Difference between revisions of "SSH Keys"

From XMission Wiki
Jump to: navigation, search
(Created page with "=SSH Keys= ==What are SSH keys?== SSH keys allow users to SSH to servers with a more secure method rather than having to rely on passwords alone. Passwords can be brute forced...")
 
 
(7 intermediate revisions by the same user not shown)
Line 7: Line 7:
 
  ssh-keygen -t rsa
 
  ssh-keygen -t rsa
  
==Store the Keys==
+
* rsa is currently the default for ssh-keygen. There are other options including:
 +
 
 +
    * ed25519 (32-byte keys using the ECC Edwards 25519 curve by <djb>)
 +
    * ecdsa (NIST-approved ECC version of DSA)
 +
    * rsa (default)
 +
    * dsa (DSA algorithm- not recommended)
 +
 
 +
==Store Your Keys==
 
When you run the '''ssh-keygen''' command, you will be asked a few more questions like where to store the key.  
 
When you run the '''ssh-keygen''' command, you will be asked a few more questions like where to store the key.  
 
  Enter file in which to save the key (/home/<user>/.ssh/id_rsa):
 
  Enter file in which to save the key (/home/<user>/.ssh/id_rsa):
 
Next you can create a passphrase for the Key Pair that will be required when they are used. You will want to remember this passphrase, or store it in a safe place. It is up to you if you wish to use one, however XMission strongly recommends that you do. SSH key passphrases prevents the ability to use your local machine against you if it were stolen or if an unauthorized user attempted to SSH.  
 
Next you can create a passphrase for the Key Pair that will be required when they are used. You will want to remember this passphrase, or store it in a safe place. It is up to you if you wish to use one, however XMission strongly recommends that you do. SSH key passphrases prevents the ability to use your local machine against you if it were stolen or if an unauthorized user attempted to SSH.  
  
* If you have followed the above steps, it should appear as:
+
* If you have followed the above steps, you should see the following:
 
  user@webserv:~# ssh-keygen -t rsa
 
  user@webserv:~# ssh-keygen -t rsa
 
  Generating public/private rsa key pair.
 
  Generating public/private rsa key pair.
Line 35: Line 42:
 
  +-----------------+
 
  +-----------------+
  
* You will now see that the public key that you will want to send to your Cloud server is stored in '''/user/.ssh/id_rsa.pub"
+
* You will now see that the public key that you will want to send to your Cloud server is stored in '''"/user/.ssh/id_rsa.pub"'''
  
==Send the Key==
+
==Send Your Key==
 
After you have created your SSH Key Pair you will want to send your '''public key''' to your Cloud Server. You can do this with a simple SSH copy command, or copy and pasting your key into the Cloud Servers '''~/.ssh/authorized_keys'''
 
After you have created your SSH Key Pair you will want to send your '''public key''' to your Cloud Server. You can do this with a simple SSH copy command, or copy and pasting your key into the Cloud Servers '''~/.ssh/authorized_keys'''
  
Line 44: Line 51:
  
 
You should see a prompt telling you it was successful and that you may now SSH to that server. Now you will not be prompted for a password! If you decided to store your key with a passphrase, you will be required to enter it.
 
You should see a prompt telling you it was successful and that you may now SSH to that server. Now you will not be prompted for a password! If you decided to store your key with a passphrase, you will be required to enter it.
 +
 +
--------------
 +
[[Category:Troubleshooting]]
 +
[[Category:Hosting Troubleshooting]]
 +
[[Category:Getting Started]]
 +
[[Category:Cloud_Hosting]]
 +
{{:Cloud Hosting}}

Latest revision as of 15:55, 16 November 2016

SSH Keys

What are SSH keys?

SSH keys allow users to SSH to servers with a more secure method rather than having to rely on passwords alone. Passwords can be brute forced, given out, or found out. SSH keys allow users to store a private key on their local machine, and a public key on their Cloud Server letting them SSH to their Cloud Server without the need for passwords. A SSH key pair consists of a public key and a private key. You can upload your public key on any server, but should keep your private key stored in a protected place preferably with a passphrase.

Create a Key Pair

To create a key pair, you will want to open a terminal on your local machine and run the following command:

ssh-keygen -t rsa
  • rsa is currently the default for ssh-keygen. There are other options including:
   * ed25519 (32-byte keys using the ECC Edwards 25519 curve by <djb>)
   * ecdsa (NIST-approved ECC version of DSA)
   * rsa (default)
   * dsa (DSA algorithm- not recommended)

Store Your Keys

When you run the ssh-keygen command, you will be asked a few more questions like where to store the key.

Enter file in which to save the key (/home/<user>/.ssh/id_rsa):

Next you can create a passphrase for the Key Pair that will be required when they are used. You will want to remember this passphrase, or store it in a safe place. It is up to you if you wish to use one, however XMission strongly recommends that you do. SSH key passphrases prevents the ability to use your local machine against you if it were stolen or if an unauthorized user attempted to SSH.

  • If you have followed the above steps, you should see the following:
user@webserv:~# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/user/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /user/.ssh/id_rsa.
Your public key has been saved in /user/.ssh/id_rsa.pub.
The key fingerprint is:
b6:63:38:16:ff:8f:cd:fa:b8:a8:23:d1:2e:5c:d5:7e user@webserv.stafftest.cloud
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|         .       |
|        . .      |
|     ...S.       |
|    . o= .. E    |
|   . ++ =  .     |
|    +.oo + =     |
|     o.o. *==    |
+-----------------+
  • You will now see that the public key that you will want to send to your Cloud server is stored in "/user/.ssh/id_rsa.pub"

Send Your Key

After you have created your SSH Key Pair you will want to send your public key to your Cloud Server. You can do this with a simple SSH copy command, or copy and pasting your key into the Cloud Servers ~/.ssh/authorized_keys

ssh-copy-id websites@<your server IP address>
ssh-copy-id websites@123.45.56.78

You should see a prompt telling you it was successful and that you may now SSH to that server. Now you will not be prompted for a password! If you decided to store your key with a passphrase, you will be required to enter it.


Cloud Hosting - Getting Started

To manage your Cloud Server, you will access the XMission Cloud Hosting Control Panel

For assistance in navigating your XMission Control Panel, please visit

Secure your Website

What is a SSL Certificate and How does it work?

Please vist to review a quick overview on why securing your website is a good idea.

Protect your Website

If you would like to learn how to control access to your server Click Here

  • XMission does recommend consulting a PHP or Apache Developer to ensure your .htaccess file is configured correctly. This could block total access to your Cloud Server.

FTP Access

FTP Access is typically recommend to connect to your Cloud Server. XMission requires SFTP Access to all hosting servers and suggests using FileZilla. To get help with acessing your server via FTP Click Here

SSH Access

From time to time you may need or want to use the command line to log in to your server. Your Cloud Server is accessible via a Secure Shell Interface also referred to as SSH. For help accessing your server via SSH please Click Here

Server Logs

You may need to look at your server logs. These can be access via SSH or FTP. To locate those logs Click Here

Scheduled Tasks

Cron enables users to schedule jobs (commands or shell scripts) to run automatically at a certain time or date. Some best practices to setting up Cron's:

Migrating MySql

If you are moving an excising website to your XMission Cloud Server, a MySql Database is most likely needed. If you'd need some help importing that database please Click Here

Cloud PHP Info

XMission's Default PHP Info for your Cloud Server: PHP Info

Host Files

How to set up Host Files

SSH Keys

SSH keys allow users to SSH to servers with a more secure method rather than having to rely on passwords alone. To set up SSH Keys Click Here

Server Security

For customers that sign up for Unmanaged Cloud Servers, XMission strongly recommends a few easy steps to take to ensure that your unmanaged Cloud Server stays up-to-date and secure at all times.