Generating RSA Keys With SSH - PuTTYgen


This article provides steps for generating RSA keys by using PuTTYgen on Windows for secure SSH authentication with OpenSSH.

 

Contents

Introduction

One effective way of securing SSH access to your Cloud Server is to use a public/private key pair. This means that a public key is placed on the server and a private key is placed on your local workstation. Using a key pair makes it impossible for someone to log in by using just a password, as long as you set up SSH to deny password-based authentication. 

Generate Keys

In Windows, use PuTTYgen to generate our public and private keys.

  1. If needed, download PuTTYgen from the PuTTY download page.(PuTTYgen might have been installed previously with PuTTY or WinSCP.)
  2. Launch the program, and then click the Generate button.
    The program generates the keys for you.
  3. Save the public and private keys by clicking the Save public key and Save private key buttons.

  4. From the Public key for pasting into OpenSSH authorized_keys file field at the top of the window, copy all the text (starting with ssh-rsa) to your clipboard by pressing Ctrl-C.
    You need the this key available on your clipboard to paste either into the public key tool in the Control Panel or directly into the authorized keys on your cloud server.

Use the Key Pair

 You can use the RSA key pair in the following ways:

Specify Your SSH Key When Creating a New Cloud Server

When you create a cloud server, you can add a new public key or assign an existing public key.

To add a new public key, perform the following actions:

  1. In the SSH Key section of the Create Server page of the Cloud Control Panel, click Add Public Key.

    Note
    : If you have previously added your public key, this option will read Manage SSH Keys.

  2. If assigning an existing puclic key, select the key name in the SSH Key list for your new Cloud Server.
    If adding a public key give your new public key a name.
  3. In the Region field, confirm or select the region in which your key will be used.
  4. Paste your entire public key into the Public Key field and click Add Public Key.
  5. Confirm that your key is listed in the SSH Key list for your new server.

 

Assign Your SSH Key to Your Existing Cloud Server

To make use of your newly generated RSA key pair, you must tell PuTTY to use it when connecting to your Cloud Server.

  1. To edit the file (and if necessary, create it), run the following command:
nano ~/.ssh/authorized_keys

The key and its associated text (the ssh-rsa identified at the start and the comment at the end) should all be on one line in the file.  If the text is word-wrapped onto multiple lines an error might occur when connecting.

  1. Edit the ~/.ssh/authorized_keys file on your Cloud Server and paste the text onto its own line in the file.
    Note: You must have the key available on your clipboard to paste it.
  2. If you created the authorized_keys file, change its permissions after you're done editing it by running the following command:
chmod 600 ~/.ssh/authorized_keys
  1. Open PuTTY and go to the SSH > Auth section.
  2. Browse to the location of the key file and load the private key.

  3. To make PuTTY use the key every time that you connect to your Cloud Server, save the configuration by going to the Session page and saving the session.

After you save your session, your key is loaded automatically whe you connect to your Cloud Server.

Summary

Opting for a key-based authentication to your SSH server is beneficial in many ways. By eliminating the possibility of SSH brute-force attacks targeted towards your Cloud Server, the chances of it being compromised are decreased by an order of magnitude.

Related Articles



Was this content helpful?




© 2014 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License


See license specifics and DISCLAIMER