How to Set Up SSH Keys
In this tutorial you will learn how to set up SSH keys on your local device and use the generated pair of keys for connecting to a remote server. This method is more convenient and provides a more secure way of connecting to the remote server/machine than simply using a password.
Additionally, you can check out this tutorial on “How to Connect to your VPS using Putty”. It will be very helpful if you are running Windows OS and not sure how to connect to the server: How to Connect to your VPS using Putty.
Download Ultimate SSH Commands Cheat Sheet
What Will You Need?
Before you begin this guide you’ll need the following:
- Access to your local device
- Access to the remote device
- A terminal suitable for SSH connection
Step 1 — Generating the SSH Keys
You can generate and set up the RSA keys on both Windows and Linux/Unix systems using any kind of Terminal type of environment which your local device comes with.
After entering the Terminal, you will be taken to a window similar to this:
Here you can start writing needed commands:
The first thing you need to do is generate the pair of keys on your local machine. You can do it with this simple command:
ssh-keygen -t rsa
Once you enter this command, a few new questions will pop up:
Enter file in which to save the key (/home/tautvydas/.ssh/id_rsa):
Generally it is recommended to simply leave it as it is – press ENTER without typing anything – so that the key generator could create the key pair in the default location (in this tutorial I entered a different name tut_id to avoid duplicate keys, since my local device already had an id_rsa keys generated). Two questions which will pop up:
Enter passphrase (empty for no passphrase):
Followed by:
Enter same passphrase again:
Now for convenience reasons, I like to leave those empty as well. That way, after setting the keys up with your remote server, you won’t need to use any kind of password to log in. You will simply enter the ssh user@serverip
command and it will log you in as long as the keys are properly set up. But if you need even more security, you can enter a passphrase in this section. If you choose this option, you will need to enter the password every time you connect to the remote device.
That is basically it, you should see something like this in your Terminal:
Your generated Image WILL look different from mine. As well as the key fingerprint.
Important! There are two keys created here (private and public): tut_id and tut_id.pub (in your case, should be id_rsa and id_rsa.pub). Take a very good care of the file named id_rsa (this is the private key), have it only on your local device and do not give it to anyone.
Other file, id_rsa.pub must be uploaded to your remote machine. So for example, if you and your friend is working on the same project in the same remote server, you both can put your public keys in that remote server. In the next step, we will learn how to do that.
Step 2 — Copying the Public Key to Your Remote Server
After generating the RSA key pair, we have to put our public key to the remote virtual server.
There is a simple command which will put your public key directly to the remote server’s authorized_keys file (this file keeps all the public keys:
ssh-copy-id user@serverip
Here instead of serverip, you have to enter your remote server’s IP address and instead of user, you have to enter the username of the server you are connecting to.
After entering the command, you should be greeted with a Warning message similar to this:
The authenticity of host 'Server's IP address' can't be established. RSA key fingerprint is ... Are you sure you want to continue connecting (yes/no)?
Type in yes in the command line and hit ENTER. This message appears only the first time you are performing this action.
Another message will pop up:
Warning: Permanently added 'SERVER IP' (RSA) to the list of known hosts. user@serverip's password:
Here you must enter the password of remote server user (in most cases username is root). After entering the password, that should basically be it. You will be greeted with another message:
Now try logging into the machine, with "ssh 'user@serverip'", and check in: ~/.ssh/authorized_keys* to make sure we haven't added extra keys that you weren't expecting.
as the new public key has been added to your remote server. Now every time you log into your remote server, you won’t be prompted for a password (unless you set up a passphrase for your RSA key in the generation process).
Conclusion
In this tutorial, you have learned how to generate SSH private/public key pair and use those keys with your remote server in order to set up a more secure connection than simply using the password.
Comments
March 17 2018
I tried Connecting.... But error was :- /sbin/nologin: No such file or directory Even though I am entering correct password
March 23 2018
Hey Piyusg, It seems that you forgot to create the file.
January 06 2022
I did those steps but now I don't know how to login through android app called juicessh any idea?
January 11 2022
Hi! I'd suggest checking out this guide from Juice SSH themselves or contact them via email :)
March 07 2022
When you use this command: ssh-copy-id user@serverip It's probably that you get an error like: /usr/bin/ssh-copy-id: ERROR: No identities found it's because you have to define the directory and the file, I did it adding -i to the command: ssh-copy-id -i ~/.ssh/yourfilename user@serverip and it worked.
March 23 2022
Thank you Felix, it worked :)