The topic of security is quite hot in the IT world. Yet, it’s also often neglected. But if you want your site, apps or online services to be well received, you have to put in some effort in their cybersecurity. And SSH (Secure Shell) is one of the most important ways to improve the security of your project.
SSH uses a pair of keys – a public one and a private one. When they match, it allows access for the client that is trying to connect to a server, for example. SSH is a popular way of establishing a secure connection between two devices.
SSH keys can be quite various. A popular choice is the RSA 2048-bit encryption, but you can find (or generate) plenty of other types, too. Using this method you can get protection from brute force attacks, allow multiple logins to the same system, revoke access easily and log in multiple accounts easily.
Generating an SSH key pair
You can generate your own SSH key pairs on macOS, Linux and even Windows systems. For the first two, you can use a terminal window. For Windows you can use the CMD terminal, too, but most often you would be advised to install an additional client. Some of the popular ones are PuTTY/PuTTYgen, Git on Windows and OpenSSH Client.
PuTTY seems to enjoy the most attention for the moment. It mimics a lot of the macOS Terminal functions in a Windows environment. Using PuTTY you also get the PuTTYgen app which offers an easier classic window with buttons to generate and save a private and a public SSH key with ease.
Using the PuTTYgen app you can generate your SSH key pair with a few clicks. Open the Generator, choose SSH-2-RSA at the bottom of the window and then click Generate. Wait a bit until the process is done and add your passphrase. Then press the “Save private key” button. Then click on the “Save public key” button. You will get two files and this is your new SSH key pair.
Using PuTTYgen is better if you want to add different parameters or an RSA encryption level. But if you want a classic pair without additional argument, you can use the CMD.
Simply open CMD and type ssh-keygen and press Enter. Then follow the prompts and you will have your new SSH key pair in a few moments.
For macOS, you can start this process in the Terminal app. Then enter this command:
Ssh-keygen –t rsa
Press enter and follow the prompts.
For Linux, you can use the terminal and start with the following command:
$ ssh-keygen –t rsa
Press Enter and follow the prompts.
Using the SSH key pair
Once you have your SSH key pair, it’s time to use it. For that, you have to import the private key to the device you will use it with, and the public key – onto the server you intend to use.
Depending on the setup and configuration, this process can vary greatly. Some hosts can offer an automated tool for SSH key importing. If they don’t, you have to use the terminal and this command:
ssh-copy-id -i ~/.ssh/tatu-key-ecdsa user@host
Replace the user@host with the appropriate credentials.
Your goal is to have an account that allows you to access the ~/.ssh/authorized_keys file on the server. If that server doesn’t have a tool for importing, you simply have to edit the file, paste the public key in it and save the file.
Then you have to install your private key on your machine. You can use Pageant (PuTTY Authentication Agent) for that and follow the prompts. You can also use Universal SSH Key Manager for this. Then it’s a matter of testing if everything works and you’re all set!