How to generate and use SSH keys for secure authentication on Linux, macOS, and Window

SSH Keys for Secure Server Access

SSH (Secure Shell) lets you connect safely to servers and other devices over a network. Normally, you log in with a username and password, but using SSH keys is more secure and convenient.

SSH keys come in pairs: a public key and a private key. The public key goes on the server, while the private key stays on your computer. When you connect, SSH uses these keys to verify your identity without needing a password.

Benefits of SSH keys:

• Better security: Harder to guess than passwords.

• Easier login: No need to type your password every time.

• Automation: Great for scripts and automated tasks.

This guide shows how to generate SSH keys on Linux, macOS, and Windows, and how to use them to securely access your cloud servers.

OpenSSH

To generate a new SSH key pair on Linux or macOS, open a terminal and use the ssh-keygen command. If you are on Windows, you can use PuTTYgen to generate SSH keys - which we have outlined later in the guide.

The key generator will ask for the location and file name to which the key is saved. Enter a new name or use the default by pressing enter.

(Optional) Create a passphrase to protect your SSH private key, providing an extra layer of security when using SSH key authentication. This is a simple password that will protect your private key should someone be able to get their hands on it. Enter the passphrase you wish, or continue without a passphrase. Press enter twice. Note that some automation tools might not be able to unlock passphrase-protected private keys.

Copy the public half of the key pair to your cloud server using the command below. Replace the user and server with your username and the server address you wish to use the key authentication on.

If you saved your SSH key pair with a different name or location, just replace ~/.ssh/id_rsa.pub with the correct path.

When connecting, you’ll be asked for your account password on the server.

Your SSH key now works for authentication, but you’ll need to enter your passphrase each time you connect.

Optional: You can use an SSH agent to remember your keys, so you don’t have to type the passphrase every time. Start the agent and add your private key with these commands:

Type in your key’s current passphrase when asked. If you saved the private key somewhere other than the default location and name, you’ll have to specify it when adding the key.

You can now paste the public key in your clipboard into the Cloudstick Control Panel. This can be done on the server deployment page by clicking Add new, or from the SSH keys section under the https://dash.cloudstick.io/login page.

PuTTY

If you're using a Windows laptop or PC with the PuTTY SSH client https://putty.software/, you can create a new SSH key pair using the built- in key generator called PuTTYgen.

To generate a new key, open PuTTYgen and click the Generate button.

When the process completes, two keys will be generated, a private key and a public key.

You can enter an optional key passphrase in the two empty fields for added security before continuing. The passphrase, if provided, will protect your key from unauthorized use in the event that someone manages to copy it.

Now save the private key somewhere safe on your computer by clicking the ‘Save private key’ button. Then copy the entire text of the public key to your clipboard. There is no need to save the public key to your computer as it can easily be regenerated by loading the private key.

You can now paste the public key in your clipboard into the Cloudstick Control Panel. This can be done on the server deployment page by clicking Add new, or from the SSH keys section under the https://dash.cloudstick.io/login page.

Turn off password authentication

Once you’ve configured SSH key authentication, you can disable password authentication entirely to block brute-force attacks. This ensures your server, whether running on Linux or Windows, is fully secured by the OpenSSH protocol and RSA keys.

When logged in to your cloud server:

1. Open the SSH configuration file with the following command.

2. Set the password authentication to no to disable clear text passwords.

3. Check that public key authentication is enabled, just to be safe and not get locked out from your server. If you do find yourself unable to log in with SSH, you can always use the Web terminal at your UpCloud control panel.

4. Restart the SSH service to apply the changes by using the command below.

With that done your cloud server is now another step towards security. Malicious attempts to connect to your server will result in authentication rejection, as plain passwords are not allowed, and brute-forcing an RSA key is practically impossible.

Remember to always keep your private keys safe. You can use the same key from multiple computers if you wish, or generate new ones on each client connecting to your cloud server for added security. Ideally, each user should generate their own key pair and passphrase for secure access control. With proper management, even if one of the private keys gets compromised, you won't have to replace them all.

Conclusion:

SSH keys make server access safer, faster, and easier. Once set up, you can securely connect to your servers without entering passwords every time.