Creating an SSH key pair

In order to make your Linux system more secure, you can add an SSH key pairs. A pair consists of a private and a public key. As the names suggest, the public key is shareable and your private key should be kept private. In this tutorial, we will explain how to create a public and private key pair, how to install the key on your server, and how to use the key as a form of two-factor authentication.

Contents
1. Using PuTTY Key Generator
2. Authenticating the key
3. Make changes to SSH
4. Test your key

Using PuTTY Key Generator

Before you start make sure you have PuTTY installed on the system that you want to use to login securely. When PuTTY is installed you can use PuTTYGen to create a key pair. Follow these steps: 

  • Press the Generate button and move your mouse to create a pair.
  • At field Key passphrase and Confirm passphrase enter a secure password. 
  • Save both the Public key and the Private key.

Note that a passphrase is not necessary when creating a key pair. The upside of using a passphrase is that no one can open or use your private key without the passphrase. By default, an RSA-key will be generated with 2048 bits. This can be adjusted at ‘Parameters’. You could consider this a two-factor authentication.

Authenticating the key

Once you have saved the key you can paste the public key shown in PuTTYGen in this file:

[root@worldstream ~#] ~/.ssh/authorized_keys

Pasting the file there would authenticate the root user as you are logged in as root. If this folder does not exist, create it as explained below at the command that starts with touch.

However, if you want to authenticate another user please follow the below steps. In this example, the user is called simply user. Change this to your situation. If you have not created a user, you can follow this tutorial.

[root@worldstream ~#]su username
[username@worldstream ~#]cd /home/username
[username@worldstream ~#]mkdir .ssh
[username@worldstream ~#]chmod 700 .ssh
[username@worldstream ~#]cd .ssh

The steps above will log you in as user and create the .ssh folder in the respective home folder of your user. Then it will assign the correct rights to the folder. In .ssh we will create the file authorized_keys.

[username@worldstream ~#]touch ~/.ssh/authorized_keys
[username@worldstream ~#]chmod 644 ~/.ssh/authorized_keys

Now you have added the key. If you ever create an additional SSH keypair, you can simply paste the new public key in ~/.ssh/authorized_keys. This can be helpful if you want multiple people have access to the same account. A best practice would be to have one authorized key for every user on your system.

Make changes to SSH

Once you have authenticated your created SSH key, you are still able to login as root with a password. We will disable this method. To exclusively login with your private key to your server you will have to make a few changes to /etc/ssh/sshd_config

Once you have opened the SSH config file take a look at the following lines:

PasswordAuthentication no
PermitRootLogin no

Set PermitRootLogin to no if you have a sudo user. If you want to login as a root user with your SSH key set PasswordAuthentication to no. To save these changes restart the service with service sshd restart or systemctl restart sshd. We would recommend to consider changing your SSH port as well. You can read more about this option here.

Test your key

Before you logout of your session, create an alternative session and try to login with your newly created key pair. If this works exactly how you want it to, you can safely close the session. You have now successfully created a key pair.

If you have any questions or comments about creating a SSH key pair feel free to email us here