Skip to main content

VPS: Generating and using SSH keys for Linux servers

This guide was created with the following products:

(Details may vary with products from different providers but the main concepts remain the same)

Generate SSH Key

For a connection that is much more secure, such as a conventional connection with the SSH password, the use of SSH keys is recommended. To do this, open the "Access & Security" tab in the Linux server's dashboard.

In "Access & Security" you can now generate a key with the "Generate SSH Key" button. As soon as this is pressed, a popup opens and a randomly generated key is downloaded directly to the PC. In order for the key to be added to the server, the "Add Key" button must be clicked.

info

In the case of Linux VPSs, the key is added directly. In the case of Linux Root Servers, the server must be restarted in order for these changes to take effect.

If further keys are required, the "Generate Key" button can be pressed in the same window. With "Key name" you can set a name for the key, which should be displayed in the ZAP-Hosting panel. This is recommended for a much better overview.

If all the desired keys have been generated and added, they will now be displayed under "Access & Security".

If you have your own public key, which you generated externally and not via our panel, you can integrate it by clicking on the "+" Icon.

An empty panel opens in which you can insert your own public key. The key is then added to the server by pushing the "Add Key" function and then displayed in our panel.

OpenSSH to PuTTY Private Key with PuTTYGen

The SSH keys created by our panel are in OpenSSH format. In order to be able to use these with PuTTY, these keys must first be converted to the PuTTY private key format. You can use the "PuTTYGen" Software that is automatically installed by PuTTY.

The PuTTYGen application is located in the PuTTY root directory. By default, the PuTTY folder would be shown in the example picture at " C:>Program Files>PuTTY"

Start the PuTTYGen application and then click on "File" -> "Load private key"

Now the file generated by ZAP-Hosting must be opened. To do this, you have to go to the standard directory where all your downloads are stored.

info

Important: Make sure that you have the filter set to "ALL Files" as shown in the picture , as the .pri file created by the system cannot be seen.

As soon as this has been loaded, you can now use the various fields to specify both comments and a password for the keys. In order to set the password, this desired password must be entered in both "Key passphrase" and "Confirm passphrase". Note: You can also leave these fields blank and create the key without a password, but this would be a bit less secure and therefore not recommended. As soon as all desired entries have been set, a key compatible with PuTTY can be saved with the button "Save private key".

Name this .ppk file and save it so that it can be found again later.

SSH Key Connection

In order for the key to be used for the connections, it must first be linked with Putty. To do this, click "SSH" - "Auth" - "Browse...".

Find the key you just created using PuTTYGen and push "Open".

So that you don't have to repeat these steps for every connection, it would be recommended to save this in the session. To do this, click "Session" - "Default Settings" - "Save", as can be seen in the screenshot.

You can now log into the server with Putty. The "Key comment" entered in PuTTYGen can then be seen there.

Deactivate Login with Password

The SSH keys were created to increase security. If the login with the SSH password is still possible, the security of the server has not yet changed. For this reason, the SSH login must now be deactivated via a password. There is a difference between Linux VPSs and Linux root servers in how this login has to be deactivated. If the login for your server has been correctly deactivated, the connection is only possible for users with the SSH key you have created.

Linux VPS

You can disable the password login in the Access & Secuirty tab easily. Push the Deactive Password Login button next to the Generate SSH Key Button. Once its deceactivated, its no longer possible to reach the server via password login.

The display for "SSH login via password" would then also be set to "Inactive".

Linux Root server

Unfortunately, this function does not exist with Linux root servers; there it would have to be done manually via SSH. To do this, connect to the server via PuTTY and change the following file with a text editor of your choice. In our example we use "nano".

nano /etc/ssh/sshd_config

In this file, "PasswordAuthentification" must now be changed from "yes" to "no". In addition, the hash (#) in front of "PasswordAuthentification" must be removed.

If "#PasswordAuthentification yes" has been changed to "PasswordAuthentification no" you can close the file on Nano with "CTRL" + "X" and save the changes with "Y".

The SSH service must then be restarted so that the changes are immediately active. Alternatively, these would only be active after a server restart.

service sshd restart

Conclusion

Congratulations, you have successfully installed and configurated your SSH key! If you have any further questions or problems, please contact our support team, who are available to help you every day!