Updated by LinodeWritten by Linode
id_rsa
. The private key is stored on your local computer and should be kept secure, with permissions set so that no other users on your computer can read the file.Caution
id_rsa.pub
. The public key is placed on the server you intend to log in to. You can freely share your public key with others. If someone else adds your public key to their server, you will be able to log in to that server.id_rsa.pub
). For instance, services like GitHub and Gitlab allow you to place your SSH public key on their servers to streamline the process of pushing code changes to remote repositories.authorized_keys
file. This file is stored inside a directory named .ssh/
under the user’s home folder. A user’s authorized_keys
file can store more than one public key, and each public key is listed on its own line. If your file contains more than one public key, then the owner of each key listed will be able to log in as that user. Key generator transformation in bods.authorized_keys
file, just as you would add your own. To revoke access for that person, remove that same line and save the changes.CautionThis command will overwrite an existing RSA key pair, potentially locking you out of other systems.If you’ve already created a key pair, skip this step. To check for existing keys, runls ~/.ssh/id_rsa*
.If you accidentally lock yourself out of the SSH service on your Linode, you can still use the Lish console to login to your server. After you’ve logged in via Lish, update yourauthorized_keys
file to use your new public key. This should re-establish normal SSH access.
-b
flag instructs ssh-keygen
to increase the number of bits used to generate the key pair, and is suggested for additional security.id_rsa
and id_rsa.pub
in the /home/your_username/.ssh
directory before entering your passphrase.ssh-copy-id
is a utility available on some operating systems that can copy a SSH public key to a remote server over SSH.ssh-copy-id
, pass your username and the IP address of the server you would like to access:scp
) is a tool that copies files from a local computer to a remote server over SSH:authorized_keys
file on your server. If you have already set up other public keys on your server, use the ssh-copy-id
command or enter your key manually.~/.ssh
directory and authorized_keys
file if they don’t already exist:~/.ssh
directory and authorized_keys
files appropriate file permissions:scp
to copy the contents of your SSH public key (id_rsa.pub
) into the authorized_keys
file on your server. Substitute in your own username and your server’s IP address:ssh-rsa
and ends with [email protected]
.~/.ssh
directory and authorized_keys
file if they don’t already exist:~/.ssh
directory and authorized_keys
files appropriate file permissions:authorized_keys
file with the text editor of your choice (nano
, for example). Then, paste the contents of your public key that you copied in step one on a new line at the end of the file.NoteIf you initially logged into the server asroot
but edited theauthorized_keys
file of another user, then the.ssh/
folder andauthorized_keys
file of that user may be owned byroot
. Set that other user as the files’ owner:
CautionDo not allow the local machine to remember the passphrase in its keychain unless you are on a private computer which you trust.
puttygen.exe
) and PuTTY (putty.exe
) from the official site.puttygen.exe
. The RSA
key type at the bottom of the window is selected by default for an RSA key pair but ED25519
(EdDSA using Curve25519) is a comparable option if your remote machine’s SSH server supports DSA signatures. Do not use the SSH-1(RSA)
key type unless you know what you’re doing.2048
bits 4096
and click Generate:.txt
file or some other plaintext format. This is important–a rich text format such as .rtf
or .doc
can add extra formatting characters and then your private key won’t work:ppk
file extension. If you plan to create multiple key pairs for different servers, be sure to give them different names so that you don’t overwrite old keys with new:putty.exe
. Find the Connection tree in the Category window, expand SSH and select Auth. Click Browse and navigate to the private key you created above:22
, the IANA assigned port for for SSH traffic. Change it if your server is listening on a different port. Name the session in the Saved Sessions text bar and click Save:.ssh
directory in your home directory on your Linode, create a blank authorized_keys
file inside, and set their access permissions:authorized_keys
file with the text editor of your choice (nano
, for example). Then, paste the contents of your public key that you copied in step one on a new line at the end of the file.authorized_keys
file on your server. If you have already set up other public keys on your server, use the PuTTY instructions instead./home/your_username/.ssh/authorized_keys
.NoteIf you are viewing the Cloud Manager in a smaller browser window or on a smaller device, then the My Profile link will appear in the sidebar links. To view the sidebar links, click on the disclosure button to the left of the blue Create button at the top of the page.
id_rsa.pub
):Authentication Type | When to use | Secure? | Ease of setup | Additional tools |
---|---|---|---|---|
Personal access tokens | You need an easy to configure credential or need configurable access controls | Very secure (when using HTTPS) | Easy | Optional (Git credential managers) |
SSH | You already have SSH keys set up, or are on macOS or Linux | Very secure | Intermediate | Windows users will need the SSH tools included with Git for Windows |
Alternate credentials | You can't use personal access tokens or SSH | Least secure | Easy | See important information about alternate credentials |