SSH to your Remote Server via RSA Keys
Requirements
- Unmanaged Virtual Private Server
- A Domain name (Optional)
- WSL2 or Git Bash or CygWin or a local install of openssh (Optional)
Assumptions
- domain name: example.com
- user name: webdeveloper
- VPS is newly acquired.
- We will be using WSL2 for this tutorial
If you followed my Notes on Preparing VPS for Web Development you now have a VPS server that has a customized ssh port and a disabled root login. SSH is better than RLogin such that it encrypts traffic. The problem is even the most difficult password can be brute-forced. To take security a bit further let us use public key cryptography on our ssh connections.
We begin by creating our ssh keys. The default key length is 2048 bits. This is now considered weak as computers are considerably more powerful nowadays. So let's add the -b 4096 option when creating our ssh key pair.
mkdir ~/.ssh
cd ~/.ssh
ssh-keygen -t rsa -b 4096We now have a ssh key pair inside our ~/.ssh directory. The private key is named id_rsa and the public key is named id_rsa.pub. Our next step is to upload the public key to our VPS server. There are many ways that we can achieve this. Below are four of the ways I upload public keys.
ssh-copy-id -i ~/.ssh/id_rsa.pub web_developer@example.comFor method 2 open another terminal.
cat ~/.ssh/id_rsa.pubssh webdeveloper@example.com -p 5088
cd ~/.ssh
touch authorized_keys
nano authorized_keys
Copy the output of [Terminal 1] and Paste it onto [Terminal 2] save the authorized_keys file and exit.
scp ~/.ssh/id_rsa.pub webdeveloper@example.com:/home/webdeveloper/.ssh/authorized_keyscat ~/.ssh/id_rsa.pub | ssh webdeveloper@example.com -p 5088 'cat >> ~/.ssh/authorized_keys Any which method we choose will work. Now let us test if our ssh keys work.
ssh webdeveloper@example.com -p5088We should now be able to login to the remote shell without a password. Note if you chose to password protect your private key you will still need to enter a password to unlock it.
Have fun