One of the secure VPS login methods is the use of SSH Key to replace the password.By default, every VPS you sign in with therootusername androotpassword that the provider sent you when hiring a VPS, but using the password has two significant risks:

  • You will lose entirely if you reveal your password.
  • Attackers can use Brute Force Attack to detect passwords.

Therefore, we encourage you to familiarize yourself with SSH Key to log in to VPS, as well as use it to authenticate external connections for safer.

Read More:

What is the network port? Learn more things about network port.

How SSH Key works

SSH Keys merely a method of authenticating users by matching between a private key and a public key.

Private keys and public keys are always linked so that they can be identified.I say this for you easy to imagine, when creating an SSH Key then you will have both types of key.Then you bring the public key to your server, and the private key you store in the server and when you log in to the server. You send the login request attached to this private key to send the signal to the server. The server will check if your private key matches the public key on the server, if so, then you will be logged.

The content between the Private Key and the Public Key is entirely different, but it will still recognize each other through its own algorithm.

You can imagine that the Private Key is the key, and the Public Key is the lock. Once the key locks into place, the door will be opened.

The main component of an SSH Key

When creating an SSH Key, you need to know that there are three essential components:

  • Public Key(file and string) – You will copy this key character to the ~ / .ssh / authorized_keys file on your server.
  • Private Key(file format and string) – You will save this file to your computer, then set up for PuTTY, WinSCP, MobaXterm, .. to be able to log in.
  • Keypharse(string, memo) – The password to open the private key, when logged on to the server it will ask for this.

And an SSH Key you can use for many different servers.

I. How to create SSH Key

1.1) For Windows

If you use Windows PuTTY-Gen software to generate SSH, you can download PuTTY-Genhere.

You open the download, and you select the options as in the image below and press generate.

ssh key

ssh key

While creating, move the mouse around the screen until it’s done.

Once created, you will see it appear like this.

ssh key

ssh key

Now set thekeyphrasefor it by filling in the key phrase above.

ssh key

ssh key

Then click save Private Key and save it in a safe place, it’s best to put a copy on Dropbox if you use it.

ssh key

ssh key

And the public key is a bunch of words on it, starting with the-RSA-XXXXXXkeyword.This will be the one that you will copy to the server.You can save to a text file or not, as later if you need to get the public key, you just press the Load button in the PuTTYGen software and open the private key file is that it presents the public key.

For Linux (Mac / Ubuntu / LinuxMint, ..)

If you are using Linux, you do not need software that will use Terminal to create.Open the terminal and type:

01
ssh-keygen -t rsa

It will ask you where you want to save the private key, by default it will save to/home/user/.ssh.You can leave blank and enter.

Continue it will ask if you want to set keyphrase if you wish, enter keyphrase need to set and then Enter.

Once created, by default it will appear like this:

01
02
03
04
05
06
07
08
09
ten
11
twelfth
13
14
15
Your identification has been saved in /home/thach/.ssh/id_rsa.
Your public key has been saved in /home/thach/.ssh/id_rsa.pub.
The key fingerprint is:
5b:48:b3:14:27:a2:12:41:4e:46:72:9b:60:7c:09:11 thach@ubuntu
The key's randomart image is:
+--[RSA 2048]----+
|+E%.. . o . |
|.O * . . + |
| * . + |
| . o + |
| S . |
| o |
| . |
| |
| |

In it, you can see that it contains the path to save the private key file (id_rsa) and the public key file (id_rsa.pub).To view the public key, just open the file and read it.

01
02
thach@ubuntu:~$ cat /home/thach/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrdtfWhzBfvC5zVErTM4nGK7GH039DRHPR/F5z7llyjxaHWDvQFr56i04MTIytarpRZzx9ARzUbnhnrrFXDB0b5Rn80iRJESL9zxDKpiR8iLeuRgUAP8D3gl+s9YS3TGUGBu7VnQOLynduKPylIgIXRNMLw89L4pIUNS9ZinY3FFQGc7gqb/KMSl8kzE/u6NDBuXylHenxAjUVgIx092L0vWdSCJRsNnWHOPFOWSM5rdKw4XUW9BMwXrvV03Wkj7MgHYEcU/8459vqO7HQJ40p/n4wSqHfXlkVLo3wEy9i+vKhhbOST1m6YKozCC70pfr+xb5mNJEPeFJpt1/G7dJz thach@ubuntu

And this public key you bring to VPS.

II.Add the public key to VPS

Now log in to VPS with the user you need to add the key (usually root, but if you have multiple VPS users will need more key for all that user).

Then type the following commands to create the.ssh /directory and theauthorized_keysfilein that directory:

01
02
03
04
mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Then open theauthorized_keysfilein the.sshdirectoryat the root of the user and copy the whole character of the public key.

Note:

SSH Key will not work if you are enablingSELinux.Turn off SELinux by opening the/ etc / selinux / config file, looking forSELINUX = enforcingand replacing it withSELINUX = disabled.Then type reboot to restart the server.If you useCentminmoddoes not need it because it has disabled SELinux already.

To check if it is working, log back into SSH with the account that added the SSH Key.If you log in using Linux, it will ask for your keyphrase, and if you log in to Windows via another software such as PuTTY, then you have to point to the private key file for authentication.

ssh key

ssh key

If you use MobaXterm then add in theSSH Settings section, use the private key.

Now you log in, and it will ask for keyphrase if you have set keyphrase, not set it to direct you straight to the server.

Disable the use of the password

After checking, if you can log in to the server using the SSH Key, you can disable the password protection feature. If you do not shut down, the attackers will still brute force attacks, and you will lose data if you do not. Reveal password.

To disable the password function, open the/ etc / ssh / sshd_config file and find and edit the values of the parameters as below:

01
PasswordAuthentication no
01
UsePAM no

Epilogue

In this article, you should know what SSH Key is and how to use it, this is one of the essential things that you need to do because we can not login to VPS forever through traditional methods. With the password, it is hazardous if your computer is malicious or accidentally disclose the password.So I recommend that you practice this article to familiarize and use right on your VPS.

Leave a Comment

Close