Site5 - Built For Designers & Developers MENU
Home  ›  Shell Access (SSH)  ›  SSH: How to generate keys and login to your account with SSH (Mac/Linux)

SSH: How to generate keys and login to your account with SSH (Mac/Linux)

20 Comments

If you are on a Windows-based computer, please check out this tutorial instead:

1. On your workstation (not your web hosting account), open a new terminal window.

Mac: Go to Applications > Utilities > Terminal

Linux: Depends heavily on which window manager you are using, but you should be able to use the “search” function in your window manager and find “Terminal.” Otherwise, consult the documentation for your specific window manager or operating system. Ubuntu provides some helpful information

2. Type the following command to generate a new public/private SSH key pair (and then press enter on your keyboard):

ssh-keygen -t dsa

You will receive something similar to the following output (where username is the actual username on your account):

Generating public/private dsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_dsa):

3. Press the enter key on your keyboard as the default location will be fine.

4. You will then be prompted for a passphrase. Make sure you set a passphrase! It should be a secure passphrase and not something that could be easily guessed or a password that you use elsewhere.

5. Once that is done, you should see something similar to the following output letting you know the key generation is complete:

Your identification has been saved in /home/username/.ssh/id_dsa.
Your public key has been saved in /home/username/.ssh/id_dsa.pub.
The key fingerprint is:
da:5d:sd:9e:z8:79:8d:ed:13:07:61:17:8c:3d:39:cb [email protected]

6. As mentioned in the output above, your public and private keys are now stored in the following directories:

Private Key: /home/username/.ssh/id_dsa
Public Key: /home/username/.ssh/id_dsa.pub

Your public key can be given to anyone and put on any server — it is public.

Your private key should remain on your workstation and NEVER be given to anyone.

It would be a good idea to make a backup of your keys and put them in a safe place, just in case.

7. In order for key authentication to work, we need to copy the public key to your Site5 account. First, login to your account via SSH as you normally would (replace the user and hostname with your actual account info):

ssh username@yourhostname.accountservergroup.com 
 
or
ssh username@yourhostname.webserversystems.com

(you will need to enter your account password)

8. Once logged in, type the following command (and press the enter key on your keyboard when done):

mkdir ~/.ssh; touch ~/.ssh/authorized_keys; chmod 600 ~/.ssh/authorized_keys; chmod 700 ~/.ssh

9. Next, open up the “authorized_keys” file we just made on the server using your favorite text editor (vim/nano/emacs). Vim will be used in this demo:

nano ~/.ssh/authorized_keys

10. Find the public key you created earlier on your workstation (/home/username/.ssh/id_dsa.pub) and copy the contents of that file into the “authorized_keys” file. Make sure you copy the public key, not the private key. Save the file and close it.

Note: You will also need to ensure that any hard returns are removed so that the key only appears on a single line.

Correct Example:
ssh-dss AAAAB……tSvH2g== user@linux

Incorrect:
ssh-dss
AAAAB……tSvH2g==
user@linux

When you SSH to your account next time, you should be prompted for the passphrase of your key, but subsequent logins within that session will not require the passphrase again.

Still have a question? Or need help?
If you need technical support with your account, please email us or chat live with a representative.

20 Comments

  • I tried this and got a remote host identification change error. It says the host key and the IP address have changed at the same time. How do I resolve?

    • It could be due caused by a number of reasons, the most common being that the account was recently migrated to a new server/ip. In situations like this, you can just click the “Accept” or “Yes” button. Doing this will update the host information on your computer and you will not be given that notification again while it resides on this new server/ip.

      If you have any other questions, please just let us know!

  • Hi all,

    I have managed to complete all the steps as written above.

    However, when I try to connect now, the connection is immediately closed by the remote host.

    localhost:~ user$ ssh [email protected]
    Connection closed by xxx.xxx.xxx.xxx

    Of course, I did replace the user- and hostname as per my credentials.

    Any ideas to get around this?
    Best,
    Urs

    • Hello Urs,

      I apologize for the inconvenience. It appears that a step was missing from our article. When you copy the public key to the authorized_keys file (step 10), the key needs to be slightly modified to remove any new lines (hard returns). For example…

      If your key looks something like this when you paste it into the authorized_keys file:

      ssh-dss
      AAAAB3NzaC1kc3MAAACBAI7k2GH22Z73zCU………….tKizCMKiiSilC3tSvH2g==
      user@linux

      …it should be changed to this…

      ssh-dss AAAAB3NzaC1kc3MAAACBAI7k2GH22Z73zCU………….tKizCMKiiSilC3tSvH2g== user@linux

      It fails when the key is using multiple lines because the server reads each line of the authorized_keys file as a different key entry. This allows you to add multiple authorized keys simply by putting each new key on its own line.

      If you have any issues, please feel free to contact our support team referencing this comment.

      • I have changed my authorized_keys files entry as you’ve mentioned, however I’m never prompted for my passcode. I followed all of the other instructions. Any ideas? Thanks.

        • Hello Joe,

          I hope this reply finds you well!

          I am sorry to hear you having issues. If you have a moment, I would like to go through a few possible reasons this might not be working.

          1) On step 4, were you prompted to enter a passphrase for your new key?

          2) On step 9, rather than using vi, could you try using nano. It’s a different editor and may be easier to use. Could you open the file (authorized_keys) and double check that the key is present and that the key is only showing on one line?

          3) When you try to login using SSH, what is the prompt that you receive? Are you sending the private key to the server when you first make the connection? What client are you using?

          If you would like, you can either reply here with the information, or you can open a ticket with our support department directly by going to the support tab in Backstage.

  • Hi John, I followed the directions, but I’m not getting “prompted for the passphrase” of my SSH as you mention above. I keep getting prompted for my default account username password, not the SSH passphrase. Any idea why that’s not working for me?

    • Actually scratch this, I got it to work by concatenating my ‘id_dsa.pub’ to my servers ‘authorized_keys’ like this:

      cat ~/.ssh/id_dsa.pub | ssh [email protected] ‘cat – >> ~/.ssh/authorized_keys’

      This method worked ^^^ for anyone else having similar issues like myself.

      • I wasn’t getting prompted for the paraphrase either. This comment solved my problem. Thanks Jonah.

  • Must this be done with the terminal? Most sites allow me to add my SSH keys via a UI.

  • On step 7 you say… “First, login to your account via SSH as you normally would” How can I do this, I haven’t added my keys yet?

    • Hello Jeff,

      I hope this reply finds you well!

      The SSH Keys are not required to login to your account via SSH. This feature is provided for those that wish to use keys with their account.

      You can login to SSH without having keys setup by simply using the same login credentials as your primary FTP account. At that point in time, you can either add keys, or you can continue logging in without keys.

      Unfortunately, we do not currently offer a user interface for managing keys in SiteAdmin. However, if your account uses cPanel, you can manage your keys through the “SSH/Shell Access” tool found in the security section of cPanel.

      If you have any other questions, please feel free leave a comment here, or if you prefer, you can open a ticket with our support department through Backstage.

  • Hello,
    I have the same problem as Jonah Bitautas
    “Hi John, I followed the directions, but I’m not getting “prompted for the passphrase” of my SSH as you mention above. I keep getting prompted for my default account username password, not the SSH passphrase. Any idea why that’s not working for me?”

    but I can’t understand when he said:

    cat ~/.ssh/id_dsa.pub | ssh [email protected] ‘cat – >> ~/.ssh/authorized_keys’

    • Hello Mehdi,

      The command he mentioned would essentially take the contents of ~/.ssh/id_dsa.pub – his public key – and append it to the bottom of the ~/.ssh/authorized_keys file on the server. You don’t need that exact command to do this, of course, but doing so would basically make it a one-step process.

  • My ssh key-based login to site5 stopped working a couple months ago. Is this still working for anyone? Did it break for anyone else?

    • Hello Elvey,

      There are no issues with SSH-key logins to our servers, no. Have you contacted our support team on this?

      • Thanks!

        I had chatted with support. The particular tech wasn’t familiar with SSH-key logins / didn’t know what I was talking about and had simply instructed me to use my username and password.

        Around that time I had edited my ssh_config and sshd_config files in /etc, per suggestions made by the rkhunter tool, but even after I reverted the changes, ssh-keys wouldn’t work to site5.

        I had checked and my key was still in place on the site5 server.
        I’ll keep troubleshooting.

        ssh -p 22 -v @s12-chicago.accountservergroup.com results in:
        OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011

        debug1: Next authentication method: publickey
        debug1: Offering RSA public key: …/id_rsa
        debug1: Authentications that can continue: publickey,password,keyboard-interactive
        debug1: Trying private key: …/id_dsa
        debug1: Next authentication method: keyboard-interactive
        Password:

        With other sites, SSH-key login still works, e.g.:

        debug1: Offering RSA public key: …/id_rsa
        debug1: Server accepts key: pkalg ssh-rsa blen 149
        debug1: read PEM private key done: type RSA
        debug1: Authentication succeeded (publickey).
        Authenticated to shell.sourceforge.net ([216.34.181.119]:22).

        • I’m sorry to hear that you could not get this resolved in chat. Have you opened a ticket? We can get our Level 2 team to take a look for you, through a ticket, if you like.

Money Back Guarantees