Dec 18, 2019  Using SSH keys is more secure and convenient than traditional password authentication. In this tutorial, we will walk through how to generate SSH keys on Ubuntu 18.04 machines. We will also show you how to set up an SSH key-based authentication and connect to your remote Linux servers without entering a password. Creating SSH keys on Ubuntu #. If this is the first time you are using public keys, we recommend the page Public keys in SSH. Generate public/private keypair. To use public key authentication, the client from which you are connecting needs to have a public/private keypair. To generate a keypair using Bitvise SSH Client, run the graphical SSH Client, and open the Client key. To create a new key pair, select the type of key to generate from the bottom of the screen (using SSH-2 RSA with 2048 bit key size is good for most people; another good well-known alternative is ECDSA). Then click Generate, and start moving the mouse within the Window. Putty uses mouse movements to. SiteGround uses key-based authentication for SSH. This has proven more secure over standard username/password authentication. More information on SSH keys can be found here. You can generate an SSH key pair directly in cPanel, or you can generate the keys yourself and just upload the public one in cPanel to use with your hosting account.

Enter your user account password for that SSH server when prompted. You can now authenticate to your server with the key pair, but at the moment you would need to enter the passphrase every time you connect. (Optional) Set up SSH Agent to store the keys to avoid having to re-enter passphrase at every login.

An SSH Key allows you to log into your server without needing a password. SSH Keys can be automatically added to servers during the installation process.

Creating an SSH key on Windows

The simplest way to create SSH key on Windows is to use PuTTYgen.

  • Download and run PuTTYgen.
  • Click the 'Generate' button.
  • For additional security, you can enter a key passphrase. This will be required to use the SSH key, and will prevent someone with access to your key file from using the key.
  • Once the key has been generated, click 'Save Private Key'. Make sure you save this somewhere safe, as it is not possible to recover this file if it gets lost
  • Select all of the text in the 'Public key for pasting into OpenSSH authorized_keys file'. This is what you would need to enter into the control panel to use the SSH key.

Creating an SSH key on Linux

The tools to create and use SSH are standard, and should be present on most Linux distributions. With the following commands, you can generate ssh key.

  • Run: ssh-keygen -t rsa. For a more secure 4096-bit key, run: ssh-keygen -t rsa -b 4096
  • Press enter when asked where you want to save the key (this will use the default location).
  • Enter a passphrase for your key.
  • Run cat ~/.ssh/id_rsa.pub - this will give you the key in the proper format to paste into the control panel.
  • Make sure you backup the ~/.ssh/id_rsa file. This cannot be recovered if it is lost.

Adding an SSH key to your control panel

  • Once you're logged in, go to https://my.vultr.com/sshkeys.
  • Click 'Add SSH Key'.
  • Enter a descriptive name for the key.
  • Paste in your SSH public key. This is a long string beginning with 'ssh-rsa'. You should have saved this from when you generated your key.
  • Click 'Add SSH Key'.
  • Now, when you're deploying servers you will be able to select which SSH keys you want to add to the newly deployed server. Remember to select the keys before the initial server deployment, otherwise you will need to log into the newly created server and add the SSH keys manually.

Limitations

  • SSH keys are only available for Linux and FreeBSD. They are not supported for Windows, custom ISOs, nor snapshot restores.
  • SSH keys can only be managed from the control panel during deployment. You cannot use the control panel to manage them on an already-installed instance.

Connecting to a server using an SSH key from a Windows client

  • Download and run the PuTTY SSH client.
  • Type the IP address or Username + IP address ( [email protected] ) of the destination server under the 'Host Name' field on the 'Session' category.
  • Navigate to the 'Connection -> SSH -> Auth' category (left-hand side).
  • Click 'Browse...' near 'Private key file for authentication'. Choose the private key file (ending in .ppk) that you generated earlier with PuTTYgen.
  • Click 'Open' to initiate the connection.
  • When finished, end your session by pressing Ctrl+d.

Connecting to a server using an SSH key from a Linux client

  • Check that your Linux operating system has an SSH client installed ( which ssh ). If a client is not installed, you will need to install one.
  • Initiate a connection: ssh -i /path/to/id_rsa [email protected]
  • When finished, end your session by pressing Ctrl+d.

I want to add new user accounts that can connect to my Amazon Elastic Compute Cloud (Amazon EC2) Linux instance using SSH. How do I do that?

Short Description

Every Amazon EC2 Linux instance launches with a default system user account with administrative access to the instance. If multiple users require access to the instance, it's a security best practice to use separate accounts for each user.

You can expedite these steps by using cloud-init and user data. For more information, see How can I give a user permissions to connect to my EC2 Linux instance using SSH?

Resolution

Create a key pair for the new user account

  • Create a key pair, or use an existing one, for the new user.
  • If you create your own key pair using the command line, follow the recommendations at create-key-pair or New-EC2KeyPair Cmdlet for key type and bit length.
  • If you create your own key pair using a third-party tool, be sure that your key matches the guidelines at Importing Your Own Public Key to Amazon EC2.

Add a new user to the EC2 Linux instance

1. Connect to your Linux instance using SSH.

2. Use the adduser command to add a new user account to an EC2 instance (replace new_user with the new account name). The following example creates an associated group, home directory, and an entry in the /etc/passwd file of the instance:

Note: If you add the new_user to an Ubuntu instance, include the --disabled-password option to avoid adding a password to the new account:

3. Change the security context to the new_user account so that folders and files you create have the correct permissions:

Note: When you run the sudo su - new_user command, the name at the top of the command shell prompt changes to reflect the new user account context of your shell session.

4. Create a .ssh directory in the new_user home directory:

5. Use the chmod command to change the .ssh directory's permissions to 700. Changing the permissions restricts access so that only the new_user can read, write, or open the .ssh directory.

6. Use the touch command to create the authorized_keys file in the .ssh directory:

7. Use the chmod command to change the .ssh/authorized_keys file permissions to 600. Changing the file permissions restricts read or write access to the new_user.

Retrieve the public key for your key pair

Retrieve the public key for your key pair using the method that applies to your configuration:

Verify your key pair's fingerprint

After you import your own public key or retrieve the public key for your key pair, follow the steps at Verifying Your Key Pair's Fingerprint.

Update and verify the new user account credentials

After you retrieve the public key, use the command shell session that is running under the context of the new user account to confirm that you have permission to add the public key to the .ssh/authorized_keys file for this account:

1. Run the Linux cat command in append mode:

2. Paste the public key into the .ssh/authorized_keys file and then press Enter.

Note: For most Linux command line interfaces, the Ctrl+Shift+V key combination pastes the contents of the clipboard into the command line window. For the PuTTY command line interface, right-click to paste the contents of the clipboard into the PuTTY command line window.

3. Press and hold Ctrl+d to exit cat and return to the command line session prompt.

(Optional) Allow the new user to use sudo

Note: If you don't want to allow the new user to use sudo, proceed to Verify that the new user can use SSH to connect to the EC2 instance.

Generate Ssh Keys For User

1. Use the passwd command to create a password for the new user:

Note: You're prompted to reenter the password. Enter the password a second time to confirm it.

2. Add the new user to the correct group.

For Amazon Linux, Amazon Linux 2, RHEL, and CentOS:

Use the usermod command to add the user to the wheel group.

For Ubuntu:

Use the usermod command to add the user to the sudo group.

Verify that the new user can use SSH to connect to the EC2 instance

Generate Ssh Key Ubuntu

1. Verify that you can connect to your EC2 instance when using ssh as the new_user by running the following command from a command line prompt on your local computer:

To connect to your EC2 Linux instance using SSH from Windows, follow the steps at Connecting to Your Linux Instance from Windows Using PuTTY.

2. After you connect to your instance as the new_user by using SSH, run the id command from the EC2 instance command line to view the user and group information created for the new_user account:

The id command returns information similar to the following:

3. Distribute the private key file to your new user.

Related Information

Anything we could improve?

Need more help?

Related Videos

Joel shows you how to manage user accounts on your Amazon EC2 Linux instance (5:47)
Coments are closed
Scroll to top