SSH keys

Note: This can only be done on VPS and Dedicated Server hosting, as root access is required.

SSH Keying through Linux, Mac OS X

SSH keys are fairly simple to setup and can be done so even simpler when using a native terminal application, such as the terminal in OSX. Here's how!

In terminal, type the following command:

This will ask you a few questions, the defaults for which are just fine, no passcode is necessary. This will generate a key in the ~/.ssh/ directory. Now we just need to get that file up to the server.

You can do this using scp, or rsync, i'll give rsync as an example here.

In the event your server uses a non-standard port for ssh, you can specify this inside the quotes around ssh, an example for port 2222 is below.

Once running this command you will be prompted for your root password, as rsync creates an SSH connection to transfer the file to your server. Once the password is entered the file will be synced up to the server.

Now we want to ensure that all is well on the recipient server. SSH into your server and run the following commands.

That's it! You should be all set! Now to access your server you need only do the following:

The server should automatically accept your key and push you into the root shell.

If you have any problems with this or any further questions, feel free open a ticket with our support department.

SSH Keying through PuTTY

Here we will go over how to setup SSH keys using PuTTY, a popular SSH client for windows.

First you will need to download PuTTY and PuTTYgen. You can get both at the following links.
http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe

First things first, we need to create a profile in PuTTY to access our server. Run PuTTY and you'll be shown the basic PuTTY options. In the Host Name field, enter your domain, or the IP address of your server. The port should already be default (22). However, if you're connecting to your shared/reseller account, we use a non-standard port. In that event, change 22 to 2222.

Under Connection > Data, specify the username you wish to connect with under Auto-login username. If this is not root, it will most likely be your cPanel username.

Click back over to Session (top of the left menu), type a name to identify your settings, i usually use my domain name, then click save. This will save the current configuration profile into PuTTY for later use.

Now that PuTTY is configured, we should connect to the server at this time. To do so, click Open. This will open the PuTTY session. You will prompted about a potencial security breach. This is normal, click Yes. This should bring you to the bash prompt of your server. If you see something like the below, then everything worked.

Now we need to generate the SSH key itself. To do this, fire up PuTTYgen. Make sure to select SSH-2 RSA under type of key to generate, and specify the bits to 1024 (this is default).

Go ahead and click on generate, then move the cursor around the blank area. PuTTYgen uses this movement to generate the key's randomness.

Once this is generated, you can set a key comment, or a passphrase. The comment isn't important, as it's just a label, but the passphrase will require that you enter this passphrase when using the key. If you're trying to have a 'passwordless login' then this should be left blank.

Now click Save Public Key, and save this file to a name of your choosing somewhere safe on your harddrive. Please remember the location of this file, as it is needed later. Then do the same for Save Private Key.

Now that we have the keys generated and saved, we need to get the keys on the server. Copy the data inside the putty window under Public Key for pasting into SSH authorized keys file. It should look something like this. (Note that the below example is all on one line. Do not use 3 lines, as displayed in the example.)

Go back to the PuTTY session and run the following commands in order.

This will bring up a text editor, simply right click in the putty window to paste the key you copied earlier. Now generally this will paste into three lines, you want it to be on one line. so go to the beginning of the second and third lines, and hit backspace once. This should move the entire string all into one line.

Once it's all in one line, and looks good, hit CTRL+X, then Y, then Enter. This will save the file and return you back to the bash prompt. There, run the following command.

Now we're almost done. Close PuTTY, and re-open it, so we get back to the configuration menu. Click on the profile you saved earlier, and click load. This will load the profiles configuration into the current PuTTY window.

On the left hand side, click SSH > Auth. Here is the configuration for the key. Click on browse, and browse your harddrive for the private key. we saved earlier. Now go back to sessions (again, top left) and click save once more.

And you're all set. To confirm that all this worked, simply click open again. PuTTY will attempt a connection with your server, send the key, and your server should accept it without error. You should be returned instantly to the bash prompt.

If you have any questions or problems with this, feel free to open a ticket with support@osirion.co.za

How to disable password authentication

Once this has all been configured, you can add some extra security to your server by disabling password authentication for SSH. (Note that if you do lose your private key, this will make the server inaccessible and you will need to contact Osirion to have this re-enabled.)

To disable this setting, you can do the following:

In this file, set the following settings to the following values. If these settings are already in the file, set them to "no" rather than add new lines.

Once this is done, restart the SSH daemon to apply the settings.