In the previous article we talked about SSH keys – what are they, how to create them and how to get them on your server. We’ve covered only one way of importing a key to the server – via WHM. In this article we’ll go through other ways of importing them. If you haven’t read the previous article or don’t know how to create keys, click here!

REMINDER: private key is always on your machine, public key is always on the server. What key you should import where will depend on how you created the keypair. If you create it in WHM, you have to import the private key to your local machine. If you create the keypair manually, you have to import the public key to the server.

PUTTY USERS

Using SSH keys with PuTTY works a bit differently compared to other connection methods. PuTTY uses a special file format called .ppk for it’s keys. Luckily, WHM has the option of converting the private key to a .ppk format. To do that, follow these steps

  • Go to WHM > Home > Security Center > Manage root’s SSH Keys
  • Find the private key, or create a new keypair if you haven’t already
  • Click on „View/Download Key” next to your private key
  • What you’ll see is the regular private key. Below it is a texbox in which you should type in the key’s passphrase to convert it to .ppk format
  • Copy over the whole text and save it somewhere on your local machine with the name „key_name.ppk”. Of course, replace „key_name” with the actual name you gave to the keypair (default is id_rsa)

Next step is to open Pageant – an SSH authentication agent that comes with PuTTY. It will hold your private keys in memory, already decoded, so that you don’t have to type the passphrase each time you want to connect to the server. We’ll import the .ppk file we just created to it, then we’ll set up the connection in PuTTY itself.

  • Open Pageant – the executable should be located in PuTTY’s install directory
  • Click on „Add Key” – it will open a file browser. Find the .ppk file you just created, and click „Open”
  • It will ask you for the key’s passphrase – type it in and click „Ok”

 

With the key now set up, the only thing left to do is set up the connection itself:

  • Open PuTTY
  • It should open the „Session” category by default
  • Type in the server’s hostname or the IP address and port, make sure SSH is selected as the Connection type
  • Feel free to save that session – give it a name and click „Save”

 

Now, when you click „Open”, it will load up a shell, and will ask you for the username. Since the keys we created are for root, that’s the use you want to be using, so just type in „root”, press Enter, and voila! You’ve successfully connected to the server.

One thing of note here is that Pageant will keep running in the background, as it should. If it’s not running, you’ll be prompted for root’s password, or the connection will abort if password authentication is disabled.

The same process applies if you created the keypair manually, as opposed to creating it in WHM. Just print out the content of your private key, copy it to a file, save it with .ppk extension, and follow the rest of the instructions to set it all up.

You’ll have to do an additional step to get it working if you created the keypair manually, and that’s getting the public key to the server.

SSH-COPY-ID

You’ve used ssh-keygen  to create the keypair, so the keys are now located on your local machine. ssh-copy-id  is the command we’ll use to import the public key to the server. Using it is fairly simple – specify the username and the host to which you want to import the key, with additional options if SSH is listening on a non-default port, and if the keys are named anything other than the default id_rsa and id_rsa.pub

You’ll usually have to prepend the username to the hostname, like so:

If your public key is named anything other than ~/.ssh/id_rsa.pub , you’ll have to specify the location of the key with -i flag:

If the server is listening on a non-default port, use -p to specify it:

This will ask you for the [email protected] password, so password authentication on the server should be enabled. It will also change the permissions of the server’s ~/.ssh and ~/.ssh/authorized_keys to remove group writability (so the permissions on .ssh directory will be 700, on the file 600)

And that’s about it. After you’ve successfully imported the public key to the server, feel free to disable password authentication.

MANUAL COPY METHOD

There are many ways of manually importing the key to the server, but the most common one is using scp  (secure copy). You’ll want to use either this the method above when you create keys with ssh-keygen . The syntax is the following:

For example, if I wanted to copy over a public key for root, called id_rsa.pub, to a server with the IP 192.243.101.159, which has SSH listening on port 22, from my current working directory:

The colon (:) at the end of the command tells scp to save the file in the user’s home directory (in this case /root).

Next, we have to add that key to ~/.ssh/authorized_keys file. If you don’t have the .ssh directory and/or that file, create them manually, with permissions set to 700 for the directory and 600 for the file.

Make sure to use >> instead of > so you append the key to the file instead of overwriting it, in case you use multiple keys!

Now just remove the key file we copied over with scp, disable password authentication, and you’re good to go.

Conclusion

What good are SSH keys if you don’t know how to use them or set them up? Hopefully, now you learned both, and will be using them much more often. Once you get the hang of all the various ways you can create, copy and use them, they’ll make your life (or at least connecting to a server) that much easier, faster, and more secure!

Facebooktwittergoogle_plusredditpinterestlinkedinmail