How To Login to VPS Using SSH/RSA Keys

Question

I followed the instructions here and created a set of ssh keys (rsa) whilst logged into a vps as root. Encryption level 4096 as suggested...

The keys were already on the host so no need to transfer...

But the instructions fell apart at:

"You can make sure this worked by doing:"

ssh <username>@<host>

That's it, I don't understand what I need to do next. i.e. root@vpsIPaddress.

1 - Where do I do that? 2 - Can I use the same to login as a different user?

I cant get past this point as the instructions seem very unclear to me as to how I actually login using the keys instead of the password.

The lines below are in the sshd_config (but not sure what the ssh_config is for?)

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile  %h/.ssh/authorized_keys
AuthorizedKeysFile /etc/ssh/rootuser/authorized_keys

In the home/ubuntu/.ssh directory there is an authorized_keys file too.

Hope that is enough info.

I've edited my answer to include what I think are the most useful concepts involved, if you need more help to get it working, comment below using @Arronical to get my attention. — Arronical, Sep 09 '16 at 13:47
FYI, to login using the key file you have to do: ssh user@ip -i private-key-file.pem — You'reAGitForNotUsingGit, Sep 09 '16 at 15:10

Arronical · Accepted Answer · 2016-09-09T13:46:15.273

2

I don't quite understand what you mean by 'the keys were on the host, so no need to transfer', but think it might be due to you creating the keys on the VPS, rather than the client machine (your desktop). This is the wrong way up, which is a really common mistake when you're getting used to this system.

The keys are supposed to be created on the client, on a per-user basis, the default location for an Ubuntu client is the /home/username/.ssh/ directory. The private key which shouldn't be shared, is called id_rsa by default, the public key is called id_rsa.pub by default. If you're connecting from a windows client, I think the keys are in C:\Users\username\.ssh\.

You then share your public key with the (host) server, which puts the key in an authorised keys file. The command to do this is:

ssh-copy-id <username>@<host>

Where <username> is the username that you want to log in as on the VPS, and <host> is the IP address of the VPS. There are further things to add to this command if you have chosen a different name or location for your created ssh keys, or if your server uses a non-standard port for ssh.

This file holds keys which are allowed to be used to log on as that user, on that system, from your desktop machine, and any other machines that are authorised. The authorised keys file is normally also per-user, but on the host system. If it is a per-user file, it'll be found at /home/username/.ssh/authorized_keys.

edited Sep 09 '16 at 13:46

answered Sep 09 '16 at 13:33

Arronical

19,893

Thanks for the response. I believe its a language barrier here between myself and the instructions. ie: server/host client etc. If I am to create the keys on my windows system using Putty (I imagine) then putty asks me to login anyway so I dont get the "create the keys on the client" thing as I am on the client. Connected to the server/vps/host. Just not sure how to create keys without logging into server... But thanks, Il reread and try to get this done on another vps test environment. – Hawk007 Sep 09 '16 at 14:03
This link might help, it's around using putty to do keys on a VPS, though I'd advise not creating a passphrase when you create the keys, if you wanted it to be password free. – Arronical Sep 09 '16 at 14:07
Thanks for the link. Il go through that now. And report back later. When its up and running? Hopefully. Thanks again for the push in the right direction. – Hawk007 Sep 09 '16 at 14:18
What great instruction, every detail covered. Thanks again. – Hawk007 Sep 09 '16 at 15:45
You're welcome, I'll edit the link into the question, would you mind accepting it using the grey tick/check on the side of my answer when I have? – Arronical Sep 09 '16 at 15:52
Strange, on one vps the first line after login is:
username@vps-domain.com:~$

and on the other its just $ Both are members of the admin group
– Hawk007 Sep 09 '16 at 17:11

Jakuje · Answer 2 · 2016-09-09T14:11:16.673

1

And created a set of ssh keys (rsa) whilst logged into a vps as root. Encryption level 4096 as suggested...

You need to have the private key on your computer. It is useless on the server.

Where do I do that?

On your machine (client) where from you want to connect to the server (the same place, where you have the private key stored now)

Can I use the same to login as a different user?

Use the user, where you have the authorized_keys file. In your case, it looks like ubuntu user.

edited Sep 09 '16 at 14:11

answered Sep 09 '16 at 13:33

Jakuje

6,605
7
30
37

Language barrier here. Host is the server? Both private and public keys were cretaed whilst logged into server and so are both on the server. It seems every instruction I have tried as the one mentioned before is only half done/ or presumes a lot. My bad. – Hawk007 Sep 09 '16 at 14:05
No. Your host is your computer you are using to connect to your server. If it does not work, check the permissions on the path to ~/.ssh/authorized_keys`. – Jakuje Sep 09 '16 at 14:06
The host is not the computer being used to connect to the server, that would be the client. The host could be the server, or even the server which the VPS is hosted inside, the language is confusing. – Arronical Sep 09 '16 at 14:09
Thanks again, ah... so the first issue seems to be solved bu installing puttygen and not just putty. I thought they were the same thing. The instructions will most likely make more sense now. This is the reason In created the keys on the vps as root in the first place. I thought as I was ON MY OWN MACHINE (AKA The CLIENT)... I though I was following the instructions correctly. Doah. Thanks again. Il have another go now. And create keys for a user so I can then disable login as root. – Hawk007 Sep 09 '16 at 14:16
Ok so that went swimmingly thanks to your massive help. Much appreciated. I am presuming (and await your confirmation if possible) that I can now change the ssh port on the vps (and in putty), then after testing I can then disable root user login. As a user of the admin group can the user make changes as root did using sudo commands. Thanks again your help has been invaluable. – Hawk007 Sep 09 '16 at 15:44
Yes. You can do that. But after making changes, restarting ssh server and before disconnecting, make sure you can connect again (from different putty instance for example). If not, check the logs, what is wrong. – Jakuje Sep 09 '16 at 15:45

How To Login to VPS Using SSH/RSA Keys

2 Answers2

Linked