- 13/03/2008 6:14 AM
What are the advantages of an SSH key?
An SSH key allows you to connect to your account via SSH without having to enter your password. It is also more secure as long as you protect your keyfile. You can also passphrase protect the keyfile, which is good if you are concerned that the keyfile that you keep on your local computer may be accessible to others.
You MUST protect the keyfile if you choose not to have a passphrase on it. If someone were to obtain that file, they could get into your account. Some users put it on USB keys or other media that they can remove from their computers when they're not using it and store in a safe place.
How to Generate an SSH Key
Login to cPanel and click the "SSH/Shell Access" icon,
On this page, click "Manage SSH Keys", then click "Generate a New Key". On the form that appears, leave the key name blank (which will default to id_dsa), enter a passphrase, and click Generate. You can download the generated private key on the "Manage SSH Keys" page.
If you want to have a key without a passphrase, just follow the instructions below. They will work on cPanel as well.
Connect to your account via SSH and issue these commands:
ssh-keygen -t dsa
Just hit enter on all questions, the defaults are fine. Do not enter a passphrase unless you want one.
mv ~/.ssh/id_dsa.pub ~/.ssh/authorized_keys chmod 0700 ~/.ssh chmod 0600 ~/.ssh/* chmod 0751 ~ cat ~/.ssh/id_dsa
When you run the last command, it will display the private key. Copy and paste that key into a text editor and save it as
id_dsa. Alternatively you can download it using FTP or SCP. Either way, delete the file once you've saved it as you don't need it on the server anymore (and in fact, do NOT want it on the server), via FTP, or by running:
rm -f ~/.ssh/id_dsa
It is now ready for use in your SSH client of choice.
Converting the Key to PPK (for Windows users ONLY)
If you are using PuTTY for Windows to connect via SSH you must convert your keyfile into the PPK format. To do so, launch PuTTYgen (which is available on the PuTTY download page or as part of the full PuTTY setup pack in the Start menu).
Click the "Load" button and select the id_dsa file you generated from the previous instructions. Once that has been loaded. click "Save private key". You will be prompted to enter a passphrase if you setup one. This will create a file called id_dsa.ppk, which you can use with PuTTY.