-
Russia8 (800) 707-83-77 -
United Kingdom+44 (20) 4577-20-00 -
USA+1 (929) 431-18-18 -
Israel+972 (55) 507-70-81 -
Brazil+55 (61) 3772-18-88 -
Canada+1 (416) 850-13-33 -
Czech Republic+420 (736) 353-668 -
Estonia+372 (53) 683-380 -
Greece+30 (800) 000-02-04 -
Ireland+353 (1) 699-43-88 -
Iceland+354 (53) 952-99 -
Lithuania+370 (700) 660-08 -
Netherlands+31 (970) 1027-77-87 -
Portugal+351 (800) 180-09-04 -
Romania+40 (376) 300-641 -
Sweden+46 (79) 008-11-99 -
Slovakia+421 (2) 333-004-23 -
Switzerland+41 (22) 508-77-76 -
Moldova+373 (699) 33-1-22
English
Enhanced Security When Connecting to a Server Using SSH Keys
- Main
- Knowledge base
- Enhanced Security When Connecting to a Server Using SSH Keys
Using an SSH authentication key for a server is considered much safer than entering a regular password. In this article, we will explain all the advantages of this method in detail and show you how to set it up on your server.
Why Choose SSH Keys?
1. Enhanced Protection
For example, a 1024-bit key is equivalent to a 12-character random password, while 2048-bit and 4096-bit keys significantly increase security levels.
2. Resistance to Attacks
Keys are generated using random algorithms, making them virtually unpredictable and eliminating the possibility of brute-force attacks.
3. No Key Transmission Over the Network
The key is always stored locally on your computer, which almost entirely prevents it from being intercepted by attackers.
4. Multi-Factor Authentication Support
You can also use a passphrase to encrypt the key, adding an extra layer of security.
5. Process Automation
You won’t need to enter a password every time you log in.
Generating SSH Keys
To generate an SSH key, run the following command:
ssh-keygenBy default, keys are saved in the ~/.ssh/ directory (on Windows: C:\Users\<user>\.ssh\). During the generation process, you can set a passphrase to protect the private key.
Adding a Public Key to the Server
Creating a Directory for Storing Keys
Before adding the key to the server, you need to create a directory for it and set the appropriate permissions:
ssh <root>@<server> "mkdir -p ~/.ssh && chmod 700 ~/.ssh"Configuring the Authorized Keys File
Create or edit the authorized_keys file and set the required access permissions:
touch ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keysCopying the Key to the Server
If you are using Linux, you can use the standard tool:
ssh-copy-id <root>@<server>For other operating systems, the public key (id_rsa.pub) must be manually added to the ~/.ssh/authorized_keys file.
Connecting to the Server via SSH
To establish a connection, use the following command:
ssh <root>@<server>If a passphrase is set for the private key, the system will prompt you to enter it for decryption. The authentication process works as follows: the SSH client receives a random message from the server, encrypts it, and sends it back. The server decrypts it, and if the data matches, the connection is authorized.
Managing Passphrases for Keys
If necessary, you can change or remove the passphrase without generating a new key. Use the following command:
ssh-keygen -p -f ~/.ssh/id_ed25519The system will then ask for the current passphrase (if set) and prompt you to enter a new one or leave the field empty to remove it.
Using an SSH Agent for Convenient Key Management
SSH-agent allows you to cache passphrases, making authentication easier for multiple connections. To add a key to the agent, run:
ssh-addYou can also set a time limit for how long the key will be stored:
ssh-add -t <seconds>With proper configuration, SSH keys simplify the authentication process without compromising security, and SSH-agent makes working with keys even more convenient.
Other articles of the section
