Setup an SSH Key Pair

All SSH Clients, such as openssh or putty, and all SFTP clients (eg winscp) support the use of SSH keys, which are much more secure than passwords for authenticating SSH connections.

 

It is very easy to setup an SSH key pair, here are some instructions for common SSH, SCP and SFTP clients:

 

OpenSSH (Mac, Linux, BSD, Cygwin on Windows and many other platforms)

 

#Check if you already have an ssh key:
cat ~/.ssh/id_rsa.pub

#If not:
ssh-keygen

#then provide us with the contents of ~/.ssh/id_rsa.pub:
cat ~/.ssh/id_rsa.pub

Putty or Kitty & WinSCP  (Windows)

To generate a set of RSA keys with PuTTYgen:

  1. Start the PuTTYgen utility, by double-clicking on its .exe file;

  2. For Type of key to generate, select SSH-2 RSA;

  3. In the Number of bits in a generated key field, specify either 2048 or 4096 (increasing the bits makes it harder to crack the key by brute-force methods);

  4. Click the Generate button;

  5. Move your mouse pointer around in the blank area of the Key section, below the progress bar (to generate some randomness) until the progress bar is full;

  6. A private/ public key pair has now been generated;

  7. In the Key comment field, enter any comment you'd like, to help you identify this key pair, later (e.g. your e-mail address; home; office; etc.) -- the key comment is particularly useful in the event you end up creating more than one key pair;

  8. Optional: Type a passphrase in the Key passphrase field & re-type the same passphrase in the Confirm passphrase field (if you would like to use your keys for automated processes, however, you should not create a passphrase);

  9. Click the Save public key button & choose whatever filename you'd like (some users create a folder in their computer named my_keys);

  10. Click the Save private key button & choose whatever filename you'd like (you can save it in the same location as the public key, but it should be a location that only you can access and that you will NOT lose! If you lose your keys and have disabled username/password logins, you will no longer be able log in!);

  11. Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and choose Select All;

  12. Right-click again in the same text field and choose Copy.

NOTE: PuTTY and OpenSSH use different formats for public SSH keys. If the SSH Key you copied starts with "---- BEGIN SSH2 PUBLIC KEY ...", it is in the wrong format. Be sure to follow the instructions carefully. Your key should start with "ssh-rsa AAAA ...."

What to do with it, once you've created your key

Your SSH key can now be used in multiple places:

  1. You can set organization-wide global keys, which will allow access to all your Idealstack sites.  Edit this under Organization in the left menu in idealstack
  2. You can set an SSH key just for a particular site by editing that site
  3. You can upload your keypair in AWS and then select that keypair when create or editing a stack - this will allow you to SSH to your instances (in addition to the individual sites running on them)