Featured image for Creating and Using SSH Keys with DigitalOcean
Creating and Using SSH Keys with DigitalOcean
Extras 1
12/15/2019 Module 6

Creating and Using SSH Keys with DigitalOcean

About SSH Keys

SSH keys provide a more secure way of logging into a virtual private server with SSH than using a password alone. While a password can eventually be cracked with a brute force attack, SSH keys are nearly impossible to decipher by brute force alone. Generating a key pair provides you with two long string of characters: a public and a private key. You can place the public key on any server, and then unlock it by connecting to it with a client that already has the private key. When the two match up, the system unlocks without the need for a password. You can increase security even more by protecting the private key with a passphrase.

On Mac or Linux

Step One—Create the RSA Key Pair

The first step is to create the key pair on your computer. ssh-keygen -t rsa

Step Two—Store the Keys and Passphrase

Once you have entered the Gen Key command, you will get a few more questions:

Enter file in which to save the key (/home/USER/.ssh/id_rsa):

You can press enter here, saving the file to the user home (in this case, my example user is called demo).

Enter passphrase (empty for no passphrase):

It's up to you whether you want to use a passphrase. Entering a passphrase does have its benefits: the security of a key, no matter how encrypted, still depends on the fact that it is not visible to anyone else. Still, I recommend that you don't use a passphrase.

The public key is now located in /home/user/.ssh/idrsa.pub The private key (identification) is now located in /home/user/.ssh/idrsa

Step Three—Copy the Public Key

Once the key pair is generated, it's time to place the public key on the server that we want to use.

You can copy the public key into the new machine's authorized_keys file with the ssh-copy-id command. Make sure to replace the example username and IP address below.

ssh-copy-id root@example.com

You can see below what all of this should look like:

creating an SSH Key on Mac

Now you can go ahead and log into root@example.com and you will not be prompted for a password. However, if you set a passphrase, you will be asked to enter the passphrase at that time (and whenever else you log in in the future).

On Windows with Putty

Here is a great article at DigitalOcean that walks you through setting up SSH keys with Putty and Putty-Gen on Windows, as well as uploading that key to your server.


In short, download PuttyGen from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html. Once downloaded, open it up, fill in the info and generate your key. Then you can upload that key into the correct place and you are good to go.

Locking Down Root Password Logins

Now that you have your SSH keys working (and CONFIRMED!), it would be good to not allow Root Password Logins on your server. That would make your server extremely secure, allowing no one to log in as root other than you, from your computer. Here's how you do that:

It's necessary to edit the server's SSHd configuration /etc/ssh/sshdconfig and update the following line to now read:

PermitRootLogin without-password
You can do that with nano: nano /etc/ssh/sshdconfig

Now it's necessary to restart the sshd process to have it re-read the new configuration. This can be done via the following:

service sshd restart


Website Design
& Development
Web Application
Search Engine
Digital PPC
Social Media

Share This!