Each user should generate their own key pair and passphrase for secure access control. With proper management, even in case one of the private keys gets compromised you won’t have to replace them all.