For more theory about the secure shell (SSH) protocol take a peek at vpsBible's parallel Windows-to-Linux connection guides at Set Up Command Line Interface (CLI) using PuTTY and Encrypt Data with OpenSSH & Auto-Login with PuTTY.
Using this method you'll have:-
- encrypted data/password transfer
- password-free login
- tighter server security ***
*** for this, we must also edit the sshd_config file. We'll get to that in Harden the Secure Shell (SSH) & Create a Firewall.
The SSH Protocol
The SSH protocol works by matching an authenticating key pair: a public one on your remote host and a private one on your local machine.
And What We're Doing Now
We need to create those keys, upload the public one and connect remotely, password-free.
Access the Virtual Private Server
Open a remote connection from your terminal, KEEP IT OPEN in case of an error, so you can access remotely to correct the mistake. I'll tell you when it's safe to disconnect.
.. swapping username for your newly created username and hostname for your IP address.
As requested, provide your password.
Create Authentication Keys
Logged in locally, type this:-
.. you’ll be prompted where you want the keys to live: simply hitting return will create them in the hidden ssh directory in your ~/home folder. Alternatively, if when prompted you choose a bespoke filename without a path then they will be added to your ~/home folder so you'll need to move them to your ~/home/.ssh folder, but first ..
Then you're asked to create and confirm a passphrase. You can leave that blank but, IMHO, don't. Make it original, several words long and mix up with some special characters for Fort Knox security. For example:
.. or, to be just ridiculously safe ..
So you've got 2 authentication keys, a nice pair. To copy the public key to the remote machine:-
Problems with SCP?
Most likely you can ignore this. But! Should you find you are having problems using SCP, read this ..
- First, get clued up on SCP by reading that link I mentioned.
- Failing that, bugger SCP! Do this instead:-
Logged in locally, let's print the key on the terminal screen by pasting this:-
.. copy that; your public authentication key.
Now, logged in remotely, paste it to a new file which we'll create with SuperUser permissions, using the Nano text editor:-
Right, whether using SCP or not, that's your public key up on the server. No slacking, carry on ..
Just to back up a little, let me clarify. What we have done is to create those keys and pop one up to the server. But, er, it's in the wrong place! Let's sort that out.
On the remote server, create a new folder, then we'll move that public key to it and set some file permissions:-
Login Using Authentication Keys
So now we can login remotely, using those authentication keys:-
You'll be prompted for your passphrase (even if it says password), and asked if you want to store it (by your local machine, or is that just with thoroughly-friendly Ubuntu Desktop? .. I'm not sure.) If you store it, you'll not need it again until you reinstall or buy a new rig. If you don't store it, you'll have to input the passphrase once per local session login.
After that, whenever you ssh into remote, depending on the passphrase storage preference, you'll be logged in immediately without having to give any further details.
Now then. Tell me – as well as being secure and encrypted – isn't just so darned cool?