Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the acf domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php on line 6131

Deprecated: Creation of dynamic property ACF::$fields is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/fields.php on line 138

Deprecated: Creation of dynamic property acf_loop::$loops is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/loop.php on line 28

Deprecated: Creation of dynamic property ACF::$loop is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/loop.php on line 269

Deprecated: Creation of dynamic property ACF::$revisions is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/revisions.php on line 397

Deprecated: Creation of dynamic property acf_validation::$errors is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/validation.php on line 28

Deprecated: Creation of dynamic property ACF::$validation is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/validation.php on line 214

Deprecated: Creation of dynamic property acf_form_customizer::$preview_values is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/forms/form-customizer.php on line 28

Deprecated: Creation of dynamic property acf_form_customizer::$preview_fields is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/forms/form-customizer.php on line 29

Deprecated: Creation of dynamic property acf_form_customizer::$preview_errors is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/forms/form-customizer.php on line 30

Deprecated: Creation of dynamic property ACF::$form_front is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/forms/form-front.php on line 598

Deprecated: Creation of dynamic property acf_form_widget::$preview_values is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/forms/form-widget.php on line 34

Deprecated: Creation of dynamic property acf_form_widget::$preview_reference is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/forms/form-widget.php on line 35

Deprecated: Creation of dynamic property acf_form_widget::$preview_errors is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/forms/form-widget.php on line 36

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the all-in-one-wp-migration domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php on line 6131

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php:6131) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/wp_plugin/wp_plugin.php on line 23

Deprecated: str_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/wp-super-cache/wp-cache-phase2.php on line 54

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php:6131) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/wp-super-cache/wp-cache-phase2.php on line 1539

Deprecated: strtolower(): Passing null to parameter #1 ($string) of type string is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/wp-super-cache/wp-cache-phase2.php on line 828

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rocket domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php on line 6131

Deprecated: Creation of dynamic property acf_field_oembed::$width is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-oembed.php on line 31

Deprecated: Creation of dynamic property acf_field_oembed::$height is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-oembed.php on line 32

Deprecated: Creation of dynamic property acf_field_google_map::$default_values is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-google-map.php on line 33

Deprecated: Creation of dynamic property acf_field__group::$have_rows is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-group.php on line 31

Deprecated: Creation of dynamic property acf_field_clone::$cloning is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/pro/fields/class-acf-field-clone.php on line 34

Deprecated: Creation of dynamic property acf_field_clone::$have_rows is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/pro/fields/class-acf-field-clone.php on line 35

Deprecated: Creation of dynamic property jh_acf_field_table::$settings is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-table-field/class-jh-acf-field-table.php on line 23

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php:6131) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/rest-api/class-wp-rest-server.php on line 1902

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php:6131) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/rest-api/class-wp-rest-server.php on line 1902

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php:6131) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/rest-api/class-wp-rest-server.php on line 1902

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php:6131) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/rest-api/class-wp-rest-server.php on line 1902

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php:6131) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/rest-api/class-wp-rest-server.php on line 1902

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php:6131) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/rest-api/class-wp-rest-server.php on line 1902

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php:6131) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/rest-api/class-wp-rest-server.php on line 1902

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php:6131) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/rest-api/class-wp-rest-server.php on line 1902
{"id":24640,"date":"2015-09-17T08:42:49","date_gmt":"2015-09-17T05:42:49","guid":{"rendered":"https:\/\/upcloud.com\/community\/tutorials\/use-ssh-keys-authentication"},"modified":"2015-09-17T08:42:49","modified_gmt":"2015-09-17T05:42:49","slug":"use-ssh-keys-authentication","status":"publish","type":"tutorial","link":"https:\/\/studiogo.tech\/upcloudold\/tutorial\/use-ssh-keys-authentication\/","title":{"rendered":"How to use SSH keys for authentication"},"content":{"rendered":"\n

Set up your first SSH keys<\/h2>\n\n\n\n

Use SSH keys<\/a> for authentication when you are connecting to your server, or even between your servers. They can greatly simplify and increase the security of your login process. When keys are implemented correctly they provide a secure, fast, and easy way of accessing your cloud server.<\/p>\n\n\n\n

Follow our guide and learn how to set up your first SSH keys for authentication using OpenSSH or PuTTY ssh client.<\/p>\n\n\n\n

\n
Try UpCloud for free!<\/a><\/div>\n<\/div>\n\n\n\n

Preparing your server<\/h2>\n\n\n\n

To add an SSH key pair, first, create a hidden folder to your user account home directory on your cloud server with the following command.<\/p>\n\n\n\n

mkdir -p ~\/.ssh<\/pre>\n\n\n\n
Then restrict the permissions to that directory to just yourself with the command below.<\/p>\n\n\n\n
chmod 700 ~\/.ssh<\/pre>\n\n\n\n
This creates a secure location for you to save your SSH keys for authentication. However, note that since the keys are stored in your user home directory, every user that wishes to connect using SSH keys for authentication has to repeat these steps on their own profile.<\/p>\n\n\n\n
Using OpenSSH to generate a key pair<\/h2>\n\n\n\n
Now continue on your own computer if you are using Linux or any other OS that has OpenSSH. PuTTY users should skip to the next section.<\/p>\n\n\n\n
1. Generate a new key pair in a terminal with the next command<\/h3>\n\n\n\n
ssh-keygen -t rsa<\/pre>\n\n\n\n
The key generator will ask for the location and file name to which the key is saved. Enter a new name or use the default by pressing enter.<\/p>\n\n\n\n
2. (Optional) Create a passphrase for the key when prompted<\/h3>\n\n\n\n
This is a simple password that will protect your private key should someone be able to get their hands on it. Enter the password you wish or continue without a password. Press enter twice. Note that some automation tools might not be able to unlock passphrase-protected private keys.<\/p>\n\n\n\n
3. Copy the public half of the key pair to your cloud server using the following command<\/h3>\n\n\n\n
Replace the user<\/tt><\/span> and server<\/tt><\/span> with your username and the server address you wish to use the key authentication on.<\/p>\n\n\n\n
ssh-copy-id -i ~\/.ssh\/id_rsa.pub user<\/span>@server<\/span><\/pre>\n\n\n\n
This also assumes you saved the key pair using the default file name and location. If not, just replace the key path ~\/.ssh\/id_rsa.pub<\/tt> above with your own key name.<\/p>\n\n\n\n
Enter your user account password for that SSH server when prompted.<\/p>\n\n\n\n
You can now authenticate to your server with the key pair, but at the moment you would need to enter the passphrase every time you connect.<\/p>\n\n\n\n
4. (Optional) Set up SSH Agent to store the keys to avoid having to re-enter the passphrase at every login<\/h3>\n\n\n\n
Enter the following commands to start the agent and add the private SSH key.<\/p>\n\n\n\n
ssh-agent $BASH\nssh-add ~\/.ssh\/id_rsa<\/pre>\n\n\n\n
Type in your key\u2019s current passphrase when asked. If you saved the private key somewhere other than the default location and name, you\u2019ll have to specify it when adding the key.<\/p>\n\n\n\n
Afterwards, you can connect to your cloud server using the keys for authentication and only have to unlock the key by repeating the last 2 steps once after every computer restart.<\/p>\n\n\n\n
Using PuTTY to generate a key pair<\/h2>\n\n\n\n
If you are running Windows using the PuTTY<\/a> SSH client, you can use the built-in key generator from PuTTY to create a new key pair.<\/p>\n\n\n\n
1. Click the Keygen<\/em> button<\/strong> at the bottom of the PuTTY Configuration<\/em> window to get started.<\/p>\n\n\n\n
\"PuTTYtray<\/figure>\n\n\n\n
Then in the Key Generator<\/em> window, check that the Type of key to generate<\/em> at the bottom is set to SSH-2 RSA<\/em>. The older SSH-1 was the standard’s first version but is now considered obsolete. Most modern servers and clients support SSH-2.<\/p>\n\n\n\n
2. Click the Generate<\/em> button<\/strong> to begin.<\/p>\n\n\n\n
\"PuTTYtray<\/figure>\n\n\n\n
3. Keep moving your mouse<\/strong> over the blank area in any manner to help generate randomness for a few moments until the progress is complete.<\/p>\n\n\n\n
\"PuTTYtray<\/figure>\n\n\n\n
With the keys finished, PuTTY will show the relative information about the pair along with the public key for easier copying.<\/p>\n\n\n\n
4. (Optional) Enter a key passphrase<\/strong> in the 2 empty fields for the added security before continuing. The passphrase will protect your key from unauthorized use should someone be able to copy it. However, some automation tools might not be able to unlock passphrase-protected private keys.<\/p>\n\n\n\n
5. Click the Save private key<\/em> button<\/strong> and store it somewhere safe. Generally anywhere in your user directory is fine as long as your PC is password protected. Before closing the keygen, you may want to copy the public key to your clipboard, but you can always get it later as well.<\/p>\n\n\n\n
\"PuTTYtray<\/figure>\n\n\n\n
Now that you have a new key saved on your computer, you\u2019ll need to import it into the PuTTY key agent.<\/p>\n\n\n\n
6. Click the Agent<\/em> button<\/strong> to open the key manager in the PuTTY Configuration window.<\/p>\n\n\n\n
\"PuTTYtray<\/figure>\n\n\n\n
7. Click Add Key<\/em> button<\/strong> in the Key List, then browse to the location you saved the private key, select it and click Open<\/em>.<\/p>\n\n\n\n
Enter your key passphrase if asked.<\/p>\n\n\n\n
\"PuTTYtray<\/figure>\n\n\n\n
This will import the key to your PuTTY client, but you still need to copy the public key over to your server.<\/p>\n\n\n\n
8. Open an SSH connection<\/strong> to your cloud server and go to the SSH key directory.<\/p>\n\n\n\n
cd ~\/.ssh\/<\/pre>\n\n\n\n
9. Open or create the default file<\/strong> OpenSSH looks for public keys called authorized_keys<\/tt>.<\/p>\n\n\n\n
sudo nano authorized_keys<\/pre>\n\n\n\n
10. Paste the public key into the file<\/strong> by right-clicking the SSH client window. Make sure the key goes on a single line for OpenSSH to be able to read it. Note that the key type needs to also be included, ssh-rsa<\/tt> as shown in the example below.<\/p>\n\n\n\n
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDEeV\/UKOVqNUwmED8PO1E6wY3ITEbWx30rAgGudzTGnYI8fB176nlmIS+O01vaI4fMYwO9Chg3mzVT2+4AkTBm1sXnDdzhNNnkclipMXdmAHnRtzU9kREFZU0\/yyOhorzqxWBi0LQxpjTAZawi+8ysH7PGnNlX3FUObZcmHis0oD\/C7ll6DwX4WVSjh2JGcaIhbhB+sovxW5duTDqyuyKpRsbyBD0+wNjSuJFjh5MnXJqcqrEUaPRoe2wQ9k7q0K2KOXAmYYPUWrLY6N+jjYdnkyP9XWWkz6c7Qvx7m\/dBfgpyJbPryWbSZ8PsvSgtDTIND\/jNfwmgQjOCGgsZlmCsvRIixzh2uNmFCg75wyD6f\/wdZ5gq1HPFdyLblHs46P9ClfMbWJt9APx7c1SRE+qMbdLf\/5\/vNGiGHr6bBXKRX70+XODl04shFQpjm1kKkG9qHkp3bOSot4Da987dRHMhAbd0d3QdS8wCg7s6NPk4qDVnR6BCxiM2vbOD1B4gWQ8= user@server<\/pre>\n\n\n\n
When you\u2019ve copied the public key over to the authorized keys list, save the file and exit the editor. You can now test the public key authentication by logging in to your server again. You should not get asked for your password, but instead logged straight in with the key. If it\u2019s not working, check that your private key is unlocked at your SSH Agent and try again.<\/p>\n\n\n\n
Turn off password authentication<\/h2>\n\n\n\n
With SSH key authentication configured and tested, you can disable password authentication for SSH altogether to prevent brute-forcing. When logged in to your cloud server.<\/p>\n\n\n\n
1. Open the SSH configuration file<\/strong> with the following command.<\/p>\n\n\n\n
sudo nano \/etc\/ssh\/sshd_config<\/pre>\n\n\n\n
2. Set the password authentication to no<\/em><\/strong> to disable clear text passwords.<\/p>\n\n\n\n
PasswordAuthentication no<\/pre>\n\n\n\n
3. Check that public key authentication is enabled<\/strong>, just to be safe and not get locked out from your server. If you do find yourself unable to log in with SSH, you can always use the Web terminal at your UpCloud control panel.<\/p>\n\n\n\n
PubkeyAuthentication yes<\/pre>\n\n\n\n
Then save and exit the editor.<\/p>\n\n\n\n
4. Restart the SSH service<\/strong> to apply the changes by using the command below.<\/p>\n\n\n\n
sudo systemctl restart sshd<\/pre>\n\n\n\n
With that done your cloud server is now another step towards security. Malicious attempts to connect to your server will result in authentication rejection, as plain passwords are not allowed, and brute-forcing an RSA key is practically impossible.<\/p>\n\n\n\n
Conclusions<\/h2>\n\n\n\n
Remember to always keep your private keys safe. You can use the same key from multiple computers if you wish, or generate new ones on each client connecting to your cloud server for added security. Each user should generate their own key pair and passphrase for secure access control. With proper management, even in case one of the private keys gets compromised you won\u2019t have to replace them all.<\/p>\n","protected":false},"featured_media":27382,"comment_status":"open","ping_status":"closed","template":"","community-category":[121],"class_list":["post-24640","tutorial","type-tutorial","status-publish","has-post-thumbnail","hentry","community-category-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/tutorial\/24640","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/tutorial"}],"about":[{"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/types\/tutorial"}],"replies":[{"embeddable":true,"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/comments?post=24640"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/media\/27382"}],"wp:attachment":[{"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/media?parent=24640"}],"wp:term":[{"taxonomy":"community-category","embeddable":true,"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/community-category?post=24640"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}