Here are some useful tips that I have:
The hard way
1. Create a pair of rsa private and public key in your computer.
- To create a pair of rsa private and public key, in a Mac computer, in your home directory, you can go to .ssh directory by typing:
$ cd ~/.ssh
- Once you are in the .ssh directory, you can create the pair of rsa private and public key using the following command:
$ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
- You will be given a choice to overwrite your current id_rsa file or you can choose to create a new file. I personally want to create a new file for example id_rsa_do.
- If you execute ls command in your .ssh directory, you would notice there will be two new files id_rsa_do and id_rsa_do.pub. It means your ssh-keygen command is working fine.
2. Copy your public key and login to your droplet
- After creating the private and public key, you might want to copy your public key to and login to your droplet.
- Go to your .ssh directory and execute
$ cat id_your_rsa.pub
- You can copy the content of that file and then login to droplet server. You will still need to provide the password at this step
$ ssh root@your_ip_address
- Once you are in the remote server, you can go to the .ssh directory by using the same command:
$ cd ~/.ssh
3. Add your public key to .ssh/authorized_keys
- Once you are in the remote server's .ssh directory, you can execute the following command (it will open nano editor):
$ nano authorized_keys
- You can paste your public key in this file and then exit and save.
- You can exit your remote server and back to your local computer's terminal.
4. Try ssh without password
- You can try ssh-ing again to your remote server using the same command:
$ ssh root@your_ip_address
- If still not working, and if you're having multiple ssh keys, you can specify the private key you want to use by using the following command:
$ ssh -i /path/to/private/key username@your_ip_address
OR
$ ssh-add /path/to/private/key
$ ssh username@your_ip_address
OR
$ ssh-add /path/to/private/key
$ ssh username@your_ip_address
The easy way
You can follow this official tutorial from Digitalocean to add ssh key from their GUI.
Source:
- https://en.wikipedia.org/wiki/Secure_Shell
- https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04
- https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04
Though this is valid, it is a bad habit. Master password files, such as key pairs, should be kept within manually obfuscated files and referred to minimally throughout application flow.
ReplyDeleteIdeally one would want a stand alone instance to do external certificate handling, and I'm sure you can find one already neatly packaged at npm.org