Recent days, I have purchased a VPS linux-based for LABS. This is my diary regrading to the LABS.
From a security standpoint, it\’s recommended all customers to use SSH Keys instead of traditional passwords while connecting via SSH. SSH Keys are like a "keycard" to access your server without a password.
- Download PuTTY (includes PuTTY SSH Client, PuTTYgen and Pageant):
- A Terminal, CMD, PowerShell, MobaXterm,…
- Ubuntu 20.04
And unlike passwords, SSH keys aren’t sent to the server. You do have to protect your SSH key with a passphrase
Generate SSH Keys
Linux or macOS:
ssh-keygen -t rsa
You will be prompted to supply a filename (for saving the key pair) and a password (for protecting your private key).
Enter a password that contains at least 05 characters, and then press
If you press
Return without entering a password, your private key will be generated without password-protection.
Default filename and path (
~/.ssh/id_rsa for RSA keys) by default if you
The corresponding public key will be generated using the same filename (but with a
.pub) and stored in the same location (for example,
Using PuTTY to generate the key pair in a second.
(Source: NREADY.NET Blog)
Assign a Key Passphrase:
From the image above, Assigning a key passphrase will enhance the private key’s security by locally encrypting (and decrypting) your private key. The key passphrase acts as another layer of security to connect to your server – almost like 2FA.
Upload SSH Public Keys VPS
There are many ways to peform the task, using FTP, Console. To keep simple, I use the Console.
Log yourself in via SSH as root. Create the right directory and switch to it:
mkdir /root/.ssh && cd /root/.ssh
We have two ways:
Create and open the
authorized_keys text file with this command:
Paste in your whole
public key and save the file by pressing
O. To exit the editor use
The content of your
id_rsa.pub file will have to be added to a file at
~/.ssh/authorized_keys on your remote machine somehow.
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
Authenticating to VPS Using SSH Keys
We can use SSH Private Key with:
(Source: NREADY.NET Blog)
If using the default file name and path (
~/.ssh/id_rsa), no need to include the private key manually. Just open a ssh normally.
If the private key you’re using does not have the default name, or is not stored in the default path
~/.ssh/id_rsa, we can do two ways:
ssh -i <path> root@<IP>
or SSH client configuration file:
SSH gets configuration data from the following sources (in this order):
- From command-line options
- From the user\’s client configuration file (
~/.ssh/config), if it exists
- From the system-wide client configuration file (
To make SSH automatically invoke the private key
host_key, stored in the
~/.ssh/old_keys directory, create a
~/.ssh/config file with these lines included:
Host <your_host or IP>
Enter the Passphrase to connect to the VPS.
Alternative to inserting your Private Key into PuTTY you can use Pageant – which comes with PuTTY.
If you use Pageant you don’t need to type in your Passphrase over and over again, in case you secured your Private Key with a Passphrase.
Search for Pageant in the Windows Search Bar. After executing this program, import a Private Key into Pageant, right-click the Pagent-Icon and click on Add Key.
The file explorer will open and you need to select your Private Key, then enter a Passphrase.
Now you can just login to your Server without getting prompted to enter your Passphrase everytime you start an SSH connection.
Need to import your Private Key again after rebooting local computer.
Disabling Password Authentication on your Server
After choosing ssh-key authentication as your login method is server security. Therefore, To disable password authentication, open the
sshd_config with this command:
Now set the following values:
Save your changes with
O and close the editor with
Do not forget to restart the ssh service (Ubuntu):
systemctl restart sshd
On most Linux distributions, you can issue the following command to do that:
sudo systemctl restart ssh
HCM, 28 Nov 2023
Nam Le, https://nready.net