SSH Keys
For security and convenience reasons, key-based authentication is the preferred way to connect to your Linux servers. In order to use this method of authentication, you need to create an SSH key pair, first. You can then either add the public key to our customer portal and deploy it right away when you install a server or you can add it to your server manually later on.
Introduction
SSH keys are a pair of cryptographic keys that can be used to authenticate to an SSH server as an alternative to password-based authentication. One key is a public key that can be shared with anyone and the other key is a private key that must be kept secure. The public key can then be placed on a server, and the server can be configured to trust only connections authenticated with a private key. This provides a much better level of security than password-based authentication.
It's very important to properly differentiate between the public and the private key. If you lose your private key, you will not be able to connect to your server anymore. If you think that your private key has been compromised, you should revoke the corresponding public key from all affected servers and create a new one.
Create SSH key pair
How to create an SSH key pair depends on your operating system.
macOS and Linux
In order to create a new SSH key pair, you can utilize the ssh-keygen
command on your local computer:
ssh-keygen -t ed25519
You will be asked to enter a file name for your key pair. This is set to a sensible default. If you don't want to change it, you can just press Enter
. You will then be asked to enter a passphrase. This is optional, but we recommend to set one. If you don't want to set a passphrase, you can just press Enter
again. You will then see an output similar to this:
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/username/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_ed25519
Your public key has been saved in /home/username/.ssh/id_ed25519.pub
The key fingerprint is:
SHA256:iXsEaJZXJIbI3c8j/MWZpJimrOHznwYLlBBhICCyY1g user@localhost
The key's randomart image is:
+--[ED25519 256]--+
|@=Eo oo.o |
|Boo o+.o . |
|+o .=.o= + o |
|..oo .*o=.= |
| . . o.oSo |
| o + o. |
| . + o. . |
| + . .o |
| o.oo |
+----[SHA256]-----+
The public key is saved with a .pub
extension and can now be placed on the server that you want to connect to. The private key is saved without an extension and must be kept secure.
Windows
On Windows, you can use the PuTTY Key Generator to create an SSH key pair. You can download the tool from the link above and then start it by double-clicking the downloaded file.
First, you need to select which type of keypair you want to create (1). When using the PuTTY Key Generator, we recommend generating an RSA key with at least 2048 bits (4096 bits are also possible and most likely better). In order to then create a new keypair, you need to click on the Generate button (2).
You will then be asked to move your mouse around in the blank area (3) to generate some randomness. Once the key has been generated, you will see an output similar to this:
We recommend setting a passphrase for the key (4). If you don't want to set a passphrase, you can just leave the field empty. You can then save the public key (5) and the private key (6) to your computer. The public key can then be placed on the server that you want to connect to. The private key must be kept secure.
Manage SSH keys in the customer portal
During the installation of a Linux server you can select one or more SSH keys that shall be authorized to connect to the server. If you want to add new SSH keys to your server later on, you need to do that directly on your server. Hence, it's recommended to add all SSH keys that you want to use to the customer portal during the installation.
In order to create a new SSH key in the customer portal, you can navigate to Server → SSH Keys.