How to Set Up SSH Keys In Ubuntu

http://superuser.com/questions/232362/how-to-convert-ppk-key-to-openssh-key-under-linux

• Linux: sudo apt-get install putty-tools
• OS X: brew install putty

puttygen id_dsa.ppk -O private-openssh -o id_dsa

方法一：http://www.ubuntulinuxhelp.com/how-to-ssh-on-ubuntu-a-simple-guide/

The SSH Client

The SSH Client is the piece of software that you have on the computer you are sitting in front of and typing on. It sends messages to the SSH server which is on the remote computer (such as the webserver). We’ll assume that there is already a valid SSH server up and running that you are trying to connect to.

In Ubuntu, there is a SSH client installed as standard and it is called Open SSH.

To use it, you simply open a terminal and proceed any command with “ssh”.

For example, if you would like to log in to your remote server, just use the command…

ssh username@mysite.myserver.org

However, as this is a blog that likes to keep things simple (and annoy a lot of the die-hard Linux geeks), I’m going to suggest a different tool… PuTTY.

PuTTY is a client program for SSH (among other things) and gives a neat little interface for making SSH connections. It is also in my opinion one of the best pieces of software ever written. It has been around for ever and can also be used on Windows without installation (just runs as a .exe). Learn this little guy and you will never look for another SSH client.

Install PuTTY by typing the following into a terminal…

sudo apt-get install putty

You will then find the PuTTY program among your other internet applications.

(When you start it up, you will be able to enter the ip address or name of the remote computer you wish to contact and click connect. You will then be asked for password etc. If you are going to be using SSH regular, you can save that connection as a profile which makes things easier).

方法二：SSH

原文地址：https://www.digitalocean.com/community/articles/how-to-set-up-ssh-keys--2

How to Set Up SSH Keys

Tweet 

inShare

About SSH Keys

---

SSH keys provide a more secure way of logging into a virtual private server with SSH than using a password alone. While a password can eventually be cracked with a brute force attack, SSH keys are nearly impossible to decipher by brute force alone. Generating a key pair provides you with two long string of characters: a public and a private key. You can place the public key on any server, and then unlock it by connecting to it with a client that already has the private key. When the two match up, the system unlocks without the need for a password. You can increase security even more by protecting the private key with a passphrase.

Step One—Create the RSA Key Pair

---

The first step is to create the key pair on the client machine (there is a good chance that this will just be your computer):

ssh-keygen -t rsa

Step Two—Store the Keys and Passphrase

---

Once you have entered the Gen Key command, you will get a few more questions:

Enter file in which to save the key (/demo/.ssh/id_rsa):

You can press enter here, saving the file to the user home (in this case, my example user is called demo).

Enter passphrase (empty for no passphrase):

It's up to you whether you want to use a passphrase. 

Entering a passphrase does have its benefits: the security of a key, no matter how encrypted, still depends on the fact that it is not visible to anyone else. Should a passphrase-protected private key fall into an unauthorized users possession, they will be unable to log in to its associated accounts until they figure out the passphrase, buying the hacked user some extra time. The only downside, of course, to having a passphrase, is then having to type it in each time you use the Key Pair. 

The entire key generation process looks like this:

ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/demo/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /demo/.ssh/id_rsa.Your public key has been saved in /demo/.ssh/id_rsa.pub.The key fingerprint is:4a:dd:0a:c6:35:4e:3f:ed:27:38:8c:74:44:4d:93:67 demo@aThe key's randomart image is:+--[ RSA 2048]----+|          .oo.   ||         .  o.E  ||        + .  o   ||     . = = .     ||      = S = .    ||     o + = +     ||      . o + o .  ||           . o   ||                 |+-----------------+

The public key is now located in /demo/.ssh/id_rsa.pub 

The private key (identification) is now located in /demo/.ssh/id_rsa 

Step Three—Copy the Public Key

---

Once the key pair is generated, it's time to place the public key on the virtual server that we want to use. 

You can copy the public key into the new machine's authorized_keys file with the ssh-copy-id command. Make sure to replace the example username and IP address below.

ssh-copy-id user@123.45.56.78

Alternatively, you can paste in the keys using SSH:

cat .ssh/id_rsa.pub | ssh user@123.45.56.78 "cat >> ~/.ssh/authorized_keys"

No matter which command you chose, you should see something like:

The authenticity of host '12.34.56.78 (12.34.56.78)' can't be established.RSA key fingerprint is b1:2d:33:67:ce:35:4d:5f:f3:a8:cd:c0:c4:48:86:12.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '12.34.56.78' (RSA) to the list of known hosts.user@12.34.56.78's password: Now try logging into the machine, with "ssh 'user@12.34.56.78'", and check in:  ~/.ssh/authorized_keysto make sure we haven't added extra keys that you weren't expecting.

Now you can go ahead and log into user@12.34.56.78 and you will not be prompted for a password. However, if you set a passphrase, you will be asked to enter the passphrase at that time (and whenever else you log in in the future).

Optional Step Four—Disable the Password for Root Login

Once you have copied your SSH keys unto your server and ensured that you can log in with the SSH keys alone, you can go ahead and restrict the root login to only be permitted via SSH keys.

In order to do this, open up the SSH config file:

sudo nano /etc/ssh/sshd_config

Within that file, find the line that includes PermitRootLogin and modify it to ensure that users can only connect with their SSH key:

PermitRootLogin without-password

Put the changes into effect:

reload ssh

Digital Ocean Addendum

---

The Digital Ocean control allows you to add public keys to your new droplets when they're created. You can generate the SSH Key in a convenient location, such as the computer, and then upload the public key to the SSH key section.

Then, when you create a new VPS, you can choose to include that public key on the server. No root password will be emailed to you and you can log in to your new virtual private server from your chosen client. If you created a passphrase, you will be prompted to enter that upon login.