By enlisting the help of the network protocol SSH, secure and encrypted network con­nec­tions can be created on remote devices, such as a server. This SSH con­nec­tion allows users to carry out main­ten­ance pro­ced­ures via command or directly from local computers. And depending on the protocol version being used, different en­cryp­tion al­gorithms may be employed – SSH-2, for example, uses per default AES. Before the con­nec­tion can be encrypted, a suc­cess­ful au­then­tic­a­tion needs to be carried out. While the server issues a security cer­ti­fic­ate for the client, there are actually many ways to register the client onto the server. In addition to popular options of user names and passwords, opting for a key pair also proves popular, due to the fact that its com­pos­i­tion in­cor­por­ates both private and public SSH keys.

Public key au­then­tic­a­tion

Au­then­tic­a­tion methods with SSH keys, also referred to as public key au­then­tic­a­tions, are ad­vant­age­ous compared to standard password login. This method does not save used passwords on the server; instead they are only stored on public keys. This allows the private SSH key to remain safely and securely stored on one’s own computer. Such keys can be encrypted with an ID. The public key is able to verify sig­na­tures that have been generated with SSH keys, thus allowing automatic re­gis­tra­tion onto the server. Should un­au­thor­ised users gain access to the public key, de­ci­pher­ing the private variant based on this in­form­a­tion is virtually im­possible. As a result, relying on a key pair for SSH con­nec­tion frees users from having to go through a re­gis­tra­tion dialogue and also provides more robust security.

Switch to SSH keys–here’s how to do it

Taking full advantage of SSH con­nec­tions requires an SSH package, such as OpenSSH for Unix, WinSCP for Windows, or PuTTY for both Unix and Windows operating systems. In addition to SSH protocol, these packages use ap­plic­a­tions that can generate SSH keys. The following step-by-step guide lays out how to set up keys pairs with OpenSSH and PuTTY.

SSH keys with OpenSSH con­fig­ur­a­tion

  1. For starters, the SSH key needs to be generated by entering the following command:

    ssh-keygen -t rsa -b 4096

    These para­met­ers determine the kind of en­cryp­tion to be used, which in this par­tic­u­lar case is RSA, and the key length (-b), although the maximum value may not exceed 4096. If no spe­cific­a­tions are given, then standard settings will be used for gen­er­at­ing the key.

  2. The following dialogue allows users to see and change the directory in which the SSH key is to be stored (“Enter file in which to save the key”). A pass­phrase for a private key can also be defined at this point (“Enter pass­phrase”). If you opt for using the standard directory and do not wish to create a label for your key, then leave these boxes empty and skip by pressing enter.

  3. Both SSH keys are now stored in different files in the above mentioned directory. The file id_rsa.pub contains the public key that now needs to be recorded onto the server in the subfolder .ssh’s file, au­thor­ized_keys. On the server, move the key into the home directory of the re­spect­ive user:

    scp ~/.ssh/id_rsa.pub USER@HOST.com

  4. Log onto the server and copy the public SSH key into the right folder:

    ssh USER@HOST.com
    cat ~/id_rsa.pub >> ~/.ssh/au­thor­ized_keys

  5. Now the key pair as well as the pass­phrase (should it be defined) should both be auto­mat­ic­ally used during the con­struc­tion of the SSH con­nec­tion. If this is not the case, then check to see if the rights for the folder .ssh and the file au­thor­ized_keys have been properly affixed.

  6. Given that public key au­then­tic­a­tion replaces normal password au­then­tic­a­tion, users are able to turn off the standard procedure in the SSH con­fig­ur­a­tion file /etc/ssh/sshd_config (or also directly under /etc/, z. B. in Cygwin). Change the line “Pass­wordAu­thentic­a­tion yes” to, you guessed it, “Pass­wordAu­thentic­a­tion no” and then restart the server.

Generate SSH key with the PuTTY Key Generator

  1. Those using a PuTTY to establish an SSH con­nec­tion have the option of employing the default tool PuTTYgen for gen­er­at­ing key pairs. The Putty Key Generator can be found in the same directory where you installed PuTTY. Should the tool be missing, then simply download it from the PuTTY download page: PuTTY Download Page

  2. After getting started, select under “Para­met­ers” the type of en­cryp­tion you wish to use. For SSH-2, users are able to choose between RSA and DAS. Define the length of your desired key under “Number of bits in a generated key”.

  3. Next, click on “Generate” and move the cursor into the empty space of the dialogue box back and forth to guarantee the in­di­vidu­al­ity of the code.

  4. Once you’ve finished gen­er­at­ing the key, you now have the pos­sib­il­ity of equipping the key pair with a comment and a pass­phrase.

  5. Save both SSH keys by clicking “Save private key” and “Save public key”.

  6. In order to transfer the public key onto the server, connect to PuTTY with it and then copy the code from the clipboard. ("Public key for pasting into OpenSSH au­thor­ized_keys file") and paste it into the au­thor­ized_keys file.

  7. For the last step, enter the private SSH key into the PuTTY client. Open the con­fig­ur­a­tion menu and select under "Category" > "Con­nec­tion" > "SSH" > "Auth" > "Private key file au­then­ti­fic­a­tion" the file of the private key.

Want to make your website more secure? Learn more about SSL cer­ti­fic­ates from IONOS and how they increase your site’s trust­wor­thi­ness.

Go to Main Menu