Enabling SSH Key Authentication (Linux Servers)

SSH key authentication provides a more secure way to access your Linux server compared to password-based authentication. Follow this guide to set up SSH keys for your server.

Step 1: Generate an SSH Key Pair

If you don’t already have an SSH key pair, generate one using the following command on your local machine:

Linux / Mac

1. Open a terminal and run:

   ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

2. When prompted:

   • Press Enter to save the key in the default location (~/.ssh/id_rsa).

   • Optionally, enter a passphrase for extra security.

Windows (Using PuTTYgen)

1. Download and open PuTTYgen from https://www.putty.org/.

2. Select RSA, set 4096 bits, and click Generate.

3. Move your mouse to generate randomness.

4. Click Save private key (optional: set a passphrase).

5. Copy the public key from the PuTTYgen window.

Step 2: Add Your SSH Public Key to the Server

1. Connect to your server using your current password-based SSH login:

   ssh root@your_server_ip

2. Create the .ssh directory (if it doesn’t exist):

   mkdir -p ~/.ssh && chmod 700 ~/.ssh

3. Add your public key to the authorized_keys file:

   echo "your-public-key" >> ~/.ssh/authorized_keys

   (Replace your-public-key with the actual key copied from ~/.ssh/id_rsa.pub or PuTTYgen.)

4. Set the correct permissions:

   chmod 600 ~/.ssh/authorized_keys

Step 3: Connect Using Your SSH Key

Linux / Mac

Use the following command to log in:

ssh -i ~/.ssh/id_rsa root@your_server_ip

Windows (Using PuTTY)

1. Open PuTTY.

2. In the left menu, go to Connection → SSH → Auth.

3. Click Browse and select your private key (.ppk file from PuTTYgen).

4. Go back to Session, enter the server IP, and click Open.

Step 4: Disable Password Authentication (Optional for Higher Security)

1. Open the SSH configuration file:

   nano /etc/ssh/sshd_config

2. Find and change the following lines:

   PasswordAuthentication no
   PermitRootLogin no

3. Save the file (Ctrl + X, then Y, then Enter).

4. Restart the SSH service:

   systemctl restart sshd

Important: Before disabling password authentication, ensure your SSH key works by opening a new terminal and testing your login.

Troubleshooting

If you are unable to connect:

• Ensure the SSH key was added correctly to ~/.ssh/authorized_keys.

• Check file permissions:

  ls -ld ~/.ssh ~/.ssh/authorized_keys

  (They should be drwx------ for .ssh/ and -rw------- for authorized_keys.)

• If you disabled password authentication and can’t log in, use console access from the Nubius Customer Portal to revert changes.

For further assistance, contact Support via the portal or email support@support.nubius.io.