askvity

How do I add an SSH key?

Published in SSH Keys 6 mins read

Adding an SSH key typically involves generating the key pair, adding the public key to the server you want to access, and configuring your SSH client. Here's how:

1. Generate an SSH Key Pair

This process creates both a private key (which you keep secret) and a public key (which you share with the server).

  • On Windows (using Command Prompt):

    1. Press the Windows key or open the Start Menu and type "cmd".

    2. Under "Best Match", click "Command Prompt".

    3. In the command prompt, use the ssh-keygen command:

      ssh-keygen -t rsa -b 4096 -C "[email protected]"
      • -t rsa: Specifies the RSA algorithm.
      • -b 4096: Sets the key length to 4096 bits (stronger security).
      • -C "[email protected]": Adds a comment, usually your email address, for identification.

    4. The system will prompt you for a file in which to save the key. The default location is usually fine (C:\Users\your_username\.ssh\id_rsa). Press Enter to accept the default or specify a different path.

    5. You'll be prompted to enter a passphrase. It's highly recommended to use a strong passphrase for added security. If you don't want a passphrase, just press Enter twice. Note: Using a passphrase will require you to enter it each time you use the key unless you use an SSH agent.

  • On Linux/macOS (using Terminal):

    1. Open your terminal.
    2. Use the ssh-keygen command as shown above.
    3. The default location is usually ~/.ssh/id_rsa. Follow the prompts as described above.

2. Add the Public Key to the Server

This step authorizes your computer to access the server using the key pair.

  • Copy the Public Key:

    1. On Windows: Open your file explorer and navigate to the .ssh directory in your user profile (e.g., C:\Users\your_username\.ssh).

    2. On Linux/macOS: Open your terminal and use the cat command:

      cat ~/.ssh/id_rsa.pub

    3. Copy the entire content of the id_rsa.pub file. This is your public key. It starts with ssh-rsa or ssh-ed25519.

  • Add the Key to the authorized_keys file on the server:

    You need to connect to the server using another method (e.g., password authentication) once to set this up.

    1. Using SSH:

      ssh user@your_server_ip "mkdir -p ~/.ssh && echo 'your_public_key' >> ~/.ssh/authorized_keys"

      Replace user with your username on the server, your_server_ip with the server's IP address, and your_public_key with the actual content of your public key you copied earlier. Be very careful not to introduce any extra characters or line breaks when pasting the public key.

    2. Manually (if you have direct access to the server):

      1. Log in to the server.

      2. Navigate to the user's home directory.

      3. If the .ssh directory doesn't exist, create it: mkdir ~/.ssh

      4. If the authorized_keys file doesn't exist, create it: touch ~/.ssh/authorized_keys

      5. Open the authorized_keys file with a text editor (e.g., nano ~/.ssh/authorized_keys or vi ~/.ssh/authorized_keys).

      6. Paste your public key into the file on a new line.

      7. Save the file and exit the editor.

      8. Ensure the .ssh directory and the authorized_keys file have the correct permissions:

        chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

3. Configure Your SSH Client (Optional but Recommended)

This step streamlines SSH connections using your key.

  • Create or Edit the config file:

    1. On Windows: Create a file named config (without any extension) in the .ssh directory (e.g., C:\Users\your_username\.ssh\config). You might need to create the .ssh directory if it doesn't exist.

    2. On Linux/macOS: Open the ~/.ssh/config file in a text editor. If the file doesn't exist, create it.

    3. Add the following lines to the config file:

      Host your_server_alias
    HostName your_server_ip
    User your_username
    IdentityFile ~/.ssh/id_rsa
      • your_server_alias: A nickname you choose for the server (e.g., my_server). You'll use this alias to connect.
      • your_server_ip: The IP address or hostname of your server.
      • your_username: Your username on the server.
      • IdentityFile ~/.ssh/id_rsa: The path to your private key. Adjust if you saved the key in a different location.

  • Test the Connection:

    In your terminal or command prompt, use the following command:

    ssh your_server_alias

    Replace your_server_alias with the alias you defined in the config file. If everything is configured correctly, you should be able to connect to the server without being prompted for a password (unless you're using a passphrase on your key).

Troubleshooting

  • Permissions: Ensure the .ssh directory and authorized_keys file on the server have the correct permissions (700 and 600, respectively).
  • Public Key Format: Make sure you copied the entire public key to the authorized_keys file without any extra characters or line breaks.
  • Firewall: Verify that your firewall is not blocking SSH traffic (port 22 by default).
  • SSH Server Configuration: Check the SSH server configuration file (/etc/ssh/sshd_config on Linux) to ensure that public key authentication is enabled (PubkeyAuthentication yes).
  • Key File Location: Double-check that the IdentityFile path in your config file is correct.
  • Passphrase: If you set a passphrase, you will be prompted to enter it each time you connect unless you use an SSH agent.

By following these steps, you can successfully add an SSH key and securely connect to your server without using a password.

Related Articles