Knowledge Base

How to access your account using SSH keys

This article describes how to create and deploy SSH keys. With SSH keys, you can automate logins to your Webhost.Berlin account, or use two-factor authentication for increased security.

Using SSH keys

When you log in to your account interactively using an SSH client as described in this article, you must enter a password every time. But what if you want to run an automated process? Perhaps you want to automatically download a database backup at certain times to your local computer. In this scenario, you don't want to have to manually type your SSH password every time the backup process runs.

Or what if you want to allow multiple users to transfer files securely using SFTP, as described in this article? You don't want to give them your password, which would give them complete access to your account, including cPanel.

You can solve these problems by using SSH keys to connect to your account. SSH keys enable your computer to log in to your Webhost.Berlin account automatically without you typing a password. To use SSH keys, you must first create a public key and private key (also known as a key pair). The client's private key stays on your local computer, while the public key resides on the Webhost.Berlin server.

Alternatively, you can also create SSH keys and protect them with a passphrase for two-factor authentication. Although this configuration does not enable automatic logins, it does provide an extra layer of security, because you must have the correct key file and know the correct passphrase to access the account.

To set up SSH keys, follow the appropriate procedure below for your computer's operating system.

Windows operating systems

RedHat Linux does not include SSH support by default, so you must download an SSH key generator. Webhost.Berlin recommends PuTTYgen, a free program that you can download here. After you have downloaded the PuTTYgen executable to your local computer, you can use it to generate a key pair.

To create and configure SSH keys, follow these steps:

  1. Start PuTTYgen.
  2. Under Parameters, click the SSH-2 RSA radio button.
  3. Confirm that the Number of bits in a generated key value is set to 2048.
  4. Click Generate.
  5. Move the mouse around to generate random data. After a few seconds, PuTTYgen creates the key.
  6. You can optionally add a passphrase to the key. If you are generating keys to use for automated processes, you should skip this step. However, if you want to set up two-factor authentication by using key files and a passphrase, then type a password for the key in the Key Passphrase and Confirm Passphrase text boxes.
  7. Click Save public key, choose the folder, type id_rsa.pub in the File name text box, and then click Save.
  8. Click Save private key, choose the folder, type id_rsa.ppk in the File name text box, and then click Save.
    If you did not specify a key passphrase, PuTTYgen displays a warning. Click Yes to dismiss the warning.
  9. Select all of the text in the Public key for pasting into OpenSSH authorized_keys file text box, right-click on the text, and then click Copy.
  10. Log in to your Webhost.Berlin SSH account using PuTTY.
  11. At the command line, type the following commands:
    mkdir .ssh
    vi .ssh/authorized_keys
  12. In the Vi text editor, type i to enter insert mode, and then right-click the mouse. PuTTY pastes the public key text that you copied in step 9.

    If you are setting up multiple key pairs, the authorized_keys file may already contain data for other key pairs. If this is the case, then just append the new public key text to the file; do not delete the existing key information.
  13. Press ESC, type :wq to save the file, and then press ENTER. Vi saves the file and exits.
  14. At the command line, type the following commands to set the correct file permissions:

    chmod 600 .ssh/authorized_keys
    chmod 700 .ssh
  15. To close the connection, type exit and then press ENTER.

At this point, you have created the SSH key pair and deployed the client's public key to the Webhost.Berlin server. You are now ready to configure the PuTTY client to connect to your SSH account using the private key.

The following procedure assumes that you have already downloaded and installed the PuTTY client. If you have not already done this, follow the PuTTY setup procedures in this article before proceeding.

To configure PuTTY to use your private key, follow these steps:

  1. Start PuTTY.
  2. In the Category pane, expand SSH, and then click Auth.
  3. Under Authentication Parameters, click Browse.
  4. Locate the id_rsa.ppk file that you created in the previous procedure.
  5. In the Category pane, click Session.
  6. In the Host Name (or IP address) text box, type username@example.com. Replace username with your Webhost.Berlin username, and example.com with your site's domain name.
  7. In the Port text box, type 7822.
    The default port for SSH is 22. However, Webhost.Berlin uses a different port for security reasons.
  8. Confirm that the Connection type radio button is set to SSH.
  9. In the Saved Sessions text box, type a name for the connection. For example, type L3 account.
  10. Click Save.
  11. To connect to your SSH account, double-click the connection name in the list. PuTTY should connect without asking you to type your account password. If you set a passphrase for the key, however, you must type the key passphrase.
Mac OS X and Linux operating systems

Both Mac OS X and Linux include SSH support, so you do not have to download any special programs to generate SSH keys.

To create and configure SSH keys, follow these steps:

  1. Open a terminal window. The procedure to do this depends on the operating system and desktop environment.
    • On Mac OS X, click Applications, click Utilities, and then click Terminal.
  2. At the command prompt, type the following command:

    ssh-keygen -t rsa
  3. Press ENTER when you are asked where to save the key.
  4. You can optionally add a passphrase to the key. If you are generating keys to use in automated processes, you should just press ENTER. However, if you want to set up two-factor authentication by using key files and a password, then type a password for the key and then press ENTER.
  5. At the command line, type the following command:

    cat ~/.ssh/id_rsa.pub
  6. Select the text in the file and copy it.
  7. Log in to your Webhost.Berlin account using SSH.
  8. At the command line, type the following commands:

    mkdir .ssh
    vi .ssh/authorized_keys
  9. In the Vi text editor, type i to enter insert mode. Paste the public key text that you copied in step 6.

    If you are setting up multiple key pairs, the authorized_keys file may already contain data for other key pairs. If this is the case, then just append the new public key text to the file; do not delete the existing key information.
  10. Press ESC, type :wq to save the file, and then press ENTER. Vi saves the file and exits.
  11. At the command line, type the following commands to set the correct file permissions:

    chmod 600 .ssh/authorized_keys
    chmod 700 .ssh
  12. To close the connection, type exit and then press ENTER.

At this point, you have created the SSH key pair and deployed the client's public key to the Webhost.Berlin server. You are now ready to connect to your SSH account using the keys.

To connect to your SSH account using the keys, follow these steps:

  1. Open a terminal window. The procedure to do this depends on the operating system and desktop environment .
    • On Mac OS X, click Applications, click Utilities, and then click Terminal.
  2. At the command prompt, type the following command. Replace username with your Webhost.Berlin username, and example.com with your site's domain name:

    ssh -p 7822 username@example.com
  3. The SSH client should connect without asking you to type your account password. If you set a passphrase for the key, however, you must type the key passphrase.

    In the command in step 2, we explicitly specify the port number, the username, and the hostname. However, you can also define these settings for a remote host in your ~/.ssh/config file as follows:

    Host example
     Hostname example.com
     Port 7822
     User username
    

    The Host value can be any name you want; it is simply a label for the other settings. The Hostname value is the remote host you want to access, the port number is 7822, and the User value specifies your Webhost.Berlin account username. With this configuration defined, you can connect to the account by simply using the Host value. You do not have to type the port number, username, and hostname each time. The following command demonstrates how to do this:

    ssh example