When you purchase a VPS from RJ Network Services, we provision your server to use SSH public key authentication for you to connect to your website. SSH public key authentication is a more secure alternative than password authentication because it generates asymmetric cryptographic algorithms that generate a pair of separate keys called a key pair, one “private” and the other “public” that must reside on your local computer to authenticate your connection. For additional security (highly recommended), you can add a passphrase to your SSH key pair when you generate it. If you leave your computer unattended, the rogue user will need your SSH passphrase to connect. If you have a laptop, you can easily copy the private keypair using a USB thumb-drive. Never share your private keypair with anyone!
This is where RJ Network Services differentiates itself from the others. Most web hosting companies enable password authentication to limit the additional support required to provision your website. This is an additional security risk, as hackers can run password generating programs to login to your site. We disable password authentication and make it easy for you to connect securely.
Once you generate your keypair, all you have to do is send the public key to us. Because the private key is required to connect, you don’t have to guard your public key the same way as you would for your private key.
RJ Network Services strives to offer the best technical support available. If you don’t want to deal with it, you can just skip everything in this article and we will do it all for you. Send an email to firstname.lastname@example.org requesting installation of OpenSSH keypairs and/or SFTP application.
Next: How to generate a SSH keypair from a Linux, Mac and Windows PC.
Generate a SSH keypair on a Linux or Mac
Log into the computer you’ll use to access the remote host
At the command line enter
ssh-keygen -t rsa
You will be prompted to supply a filename (for saving the key pair) and a passphrase (for protecting your private key):
The default file name is ~/.ssh/id_rsa for the private key and ~/.ssh/id_rsa.pub for the public key.
If you want to specify another name, be sure to include the path with the filename i.e. ~/.ssh/my_key
For additional security, I recommend that you enter a passphrase for the key.
That’s all! Send us your public key to install on your system. Once installed, you can use any SFTP app to connect to your website.
Set up public key authentication on a Windows PC
There are multiple ways to create a SSH keypair on a Windows PC. You can use the Windows OpenSSH Client, or use PuTTYgen, a tool from the PuTTY SSH Client. I prefer the Windows OpenSSH Client because it installs the new version of OpenSSH which is compatible with 3rd party Windows applications such as Adobe Dreamweaver. If you use WinSCP for file transfer, you will nee the PuTTY keypair. FileZilla can use either.
Using the Windows OpenSSH Client
Step 1: Verify that you have the OpenSSH Client installed.
- On your Windows PC, open the Settings panel, then click Apps.
- Under the Apps and Features heading, click Optional Features.
- Scroll down the list to see if OpenSSH Client is listed.
- If it’s not, click the plus-sign next to Add a feature.
- Scroll through the list to find and select OpenSSH Client.
- Finally, click Install.
Step 2: Open a command prompt
- Press the Windows key
- Type cmd
- Under Best Match, right-click Command Prompt.
- Click Run as Administrator.
- If prompted, click Yes in the Do you want to allow this app to make changes to your device? pop-up.
Step 3: Use OpenSSH to Generate an SSH Key Pair
- In the command prompt, type the following:
By default, the system will save the keys to C:\users\your_username\.ssh\id_rsa. You can use the default name, or you can choose more descriptive names. This can help distinguish between keys, if you are using multiple key pairs. To stick to the default option, press Enter.
You’ll be asked to enter a passphrase.
I recommend that you enter a passphrase for additional security.
The system will generate the key pair, and display the key fingerprint and a randomart image.
Open your File Explorer and navigate to C:\users\your_username\.ssh.
You should see two files. The identification is saved in the id_rsa file and the public key is labeled id_rsa.pub. This is your SSH key pair.
That’s all! Send us your public key to install on your system.
You can now use FileZilla, or any application that supports OpenSSH keys to connect to your website.
Using PuTTYgen to generate an OpenSSH PuTTY .ppk keypair for WinSCP SFTP Client
Step 1: Install PuTTY
- Open your browser and go to https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
- Click the package link next to 64-bit x86:
- Run the installation wizard using the defaults
- Step 2: Run the PuTTY SSH Key Generator
- Press the Windows key.
- Type puttygen.
- Under Best Match, right-click PuTTYgen.
- Click Run as administrator.
- If prompted, click Yes on the Do you want to allow this app to make changes to your device? pop-up
- In the PuTTY Key Generator window, click Generate.
- Move the cursor around in the gray box to fill up the green bar.
- You will see a box labeled “Public key for pasting into OpenSSH authorized_keys file:”
- Select all of the text in this box and paste it and save it to a text file to send to us.
- Click the button labeled Save public key.
- Choose a location to save the key.
- Give the key a name (e.g., my_website_key.pub)
- Click the button labeled Save the Private Key.
- Choose a location to save the key.
- Give the key a name (e.g., my_website_key.ppk)
That’s it! Send us your public key to install on your system.
You can now use WinSCP to connect to your website.