Create SSH Keys for your Server – VPS and Shared

The Secure Shell (SSH) provides an encrypted communication protocol. SSH can be used to connect two Linux PCs in a local network, but is also allows you to work on a remote server with a local machine. Including virtual private servers (VPS) and shared web servers.

When you login to a VPS by SSH, you can of course use a password. However, a much better way is logging in by applying SSH keys.

SSH keys have two big advantages over passwords:

  • no matter how strong the password is, it is much easier to brute force a password than SSH keys
  • by deploying SSH keys you can login automatically, without the need to enter a password

When we talk about SSH keys, we actually mean a pair of SSH keys: a private key and a public key. You keep the private key for yourself, while you upload the public key to the server or servers that you want to access over SSH.

The pair of SSH keys is generated simultaneously. Fire up a terminal window on your Mac or Linux PC.

Go to the SSH folder by typing:

Check whether a pair of SSH keys already exist:

You already have a pair of SSH keys when you see file names containing something like:

  • id_rsa
  • id_rsa.pub

As you probably will understand, the filename ending on .pub is the public part of the key pair.

However, having SSH keys is not enough. You can only apply existing SSH keys when you know the passphrase. The passphrase is used to verify that you are authorized to use the SSH keys.

When you are not familiar with the passphrase, ask your system administrator, or create a new pair. Just make sure you do not lose the existing pair, you never know. Put the existing keys somewhere save or use a unique name when generating the new SSH keys.

Let’s generate a new pair of SSH keys.

Type at the terminal prompt:

ssh-keygen is the command to create the SSH key.

-t rsa means, generate a key of the type RSA.

Another type of encryption is DSA. When you prefer DSA – or when for example a shared server only allows DSA encryption – you would apply the DSA type: -t dsa.

By default, the ssh-keygen generates RSA keys with 2048 bit encryption.
By adding -b 4096, you increase the encryption level to 4096 bits.

DSA keys must by 1024 bits. This encryption level is set by default.

No matter the chosen encryption strength, the response from the terminal is:

Now you can enter a custom filename for your key pair, or hit enter to use the suggested id_rsa.

The terminal requires you to enter a passphrase.

Enter the passphrase. The passphrase remains invisible, so you have to enter it a second time for verification. Remember or store the passphrase and keep it safe.

That is it. Now we have our own private key id_rsa and public key id_rsa.pub.

The entire procedure in the terminal window looks like this:

More Details