Once your dedicated server is delivered, you now want to be able to connect to it. To do this, most of the time, you will use SSH.
Once your dedicated server is delivered, you now want to be able to connect to it. To do this, most of the time, you will use SSH.
What is SSH?
Secure Shell or SSH allows you to remotely administer your machines, via a terminal.
SSH allows you to connect using a password or SSH key pair. The SSH key pair relies on cryptographic processes similar to SSL certificates, which use a private part (which is never shared) and a public part (which can be freely transmitted).
Secure Shell or SSH allows you to remotely administer your machines, via a terminal.
SSH allows you to connect using a password or SSH key pair. The SSH key pair relies on cryptographic processes similar to SSL certificates, which use a private part (which is never shared) and a public part (which can be freely transmitted).
Summary of the cryptographic process
During the connection to the machine, the client informs the server of the username with which it wants to connect.
The server then informs him that he can proceed with his connection attempt with a public key.
The client informs the server of the public key fingerprint it will use, and sends a signed message with the corresponding private key.
The server verifies that the message is signed with the public key it knows. The client is thus authenticated, and allowed to connect.
During the connection to the machine, the client informs the server of the username with which it wants to connect.
The server then informs him that he can proceed with his connection attempt with a public key.
The client informs the server of the public key fingerprint it will use, and sends a signed message with the corresponding private key.
The server verifies that the message is signed with the public key it knows. The client is thus authenticated, and allowed to connect.
How to generate an SSH key?
Linux / MacOSX
The procedure on UNIX-based systems is quite simple:
1. Open a terminal
2. Run the ssh-keygen command
3. Follow the instructions in the command.
The procedure on UNIX-based systems is quite simple:
1. Open a terminal
2. Run the ssh-keygen command
3. Follow the instructions in the command.
a: Path where you want to create the key pair (the default is often correct);
b: If the destination folder does not exist, it is created;
c: You have the option to enter a secret phrase associated with the key pair. It will be necessary to use it;
d: The key pair is created in the file chosen in « a » : « id_rsa » is your private key and « id_rsa.pub » is your public key.
a: Path where you want to create the key pair (the default is often correct);
b: If the destination folder does not exist, it is created;
c: You have the option to enter a secret phrase associated with the key pair. It will be necessary to use it;
d: The key pair is created in the file chosen in « a » : « id_rsa » is your private key and « id_rsa.pub » is your public key.
Windows
Under Windows, you must first install PuTTY, a terminal emulator software.
Under Windows, you must first install PuTTY, a terminal emulator software.
a: Choose an RSA type key;
b: Choose at least 4096bits of key size;
c: Click « Generate ». The key generation process begins.
a: Choose an RSA type key;
b: Choose at least 4096bits of key size;
c: Click « Generate ». The key generation process begins.
d: Once the process is complete, you will find the contents of the public key here, to be transmitted to your outsourcer ;
e: You can choose a password for your private key;
f: Save your public key;
g: Save your private key.
d: Once the process is complete, you will find the contents of the public key here, to be transmitted to your outsourcer ;
e: You can choose a password for your private key;
f: Save your public key;
g: Save your private key.
SSH key generation options
The « ssh-keygen » command can take several options. We list here the ones we recommend:
The « ssh-keygen » command can take several options. We list here the ones we recommend:
-
« -t ed25519 »: to generate a key with a powerful algorithm based on elliptic curves.
Please note, the name of the key will then be « id_ed25519 » and not « id_rsa »;
-
« -m PEM »: forces the creation in PEM format. Useful if you have to connect to an old system;
-
« -b 4096 »: if you need to use the « rsa » algorithm, this option allows to have 4096bits keys.
What to pass on to the server admin?
Your server admin only needs the public part of your key pair. If you followed the example above, this is the contents of the « id_rsa.pub » file.
Caution: Never transmit the « id_rsa » file. Indeed, its confidentiality guarantees the security of your SSH key pair. It should therefore never leave the workstation where it was created.
Your server admin only needs the public part of your key pair. If you followed the example above, this is the contents of the « id_rsa.pub » file.
Caution: Never transmit the « id_rsa » file. Indeed, its confidentiality guarantees the security of your SSH key pair. It should therefore never leave the workstation where it was created.
*Server admin: service provider in charge of the installation, configuration and maintenance of your computer server.
*Server admin: service provider in charge of the installation, configuration and maintenance of your computer server.
Customer Area
Webmail
