What is SSH?
The secured shell access or SSH is a network protocol that enables the exchange of data through a secured channel between two secured network devices. SSH is used either for logging into or running programs on the remote machines present across a network. SSH is also the standard for the encrypted terminal internet connections.
The process to enable SSH for a Linux Dedicated Server through a Linux machine without a password:
In order to generate SSH key pair for your Linux dedicated server you will have to use the ssh-keygen command. This command has to be operated in the command line. You will be asked for a file name and password for the key. Here is an example:
user@somehost: ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_dsa.
Your public key has been saved in id_dsa.pub.
The key fingerprint is:
This command will create a private key written to /home/user/.ssh/id_dsa and a public key written to /home/user/.ssh/id_dsa.pub. The password is important to protect your key. You will be asked for it when you connect via SSH.
The IP address that you used to order your dedicated server was automatically added in the server firewall. If you would like to establish the WHM and SSH connections using another IP address you can send a request for the same so that it can be added in the firewall. Access from your IP address should be allowed for the SSH port on the server.
Once the public and private SSH keys are generated, you should add the public key through your WHM (Web Host Manager). For doing so, log in to your server’s WHM panel as root and go to the option of ‘Manage SSH Keys’ located in the Security section. Click on the Import Key button, type in a name and a password for the key and paste your public key in the corresponding field. You don’t have to paste your private key. Click Import to import your key.You can now connect to your Dedicated Server via SSH. You will have to enter the following command in order to load our private SSH key:
user@somehost: ssh-add /home/user/.ssh/id_dsa
Enter passphrase for id_dsa:
Identity added: id_dsa (id_dsa)
(The passphrase is the one that you had set during the generation of the SSH key.)
Once you have entered the passphrase you can initiate an SSH connection:
user@somehost: ssh <USER>@<HOSTNAME> -p<PORT>
- <USER> – root – the user for which you want to establish the SSH connection. As your account is hosted on a dedicated server you can login using the “root” account
- <HOSTNAME> (or IP address) – here you should enter the hostname/IP of the dedicated server.
- <PORT> - the port for the connection;
Press “Enter” and if everything has been set up properly, the SSH connection to your account will be successfully established.
The process mentioned above explains setting up the SSH connection on a Linux dedicated server through the Linux machine. The same process can be followed with a Windows machine. In order to access the Linux server from Windows machine, you will have to follow the process mentioned below:
Public Key Authentication With PuTTY
Generate a public/private key pair on your local desktop. Go to the Start menu, run Start > All Programs > PuTTY > PuTTYgen as shown below:
Initial PuTTYgen window
Click on the ‘Generate’ button. You will be prompted to move the mouse over the blank area to generate some randomness. On doing so, the program will generate the key and display the result shortly as shown in the image given below:
Once the keys are generated. Enter a passphrase in the ‘Key passphrase’ section and confirm it by clicking on the ‘Confirm passphrase’ boxes. The PuTTY documentation recommends an actual phrase of 10 to 30 characters with word breaks, mixed case, numbers, and non-alphanumeric characters, for instance – “DoN’t (expect snow)^july”. Instead of creating a good passphrase on your own, it is preferrable to consider the recommendations. You must take care about not leaving these fields blank.
Now select all the text given in the box labeled “Public key for pasting into OpenSSH authorized_keys file” (near the top of the window) by dragging the cursor. Right-click over the selection and choose Copy. Finally, click the “Save private key” button to save the private key to a file as shown in the image.
Saving the private key in file mykey.ppk
The private key must be kept secret. The contents of the file are encrypted accordingly using the passphrase, and you should pick a file location that can be only accessed by you. If you share your computer and you do not have a separate account (id) with private disk space, do not use public key authentication. You can also recover the public key from the private key with PuTTYgen by clicking on the Load button; however it is not possible to recover the private key from the public key.
Install the public key on the remote host where you would like to connect. This can be done by pasting the public key from the Clipboard into the the authorized_keys file, which is located in the .ssh directory in your home directory on the remote host. The image given below shows the vi editor being used for this purpose.
Editing .ssh/authorized_keys with vi.
Type G on the keyboard to go to the end of the file. Enter ‘insert mode’ on a new line by typing an o (lowercase oh), then right-click to paste the public key. The result is illustrated as given below:
After pasting the public key
Press the Esc key to exit insert mode. And finally, type :wq to save the changes to the file and exit the editor. Repeat this procedure to install the same public key on as many additional remote hosts as you like.
The private key is not installed on any remote host.
Check if the public key authentication is working properly. The basic public key authentication is enabled for a particular session in the Connection > SSH > Auth window. You must load the session profile as shown in the image below before configuring the Auth window.
Load the appropriate session profile
Connection > SSH > Auth window
Browse to select mykey.ppk in the ‘Private key file for authentication’ in the text box. Make sure to go back to the Session window and click Save to update the profile. The session will use the public key authentication as demonstrated below.
Logging in using basic public key authentication
In order to invoke the basic public key authentication for file transfers with pscp.exe, use the -i flag on the command line and specify mykey.ppk as the flag’s argument.
File transfer using basic public key authentication
During either login or file transfer, supplying the passphrase when prompted decrypts the private key on the fly for use in the authentication process. If you come across a password prompt instead of a passphrase prompt, the administrators of the remote host may have disallowed use of the public key authentication. Some websites take this step to prevent the use of unencrypted private keys (generated with a null passphrase), which pose a security threat.
The above mentioned process will enable you to access a Linux server from the Windows machine and once that is done, SSH for a Linux dedicated server can also be enables with a Windows machine.