Most site hostings allow users to generate keys right in cPanel. But there is a way in Linux that allows us to do it by ourselves. This article about how to do this as simply and quickly as possible.
First, install the only necessary tools, nothing more. In Debian-based systems this can be done with the following command:
sudo apt install --no-install-recommends openssh-client
This command excludes other unnecessary dependencies, such as key management utilities, or X-server utilities. Only ssh-client will be installed.
During the installation, a list of changes will be shown, scroll down and press “q” for quit, the installation process will continue.
When the installation is complete we can generate keys. Simple command to generate keys:
ssh-keygen # This command generates RSA 2048 bit keys ... Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): /home/user/.ssh/test_key # It is better to type the absolute path to the keys and store them in ~/.ssh directory Enter passphrase (empty for no passphrase): *Nothing appears during typing* # AES encryption for private key Enter same passphrase again: *Nothing appears during typing* # AES encryption for private key Your identification has been saved in test_key. # How private key is named in ~/.ssh directory Your public key has been saved in test_key.pub. # How public key is named in ~/.ssh directory
The command above will generate private and public keys (key pair). The main key is private key. It defines the real owner. It’s like a password. By checking private key on authenticity server provides remote access. If an attacker steals our private key, he will get access to our site server. Therefore, there is a passphrase. Passphrase encrypts the private key with AES specification and nobody can decrypt it without knowing this passphrase. So, the passphrase should be strong for bruteforce protection. So, if we lost our laptop with keys in it, we have time to generate new key pair, because the private key in the laptop is protected by a strong passphrase.
It is enough to give the remote machine only a public key to establish secure connection. Login in cPanel and pass only the public key in SSH section. Make the following command to see the public key:
Copy and paste it into the public key field in cPanel SSH access settings. Then save and activate this key (make authorized).
After all the actions, we can connect to the remote machine with the following command:
ssh [email protected] -p xxxx -i .ssh/test_key
There is an username (can be viewed in cPanel status bar), a hosting machine IP address, a port number (can be found on hosting website) and a path to our private key. Hosting providers often use a port other than 22 for security purposes.
When we first will try to connect, it will ask our agree and add the server’s ip address to known hosts list (it is located in ~/.ssh/known_hosts). It also asks each time for our passphrase to decrypt and open a private key.
This command is very huge, we can simplify it to something like ssh server_name using ssh config. By default, the config file is placed in ~/.ssh/config. Create it if it is not already created and use the following settings:
Host some_name # Alias, for fast access Hostname xxx.xxx.xxx.xxx # Server IP address Port xxxx # Server PORT User some_username # username for SSH access IdentityFile ~/.ssh/test_key # a path to private!! key IdentitiesOnly yes # Tells ssh use only private key that listed above and nothing more
After that, we can connect to the server with a simple command: