SSH: How to generate keys and login to your account with SSH (Mac/Linux)
If you are on a Windows-based computer, please check out this tutorial instead:
1. On your workstation (not your web hosting account), open a new terminal window.
Mac: Go to Applications > Utilities > Terminal
Linux: Depends heavily on which window manager you are using, but you should be able to use the “search” function in your window manager and find “Terminal.” Otherwise, consult the documentation for your specific window manager or operating system. Ubuntu provides some helpful information
2. Type the following command to generate a new public/private SSH key pair (and then press enter on your keyboard):
ssh-keygen -t dsa |
You will receive something similar to the following output (where username is the actual username on your account):
Generating public/private dsa key pair. Enter file in which to save the key (/home/username/.ssh/id_dsa): |
3. Press the enter key on your keyboard as the default location will be fine.
4. You will then be prompted for a passphrase. Make sure you set a passphrase! It should be a secure passphrase and not something that could be easily guessed or a password that you use elsewhere.
5. Once that is done, you should see something similar to the following output letting you know the key generation is complete:
Your identification has been saved in /home/username/.ssh/id_dsa. Your public key has been saved in /home/username/.ssh/id_dsa.pub. The key fingerprint is: da:5d:sd:9e:z8:79:8d:ed:13:07:61:17:8c:3d:39:cb [email protected] |
6. As mentioned in the output above, your public and private keys are now stored in the following directories:
Private Key: /home/username/.ssh/id_dsa Public Key: /home/username/.ssh/id_dsa.pub |
Your public key can be given to anyone and put on any server — it is public.
Your private key should remain on your workstation and NEVER be given to anyone.
It would be a good idea to make a backup of your keys and put them in a safe place, just in case.
7. In order for key authentication to work, we need to copy the public key to your Site5 account. First, login to your account via SSH as you normally would (replace the user and hostname with your actual account info):
ssh username@yourhostname.accountservergroup.com or |
ssh username@yourhostname.webserversystems.com |
(you will need to enter your account password)
8. Once logged in, type the following command (and press the enter key on your keyboard when done):
mkdir ~/.ssh; touch ~/.ssh/authorized_keys; chmod 600 ~/.ssh/authorized_keys; chmod 700 ~/.ssh |
9. Next, open up the “authorized_keys” file we just made on the server using your favorite text editor (vim/nano/emacs). Vim will be used in this demo:
nano ~/.ssh/authorized_keys |
10. Find the public key you created earlier on your workstation (/home/username/.ssh/id_dsa.pub) and copy the contents of that file into the “authorized_keys” file. Make sure you copy the public key, not the private key. Save the file and close it.
Note: You will also need to ensure that any hard returns are removed so that the key only appears on a single line.
Correct Example:
ssh-dss AAAAB……tSvH2g== user@linuxIncorrect:
ssh-dss
AAAAB……tSvH2g==
user@linux
When you SSH to your account next time, you should be prompted for the passphrase of your key, but subsequent logins within that session will not require the passphrase again.
Wendy March 7, 2012 at 9:54 am
I tried this and got a remote host identification change error. It says the host key and the IP address have changed at the same time. How do I resolve?
John Oliver at Site5 March 7, 2012 at 1:40 pm
It could be due caused by a number of reasons, the most common being that the account was recently migrated to a new server/ip. In situations like this, you can just click the “Accept” or “Yes” button. Doing this will update the host information on your computer and you will not be given that notification again while it resides on this new server/ip.
If you have any other questions, please just let us know!
caratage September 27, 2012 at 2:10 am
Hi all,
I have managed to complete all the steps as written above.
However, when I try to connect now, the connection is immediately closed by the remote host.
localhost:~ user$ ssh [email protected]
Connection closed by xxx.xxx.xxx.xxx
Of course, I did replace the user- and hostname as per my credentials.
Any ideas to get around this?
Best,
Urs
John Oliver at Site5 September 27, 2012 at 3:14 pm
Hello Urs,
I apologize for the inconvenience. It appears that a step was missing from our article. When you copy the public key to the authorized_keys file (step 10), the key needs to be slightly modified to remove any new lines (hard returns). For example…
If your key looks something like this when you paste it into the authorized_keys file:
…it should be changed to this…
It fails when the key is using multiple lines because the server reads each line of the authorized_keys file as a different key entry. This allows you to add multiple authorized keys simply by putting each new key on its own line.
If you have any issues, please feel free to contact our support team referencing this comment.
Joe April 8, 2013 at 9:05 pm
I have changed my authorized_keys files entry as you’ve mentioned, however I’m never prompted for my passcode. I followed all of the other instructions. Any ideas? Thanks.
John Oliver at Site5 April 9, 2013 at 3:40 pm
Hello Joe,
I hope this reply finds you well!
I am sorry to hear you having issues. If you have a moment, I would like to go through a few possible reasons this might not be working.
1) On step 4, were you prompted to enter a passphrase for your new key?
2) On step 9, rather than using vi, could you try using nano. It’s a different editor and may be easier to use. Could you open the file (authorized_keys) and double check that the key is present and that the key is only showing on one line?
3) When you try to login using SSH, what is the prompt that you receive? Are you sending the private key to the server when you first make the connection? What client are you using?
If you would like, you can either reply here with the information, or you can open a ticket with our support department directly by going to the support tab in Backstage.
Jonah Bitautas December 4, 2012 at 12:53 am
Hi John, I followed the directions, but I’m not getting “prompted for the passphrase” of my SSH as you mention above. I keep getting prompted for my default account username password, not the SSH passphrase. Any idea why that’s not working for me?
Jonah Bitautas December 4, 2012 at 1:08 am
Actually scratch this, I got it to work by concatenating my ‘id_dsa.pub’ to my servers ‘authorized_keys’ like this:
cat ~/.ssh/id_dsa.pub | ssh [email protected] ‘cat – >> ~/.ssh/authorized_keys’
This method worked ^^^ for anyone else having similar issues like myself.
Andre January 16, 2014 at 8:38 pm
I wasn’t getting prompted for the paraphrase either. This comment solved my problem. Thanks Jonah.
Jeff Noyes September 24, 2013 at 1:48 pm
Must this be done with the terminal? Most sites allow me to add my SSH keys via a UI.
Jeff Noyes September 24, 2013 at 1:51 pm
On step 7 you say… “First, login to your account via SSH as you normally would” How can I do this, I haven’t added my keys yet?
John Oliver at Site5 September 25, 2013 at 4:51 pm
Hello Jeff,
I hope this reply finds you well!
The SSH Keys are not required to login to your account via SSH. This feature is provided for those that wish to use keys with their account.
You can login to SSH without having keys setup by simply using the same login credentials as your primary FTP account. At that point in time, you can either add keys, or you can continue logging in without keys.
Unfortunately, we do not currently offer a user interface for managing keys in SiteAdmin. However, if your account uses cPanel, you can manage your keys through the “SSH/Shell Access” tool found in the security section of cPanel.
If you have any other questions, please feel free leave a comment here, or if you prefer, you can open a ticket with our support department through Backstage.
Mehdi March 3, 2014 at 3:45 am
Hello,
I have the same problem as Jonah Bitautas
“Hi John, I followed the directions, but I’m not getting “prompted for the passphrase” of my SSH as you mention above. I keep getting prompted for my default account username password, not the SSH passphrase. Any idea why that’s not working for me?”
but I can’t understand when he said:
cat ~/.ssh/id_dsa.pub | ssh [email protected] ‘cat – >> ~/.ssh/authorized_keys’
James Davey March 3, 2014 at 8:09 am
Hello Mehdi,
The command he mentioned would essentially take the contents of ~/.ssh/id_dsa.pub – his public key – and append it to the bottom of the ~/.ssh/authorized_keys file on the server. You don’t need that exact command to do this, of course, but doing so would basically make it a one-step process.
Elvey September 27, 2014 at 5:22 pm
My ssh key-based login to site5 stopped working a couple months ago. Is this still working for anyone? Did it break for anyone else?
James Davey September 29, 2014 at 8:36 am
Hello Elvey,
There are no issues with SSH-key logins to our servers, no. Have you contacted our support team on this?
Elvey September 29, 2014 at 3:02 pm
Thanks!
I had chatted with support. The particular tech wasn’t familiar with SSH-key logins / didn’t know what I was talking about and had simply instructed me to use my username and password.
Around that time I had edited my ssh_config and sshd_config files in /etc, per suggestions made by the rkhunter tool, but even after I reverted the changes, ssh-keys wouldn’t work to site5.
I had checked and my key was still in place on the site5 server.
I’ll keep troubleshooting.
ssh -p 22 -v @s12-chicago.accountservergroup.com results in:
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
…
debug1: Next authentication method: publickey
debug1: Offering RSA public key: …/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: …/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
With other sites, SSH-key login still works, e.g.:
…
debug1: Offering RSA public key: …/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to shell.sourceforge.net ([216.34.181.119]:22).
James Davey September 29, 2014 at 4:40 pm
I’m sorry to hear that you could not get this resolved in chat. Have you opened a ticket? We can get our Level 2 team to take a look for you, through a ticket, if you like.
Elvey May 7, 2015 at 5:44 pm
My public keys were in ~/.ssh/authorized_keys2 rather than in ~/.ssh/authorized_keys and at some point, the sshd configuration was changed not to look for the former file.
For more info on these two files see:
http://serverfault.com/questions/116177/whats-the-difference-between-authorized-keys-and-authorized-keys2
The fix I went with was: cd ~/.ssh ; ln -s authorized_keys2 authorized_keys
James Davey May 8, 2015 at 5:25 am
You’ve symlinked the two files. A nice solution, and I am glad to hear this is now working for you.