Ugacomp

How to Configure & Add SSH Keys to VPS Server

Where necessary, you may need to have access to a VPS server so you can follow how to implement the steps in this article.  You can get a cheaper VPS Server from Contabo with 4vCPU cores, 8GM RAM, and 32TB Bandwidth for less than $5.50 per month. Get this deal here now

Table of Contents

Cloud VPS S

$5.50 Monthly
  • 4 vCPU Cores | 8GB RAM

CLOUD VPS M

$15.50 Monthly
  • 6 vCPU Cores | 16GB RAM

CLOUD VPS L

$17.50 Monthly
  • 8 vCPU Cores | 24GB RAM

Adding SSH keys to a server involves a few steps. SSH keys provide a secure way to authenticate and connect to a server without using passwords. Here’s a general guide:

Generate SSH Key Pair (if not already done):

If you don’t have an SSH key pair, you need to generate one. Open a terminal on your local machine and run the following command:

ssh-keygen -t rsa -b 4096 -C "[email protected]"

Replace "[email protected]" with your actual email address. This command will create a new SSH key pair with a 4096-bit RSA key.

In the ssh-keygen command, the -C flag is used to associate a comment with the generated key. The comment is typically an informative label or identifier that helps you remember the purpose or owner of the key. In the specific command ssh-keygen -t rsa -b 4096 -C "[email protected]", the email address ([email protected]) is provided as a comment for the generated SSH key.

While the comment is optional, adding a meaningful identifier, such as an email address, can be helpful for managing and identifying different SSH keys, especially if you have multiple keys for different purposes or services. It serves as a reminder of where or why the key was created. Additionally, when you share your public key with others (for example, when adding it to an authorized keys file on a server), having an informative comment can provide context to those who may be managing or reviewing the keys.

Generate SSH Keys without Comment

Alternatively, if you don’t want to use a comment, you can just ignore the -C flag and run the following command:

ssh-keygen -t rsa -b 4096

This command generates a new RSA key pair with a key length of 4096 bits and does not include a comment. After running this command, you will be prompted to specify the file in which to save the generated key pair. By default, the private key is saved in ~/.ssh/id_rsa and the public key in ~/.ssh/id_rsa.pub.

Copy the Public Key to the Server

Use the following command to copy the public key to your server. Replace "your_username" and "your_server_ip" with your server’s username and IP address:

ssh-copy-id your_username@your_server_ip

Alternatively, if ssh-copy-id is not available, you can manually copy the public key to the ~/.ssh/authorized_keys file on the server. You can use tools like scp or rsync for this:

scp ~/.ssh/id_rsa.pub your_username@your_server_ip:~/
ssh your_username@your_server_ip
mkdir -p ~/.ssh
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
rm ~/id_rsa.pub

Set Permissions

Make sure the permissions on the ~/.ssh directory and the ~/.ssh/authorized_keys file are secure:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Disable Password Authentication (Optional)

For enhanced security, you can disable password authentication and only allow key-based authentication. Open the SSH server configuration file:

sudo nano /etc/ssh/sshd_config

Find the line PasswordAuthentication and set its value to no. Save the file and restart the SSH service:

sudo service ssh restart

How to Connect to SSH Server using Key-based Authentication

If your remote VPS server is already configured to accept incoming SSH connections, all you need is to have the Private key on your local computer to connect.

Your private key should be part of the pair you generated earlier. This key needs to be kept safe without compromising as losing it could prevent you from accessing your server again.

Connect to SSH Server

Use the ssh command to connect to the SSH server. Replace "your_username" and "your_server_ip" with your actual username and server’s IP address:

ssh -i ~/.ssh/id_rsa your_username@your_server_ip
  • -i: Specifies the identity file (private key) to use for authentication.
  • ~/.ssh/id_rsa: Path to your private key file.
  • your_username@your_server_ip: SSH username and server IP address. If you’ve set up your SSH key with a passphrase, you’ll be prompted to enter it.

That’s it! If the private key matches a public key in the authorized_keys file on the server, you should be able to connect without entering a password. This method provides a more secure and convenient way to authenticate compared to password-based authentication.

Hire us to handle what you want

Hire us through our Fiverr Profile and leave all the complicated & technical stuff to us. Here are some of the things we can do for you:

  • Website migration, troubleshooting, and maintenance.
  • Server & application deployment, scaling, troubleshooting, and maintenance
  • Deployment of Kubernetes, Docker, Cloudron, Ant Media, Apache, Nginx,  OpenVPN, cPanel, WHMCS, WordPress, and more
  • Everything you need on AWS, IBM Cloud, GCP, Azure, Oracle Cloud, Alibaba Cloud, Linode, Contabo, DigitalOcean, Ionos, Vultr, GoDaddy, HostGator, Namecheap, DreamHost, and more.
 

We will design, configure, deploy, or troubleshoot anything you want. Starting from $10, we will get your job done in the shortest time possible. Your payment is safe with Fiverr as we will only be paid once your project is completed.