SSH Keys #

What are SSH keys? #

When you want to manually alter the configuration of a server, you can open up a terminal window and connect to it over SSH. Secure shell, or in short SSH, is a protocol that allows you to setup a secure connection between a server and your computer.

Before you can authenticate with the server, you have to generate an SSH key-pair on your computer. This leaves you with two files containing a long string of characters:

  1. A public key stored in a file called ~/.ssh/id_rsa.pub
  2. A private key stored in a file called ~/.ssh/id_rsa

You can think of the private key as a unique identifier for your computer. Therefore, you should never share this file with someone else! The public key on the other hand has to be installed on all the servers with which you like to communicate over SSH.

Once both keys are in place, you can initiate a connection with the server. The SSH protocol will then verify that the private key on your computer matches with one of the public keys on the server, and only if this is the case, the connection will be established.

Generating an SSH key-pair #

Before you generate an new SSH key-pair, you should verify that you do not already have an SSH key-pair on your computer. This can be done by running the following command in a terminal window:

ls ~/.ssh/*.pub

If the command outputs a file called something like ~/.ssh/id_rsa.pub, you already have an SSH key-pair installed and do not need to generate a new one. If you overwrite the existing key with a new one, you will lose access to all servers on which the existing public key is installed.

In the case when no such file is returned, the first step to generate an SSH key-pair on your computer is running the following command:

ssh-keygen

After entering the command, you should see the following output:

Generating public/private rsa key pair.
Enter file in which to save the key (~/.ssh/id_rsa):

By default, the SSH key will be named id_rsa and will be stored in the .ssh/ subdirectory of the home folder (~/) on your machine. Although you could change the name and location, it is recommended to stick with the defaults. To do so, just press enter.

You should now see the following prompt:

Enter passphrase (empty for no passphrase):

Here you are asked if you want to secure the private key file on your machine with a passphrase. This is a recommended additional security measure you can take to make it harder for others to use your private key if it would somehow end up in wrong hands. By securing the private key with a passphrase, no one will be able to establish a connection with it, without first entering that passphrase.

However, this also implies that whenever you initiate an SSH connection, you will have to manually type in the passphrase. This may be a problem if you plan to automate some server management tasks which you like to run without human intervention. In this case, you can provide a blank/empty passphrase.

Complete the generation of the SSH key-pair by providing a secure or empty passphrase, followed by enter. Thereafter, you should see the following output:

Your identification has been saved in ~/.ssh/id_rsa.
Your public key has been saved in ~/.ssh/id_rsa.pub.
The key fingerprint is:
a9:49:2e:2a:5e:33:3e:a9:de:4e:77:11:58:b6:90:26 [email protected]_host
The key's randomart image is:
...

You now have generated an SSH key-pair that you can use to authenticate with your servers. It consist of two files which, depending on the name you specified during the generation, are located at the following locations:

  1. The public key is stored in file ~/.ssh/id_rsa.pub
  2. The private key is stored in file ~/.ssh/id_rsa

Installing the public key on your server #

When you have an SSH key-pair on your computer, the next step is to install the public key on your server. Luckily this is something Smoothy takes care of for you.

The first step is to grab your public key and copy it to your clipboard. If you are working on a Mac, you can do this using a single command:

pbcopy < ~/.ssh/id_rsa.pub

If you are working on a Windows or Linux machine, you should run the following command to display the contents of your public key:

cat ~/.ssh/id_rsa.pub

The output of this command should look something like this:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCqql6MzstZYh1TmWWv11q5O3pISj2ZFl9HgH1JLknLLx44+tXfJ7mIrKNxOOwxIxvcBF8PXSYvobFYEZjGIVCEAjrUzLiIxbyCoxVyle7Q+bqgZ8SeeM8wzytsY+dVGcBxF6N4JS+zVk5eMcV385gG3Y6ON3EG112n6d+SMXY0OEBIcO6x+PnUSGHrSgpBgX7Ks1r7xqFa7heJLLt2wWwkARptX7udSq05paBhcpB0pHtA1Rfz3K2B+ZVIpSDfki9UVKzT8JUmwW6NNzSgxUfQHGwnW7kj4jp4AT0VZk3ADw497M2G/12N0PPB5CnhHf7ovgy6nL1ikrygTKRFmNZISvAcywB9GVqNAVE+ZHDSCuURNsAInVzgYo9xgJDW8wUw2o8U77+xiFxgI5QSZX3Iq7YLMgeksaO4rBJEa54k8m5wEiEE1nUhLuJ0X/vh2xPff6SQ1BL/zkOhvJCACK6Vb15mDOeCSq54Cr7kvS46itMosi/uS66+PujOO+xt/2FWYepz6ZlN70bRly57Q06J+ZJoc9FfBCbCyYH7U/ASsmY095ywPsBo1XQ9PqhnN1/YOorJ068foQDNVpm146mUpILVxmq41Cj55YKHEazXGsdBIbXWhcrRf4G2fJLRcGUr9q8/lERo9oxRm5JFX6TCmj6kmiFqv+Ow9gI0x8GvaQ== [email protected]

Select the output and copy it to your clipboard.

Now head over to Smoothy, and on the deployments page of your team click on one of your Docker servers. Next, in the navigation on the left, click on the page called SSH keys.

SSH keys

On this page, you find a list of all the public SSH keys that are installed on your server through Smoothy. To add our own public key to this list, in the right upper corner of the table, click on "Create SSH key".

Next a form will appear, as shown in the screenshot below. You should now paste your public key into the textarea and give your SSH key a name. The name serves merely for your own convenience, so that you at any point in time know which public key belongs to which computer.

Add SSH key

After clicking create, your SSH key will be installed by Smoothy on your server, and you are ready to initiate your first connection between your computer and your server.

Initiating an SSH connection with your server #

If you successfully installing the public key on your computer on your server, you should now be able to SSH into your server by running the following command:

ssh [email protected]

If this is your first time connecting to this server, you may see a message similar to the following:

The authenticity of host '253.186.16.152 (253.186.16.152)' can't be established.
ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.
Are you sure you want to continue connecting (yes/no)?

Type yes and then press enter to continue. If you secured the private key of your computer with a passphrase, you will now be prompted to enter this passphrase. Thereafter, a new terminal session with your server will open.