SECURE SSH KEY SETUP 4 LINUX: local-PC-to-remote-server: VPS BIBLE




new password?
login
X

Setup openSSH for Linux-to-Linux

using ssh and bashrc for easy login

This guide steps out how to set up openSSH, complete with an authenticating key pair, so that you can access your Linux VPS host securely from your home or office-based Linux PC.

For a little more theory behind the secure shell (SSH) protocol you may care to take a peek at vpsBible’s parallel Windows-to-Linux connection guides at Set Up Command Line Interface (CLI) using PuTTY and Encrypt Data with OpenSSH & Auto-Login with PuTTY.

Using this method you’ll have:-

  • encrypted data/password transfer
  • password-free login
  • tighter server security ***

*** for this, we must also edit the sshd_config file. We’ll get to that in Harden the Secure Shell (SSH) & Create a Firewall.

USING WINDOWS locally? Then read this instead.

Setup Unmanaged VPS: The Ubuntu-Nginx Guide

Take your virtual private server from zero to hero

  .. from blank box to cute-as server ..  

with this easy-to-follow copy/paste guide.

22+ parts with video, here’s the index.

The SSH Protocol

The SSH protocol works by matching an authenticating key pair: a public one on your remote host and a private one on your local machine.

And What We’re Doing Now

We need to create those keys, upload the public one and connect remotely, password-free.

Access the Virtual Private Server

Open a remote connection from your terminal, KEEP IT OPEN in case of an error, so you can access remotely to correct the mistake. I’ll tell you when it’s safe to disconnect.


Please sign up for automatic premium content access.

Just $15/year* will save you hours, maybe days!

Alternatively, the vpsBible forum is free and you are welcome.

.. swapping username for your newly created username and hostname for your IP address.

As requested, provide your password.

Create Authentication Keys

Logged in locally, type this:-


Please sign up for automatic premium content access.

Just $15/year* will save you hours, maybe days!

Alternatively, the vpsBible forum is free and you are welcome.

.. you’ll be prompted where you want the keys to live: simply hitting return will create them in the hidden ssh directory in your ~/home folder.

Then you’re asked to create and confirm a passphrase. You can leave that blank but, IMHO, don’t. Make it original, several words long and mix up with some special characters for Fort Knox security. For example:


Please sign up for automatic premium content access.

Just $15/year* will save you hours, maybe days!

Alternatively, the vpsBible forum is free and you are welcome.

.. or, to be just ridiculously safe ..


Please sign up for automatic premium content access.

Just $15/year* will save you hours, maybe days!

Alternatively, the vpsBible forum is free and you are welcome.

So you’ve got 2 authentication keys, a nice pair. To copy the public key to the remote machine:-


Please sign up for automatic premium content access.

Just $15/year* will save you hours, maybe days!

Alternatively, the vpsBible forum is free and you are welcome.

  • SCP is the program Secure Copy, which you can read all about here – Backup or Upload with Secure Copy SCP (Linux/Linux)
  • ~/.ssh/id_rsa.pub is the public key file, which has been created in your home user folder, in the new .ssh directory
  • username is your remote host username
  • hostname.com is either your hostname, else the IP address
  • : tells SCP we’re about to detail a remote location
  • /home/username/ is the remote destination folder
Problems with SCP?

Most likely you can ignore this. But! Should you find you are having problems using SCP, read this ..

  • First, get clued up on SCP by reading that link I mentioned.
  • Failing that, bugger SCP! Do this instead:-

Logged in locally, let’s print the key on the terminal screen by pasting this:-


Please sign up for automatic premium content access.

Just $15/year* will save you hours, maybe days!

Alternatively, the vpsBible forum is free and you are welcome.

.. copy that; your public authentication key.

Now, logged in remotely, paste it to a new file which we’ll create with SuperUser permissions, using the Nano text editor:-


Please sign up for automatic premium content access.

Just $15/year* will save you hours, maybe days!

Alternatively, the vpsBible forum is free and you are welcome.

Right, whether using SCP or not, that’s your public key up on the server. No slacking, carry on ..

Just to back up a little, let me clarify. What we have done is to create those keys and pop one up to the server. But, er, it’s in the wrong place! Let’s sort that out.

On the remote server, create a new folder, then we’ll move that public key to it and set some file permissions:-


Please sign up for automatic premium content access.

Just $15/year* will save you hours, maybe days!

Alternatively, the vpsBible forum is free and you are welcome.

  • mkdir /home/username/.ssh is the place for user-specific keys
  • mv so we move this key there
  • chown -R username:username and change ownership of user and group
  • chmod 700 ~/.ssh giving the owner read/write/execute rights to the .ssh folder
  • chmod 600 ~/.ssh/authorized_keys and read/write permissions to the keys folder

Login Using Authentication Keys

So now we can login remotely, using those authentication keys:-


Please sign up for automatic premium content access.

Just $15/year* will save you hours, maybe days!

Alternatively, the vpsBible forum is free and you are welcome.

You’ll be prompted for your passphrase (even if it says password), and asked if you want to store it (by your local machine, or is that just with thoroughly-friendly Ubuntu Desktop? .. I’m not sure.) If you store it, you’ll not need it again until you reinstall or buy a new rig. If you don’t store it, you’ll have to input the passphrase once per local session login.

After that, whenever you ssh into remote, depending on the passphrase storage preference, you’ll be logged in immediately without having to give any further details.

Now then. Tell me – as well as being secure and encrypted – isn’t just so darned cool?

Setup Unmanaged VPS: The Ubuntu-Nginx Guide

Take your virtual private server from zero to hero

with this easy-to-follow copy/paste guide.

“My local PC runs Windows” Show me for Linux

22+ parts with video, here’s the index ..

  • Appendix 1a: Nginx Control Panel

    You’re migrating shared-to-VPS and want a GUI like cPanel? No you don’t, not after you read this! What’s more, you don’t need one either.

  • Appendix 1b: Nginx Control Panel Workarounds

    For every control panel module there’s an equivalent terminal command. They’re all linked from here so, hey, no excuses!

  • Appendix 2: Add Web Sites Nginx Cheatsheet

    Once you’ve set up your first site, adding more gets easier. Especially when you can refer to this. (Let’s face it, I’m just too good to you.)

Install openSSH guide generating & authentication keys to boost server security, encrypt data transfer & make login password-free from a Linux PC.




Got a Question? Want to Comment?

This site has no comments system. We've got a better system!

Please use the link at the top of the post and goto this topic's forum thread:-

  • to help build community
  • for a superior knowledge base
  • to keep info in one place, not diluted between forum & comments.

For those posts ported from Guvnr.com (pre-Feb/2010), archive comments remain.

Handy info from these comments is in the process of being ported to the forum and attributed to the original author.

If you think this idea sucks, let me know.

Thank you.