How to Create and Add SSH Keys to Your Server

Today we’re going to talk about SSH keys, what they are, how to set them up and how they can improve your existing workflow.

Before we start there’s a few pre requisites we should touch on:

Your web host allows connections over SSH
For this to work your server must support SSH / shell access and you must have created a user account to gain access. If you’re unsure ask your hosting company as some disable it by default. The major players, including WP Engine, 1&1 and Fasthosts all allow SSH.

You know your way around the command line
Although I’ll include the commands and an explanation of what they do, you must be confident working in the command line. If you’re in any doubt stop here. Note: all references to username are to be replaced with your system username.

You’re on a Mac (not essential)
This guide will assume you’re working on a Mac, so all references will be made to the terminal app. You can achieve the same through Windows Power Shell, but you may find PuTTY is less troublesome.

Finally, don’t shoot the messenger
This is a guide, you are to attempt this at your own risk. I accept no responsibility should anything disastrous happen.

What are SSH keys

SSH keys are used to securely authenticate the connection to a remote computer, typically a server. They are created in pairs, one public key and one private key. The public key is placed on your server and the private key is stored on your computer. When successfully setup, SSH keys remove the need to use a password, this makes for a more efficient and satisfying workflow

SSH keys are typically created through the command line, however you can also use a graphical user interface if you are using Windows, the most popular being PuTTY.

How to create a new SSH key pair

Let’s get down to business. Open up terminal as we’re going to be spending some time in it and start with the following command, but don’t hit return just yet!

ssh-keygen -t rsa -C "my-ssh-key"

What we’re saying here is create a new SSH key pair ssh-keygen, write the file to disk -t with an encryption type of rsa. Finally we add a comment with -C, we enter this comment between quotation marks, which in this example is "my-ssh-key". Adding a comment acts like a label and becomes handy when you’ve got multiple keys stored on your system. Go ahead and customise your label and hit return.

Next you’ll be asked where you want to save the key, by default this is the hidden ssh folder in the root of your home directory. There’s no need to change the directory, but I find it useful to modify the output filename from its default id_rsa so we can identify the key at a later date.

Generating public/private rsa key pair.
Enter file in which to save the key (/Users/username/.ssh/id_rsa):

At the prompt enter the following changing my_ssh_key to whatever you want to call your key.

/Users/username/.ssh/my_ssh_key

Next terminal will ask you to enter a passphrase, there’s no need to set one so leave it blank and hit return and return again for the second passphrase prompt.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Okay, looking good. You should now get a message confirming successful creation of your new SSH key pair. Pat yourself on the back and have a leg stretch as when we return we now have to use these keys to enable SSH on our server.

Your identification has been saved in /Users/username/.ssh/my_ssh_key.
Your public key has been saved in /Users/username/.ssh/my_ssh_key.
The key fingerprint is:
SHA256:WDQiyZwrUuswc3XP1W+U6aRiJ0lpCdyY7d2ODZ8gT0o my-ssh-key

Copying your public key to your server

To enable password free communication between your server and local machine we need to upload our public key, again the terminal is our tool of choice for this so fire it up.

These steps assume the root of your server will have a hidden “.ssh” folder that contains a file called “authorized_keys”. Note: each SSH user has their own “authorized_keys” file, ensure you upload your key to the correct users path on the server. If in doubt consult your servers documentation.

Enter the following command into terminal replacing my_ssh_key.pub with the filename of your key and [email protected] with your appropriate SSH username and host address path.

scp ~/.ssh/my_ssh_key.pub [email protected]

Nearly there, now we need to login to the server and prepend the SSH key to our “authorized_keys” file. Enter the following command into terminal.

cat ~/my_ssh_key.pub >> ~/.ssh/authorized_keys

This command, or more precisely >> prepends the contents of the key file to our “authorized_keys” file leaving our original key file in place. To keep things tidy on our server lets delete that public key as it’s no longer required. Enter the following command replacing my_ssh_key.pub with the filename of your key.

rm ~/my_ssh_key.pub

That’s it, all done. We should now be able to login to our remote server without a password. Enter the following into terminal replacing [email protected] with your appropriate SSH username and host address.

ssh [email protected]

If all goes well you should be logged in without a prompt for your password. Nice!

Viewing keys

There may be times when you need to view and / or copy your public and private keys. Here’s where that labelling tip comes in handy.

We’ll be using the cat command, which can be used to view and create files. The guide assumes your keys are stored at the default path of Users/Username/.ssh/.

Lets start by listing all our stored keys, enter the following command.

ls ~/.ssh/

You’ll get a printout of all the keys stored, here’s my keys.

my_ssh_key
my_ssh_key.pub

What we have here is both our private and public keys, the my_ssh_key.pub is our public key. To print / view a key enter the following command replacing my_ssh_key.pub filename with the appropriate filename of your key.

cat ~/.ssh/my_ssh_key.pub

That’s all folks. Today we’ve covered what an SSH key is, what it’s used for and how to create one to streamline your workflow. Great work and happy SSH’ing (if that’s even a word)!