How to Create and Add SSH Keys to Your Server

Today we’re going to talk about SSH keys, what they are, how to set them up and how they can improve your existing workflow.

Before we start there’s a few pre requisites we should touch on:

Your web host allows connections over SSH
For this to work your server must support SSH / shell access and you must have created a user account to gain access. If you’re unsure ask your hosting company as some disable it by default. The major players, including WP Engine, 1&1 and Fasthosts all allow SSH.

You know your way around the command line
Although I’ll include the commands and an explanation of what they do, you must be confident working in the command line. If you’re in any doubt stop here. Note: all references to username are to be replaced with your system username.

You’re on a Mac (not essential)
This guide will assume you’re working on a Mac, so all references will be made to the terminal app. You can achieve the same through Windows Power Shell, but you may find PuTTY is less troublesome.

Finally, don’t shoot the messenger
This is a guide, you are to attempt this at your own risk. I accept no responsibility should anything disastrous happen.

What are SSH keys

SSH keys are used to securely authenticate the connection to a remote computer, typically a server. They are created in pairs, one public key and one private key. The public key is placed on your server and the private key is stored on your computer. When successfully setup, SSH keys remove the need to use a password, this makes for a more efficient and satisfying workflow

SSH keys are typically created through the command line, however you can also use a graphical user interface if you are using Windows, the most popular being PuTTY.

How to create a new SSH key pair

Let’s get down to business. Open up terminal as we’re going to be spending some time in it and start with the following command, but don’t hit return just yet!

ssh-keygen -t rsa -C "my-ssh-key"

What we’re saying here is create a new SSH key pair ssh-keygen, write the file to disk -t with an encryption type of rsa. Finally we add a comment with -C, we enter this comment between quotation marks, which in this example is "my-ssh-key". Adding a comment acts like a label and becomes handy when you’ve got multiple keys stored on your system. Go ahead and customise your label and hit return.

Next you’ll be asked where you want to save the key, by default this is the hidden ssh folder in the root of your home directory. There’s no need to change the directory, but I find it useful to modify the output filename from its default id_rsa so we can identify the key at a later date.

Generating public/private rsa key pair.
Enter file in which to save the key (/Users/username/.ssh/id_rsa):

At the prompt enter the following changing my_ssh_key to whatever you want to call your key.

/Users/username/.ssh/my_ssh_key

Next terminal will ask you to enter a passphrase, there’s no need to set one so leave it blank and hit return and return again for the second passphrase prompt.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Okay, looking good. You should now get a message confirming successful creation of your new SSH key pair. Pat yourself on the back and have a leg stretch as when we return we now have to use these keys to enable SSH on our server.

Your identification has been saved in /Users/username/.ssh/my_ssh_key.
Your public key has been saved in /Users/username/.ssh/my_ssh_key.
The key fingerprint is:
SHA256:WDQiyZwrUuswc3XP1W+U6aRiJ0lpCdyY7d2ODZ8gT0o my-ssh-key

Copying your public key to your server

To enable password free communication between your server and local machine we need to upload our public key, again the terminal is our tool of choice for this so fire it up.

These steps assume the root of your server will have a hidden “.ssh” folder that contains a file called “authorized_keys”. Note: each SSH user has their own “authorized_keys” file, ensure you upload your key to the correct users path on the server. If in doubt consult your servers documentation.

Enter the following command into terminal replacing my_ssh_key.pub with the filename of your key and [email protected] with your appropriate SSH username and host address path.

scp ~/.ssh/my_ssh_key.pub [email protected]

Nearly there, now we need to login to the server and prepend the SSH key to our “authorized_keys” file. Enter the following command into terminal.

cat ~/my_ssh_key.pub >> ~/.ssh/authorized_keys

This command, or more precisely >> prepends the contents of the key file to our “authorized_keys” file leaving our original key file in place. To keep things tidy on our server lets delete that public key as it’s no longer required. Enter the following command replacing my_ssh_key.pub with the filename of your key.

rm ~/my_ssh_key.pub

That’s it, all done. We should now be able to login to our remote server without a password. Enter the following into terminal replacing [email protected] with your appropriate SSH username and host address.

ssh [email protected]

If all goes well you should be logged in without a prompt for your password. Nice!

Viewing keys

There may be times when you need to view and / or copy your public and private keys. Here’s where that labelling tip comes in handy.

We’ll be using the cat command, which can be used to view and create files. The guide assumes your keys are stored at the default path of Users/Username/.ssh/.

Lets start by listing all our stored keys, enter the following command.

ls ~/.ssh/

You’ll get a printout of all the keys stored, here’s my keys.

my_ssh_key
my_ssh_key.pub

What we have here is both our private and public keys, the my_ssh_key.pub is our public key. To print / view a key enter the following command replacing my_ssh_key.pub filename with the appropriate filename of your key.

cat ~/.ssh/my_ssh_key.pub

Making the most of your SSH connection

So you’ve managed to generate your SSH keys and are now chomping at the bit to make use of your super handy SSH connection between your local computer and remote server. I’ll touch on more SSH tips in a later post, but to get you started here’s a few great SSH tools to explore.

Manage files and directories
Much like using the command line on your local computer, you can also manage the files and directories on your server via SSH. This includes adding new files touch, moving files and entire directories mv and even editing files with nano command. Just one word of advice, ensure you have a backup and are comfortable working in the command line. Things can go bad very quickly!

Transfer and synchronise files using rsync
FTP can be a tedious slow process, especially when you’re trying keep track of files you’ve modified to save on bandwidth and time. Rsync can keep your remote and local file base in sync, only uploading files that have changed, plus it’s lightning fast!

Install and manage WordPress with WP-CLI
Assuming your server has it installed, WP-CLI is an excellent tool for installing and managing your WordPress site. Frequently used WP-CLI commands include database backups, database search and replace (handy for staging to live migrations), plugin management and user management to name a few.

So that’s all folks. Today we’ve covered what an SSH key is, what it’s used for and how to create one to streamline your workflow. Great work and happy SSH’ing (if that’s even a word)!