Secure SSH with RSA/DSA key

We are using SSH a lot to deploy our projects and to do common maintenance tasks. If you are accessing your server many times a day you might find frustrating typing the password all the time. You can use private key instead. Here are some detailed articles about adding RSA key and configuring SSH daemon. Bellow is a summary of the basic steps for Windows users.

Putty which is a great alternative to the Linux tools. To generate private/public key you should use PuttyGen.exe. Run the application, click generate and follow the instructions. It’s a good idea to put your name into the key comment so you could easily recognize your public key in configuration files. You should also protect your key with a password.

PuttyGen screenshot

Copy the public key which is located in the big text field above Key fingerprint field. Append the public key into /root/.ssh/authorized_keys file (if you want to login as root). You might need to create this file if it doesn’t exist already. Click on Save private key button and save the key to a secured place. You can now use this private key to login with putty to the remote server. To make things more comfortable you can use an agent to store unlocked private keys in the memory while you are logged into your computer. Run this command after you login:

pageant.exe john_doe.ppk

Without any further settings you should now be able to login to the remote SSH without password. If everything worked as expected you can now disable password authenticated access to make your server more secure:

# /etc/ssh/sshd_config
PasswordAuthentication no

To load you key after you login to a Linux box (useful for deployment) insert:


# ~/.bash_profile
# include .bashrc if it exists
if [ -f ~/.bashrc ]; then
 . ~/.bashrc
fi

keychain --clear id_rsa
. ~/.keychain/$HOSTNAME-sh

ssh-add

Now we have a little bit more secured but more comfortable way to use SSH.