Generating An Ssh Key For Aws

Posted on by
  1. An access key grants programmatic access to your resources. This means that the access key should be guarded as carefully as the AWS account root user sign-in credentials. It's a best practice to do the following: Create an IAM user and then define that user's permissions as narrowly as possible. Create the access key under that IAM user.
  2. Aug 15, 2019  Why? When you first launch an instance on AWS, you generate a key pair. You only have one opportunity to copy that key pair, so you must be sure to copy and paste it to any machine you'll use to.

Additionally, you can now add the SSH credentials to both Jenkins and Github and start building pipelines with Github as SCM! If your organization has any additional questions or concerns about AWS and any related technologies, please don’t hesitate.

hourglass_empty

3min Read

SSH keys are one of the most secure SSH authentication options. It is definitely more secure than the usual SSH password authentication. Therefore, it is highly recommended to use SSH Key authentication method for connections to your servers.

With password authentication, you can connect to your server from any location, you only need to fill in your password. However, if your password gets leaked, it is a major risk as anyone who knows your password will be able to get into the server.

SSH Key authentication only allows connections from clients whose key matches the one on the server. Basically, you generate a key pair (private key and public key). The private key is placed on your local machine and the public key is uploaded to the server. When connecting to the server, a validation of these two keys is made and if the key pair passes the validation you are allowed to connect. Of course, you can upload keys of multiple users so that you or other authorized users would be able to connect to the server from different computers.

As you can see this is a much safer connection method. In this tutorial, we will focus on Windows users who use PuTTY for connections to the server and show how to generate PuTTYSSH Keys. If you want to generate SSH Keys on Linux or Mac, see this tutorial.

What you’ll need

Before you begin this guide you’ll need the following:

  • Access to your Linux server / VPS
  • PuTTY and PuTTYgen installed on your computer (Download here)

Step 1 — Downloading PuTTYgen

Most of you have PuTTY installed on your computers already, however, to generate SSH Keys you also will need PuTTYgen.

  1. Download PuTTYgenhere
  2. You should be able to see this file downloaded:

No installation is required for PuTTYgen, it will run when you execute the file.

Step 2 — Generating your SSH Key pair

  1. Open up PuTTYgen by double clicking on the puttygen.exe file you have downloaded in Step 1.
  2. You should be able to see a window like this:
  3. Before generating your SSH Key pair, you can edit some settings, for example, key length, however, in most cases the default options will work just fine.
  4. Generate your SSH Key pair by clicking the Generate button.
  5. When the progress bar starts loading, move your mouse randomly across the area to load up the bar and generate your key pair.
  6. Your public SSH key will be displayed on the screen:
  7. For additional security it is highly recommended to think of a passphrase for your SSH key (However, you can also leave it empty):
  8. Save your private key to any desired location on your computer and name it anything you like.
  9. Save your public key to the same location on your computer and name it anything you like.

And that is it, you have generated your SSH Key pair. The private key will stay on your computer (do not provide it to anyone) while your public key needs to be uploaded to the server you wish to connect to.

Step 3 — Setting up your private key on PuTTY

In order for the server to recognize your computer when connecting from PuTTY, you need to attach the private key to PuTTY.

  1. Open up PuTTY.
  2. Navigate to Connection -> SSH -> Auth in the left sidebar.
  3. Browse for your private key file in the field Private key for authentication
  4. Select the private key file with .ppk ending and click Open.

Step 4 – Adding public key to server

Lastly, you need to upload your public key to the server:

  1. On your local computer, open public key file (id_rsa.pub) you generated in Step 2 with any text editor and copy its contents (public key).
  2. Connect to your VPS using Putty. See this guide for detailed steps.
  3. If .ssh folder does not exist, create it together with authorized_keys file with the following command:
    mkdir ~/.ssh touch ~/.ssh/authorized_keys
  4. Secure SSH Key file by changing permissions:
    chmod 0700 ~/.ssh; chmod 0644 ~/.ssh/authorized_keys
  5. Open authorized_keys file with vim text editor:
    vim ~/.ssh/authorized_keys
  6. Press i key on your keyboard and right mouse button to paste the public key.
  7. Press Esc button and type in :x, hit Enter button. This command will save changes made to the file.

That is it, you can now use SSH keys instead of SSH password authentication to connect to your VPS.

Conclusion

You have learned how to generate PuTTY SSH Keys using PuTTYgen. This will make your connection to the server a lot more secure and convenient as you will not need to fill in the password each time. We recommend using this way of SSH authentication at all times and disable password authentication for good to completely secure your server. To find out how to completely disable SSH Password authentication on your server and use SSH Key authentication instead, follow this tutorial: How to disable SSH Password authentication on VPS.

Overview

Amazon Web Services (AWS) uses SSH keys to securely connect and exchange information between servers and clients. Using SSH keys greatly increases the security of your sites and applications. This article shows you how to generate and use SSH keys to connect to your AWS account managed by Media Temple.

Instructions

Windows 7/8/10

Key Creation

This guide assumes that you do not already have key pairs. If you have a key pair and you are certain that it is still secure, send the public key (.pub) file to Media Temple via your service portal.

1. Putty is a free SSH client for Windows. This guide will show you how to use Putty to generate your SSH keys and connect to your AWS server. Begin by downloading and installing Putty and it's related SSH key generation tool.

  • Download both the Putty client (putty.exe) and the putty key generator (puttygen.exe).

2. Open puttygen.exe and click on Generate. You will then be prompted to move your cursor around in the blank key area to generate random data. Do this until the progress bar is full and your key pair has been generated.

3. Once the key has been generated, fill in the Key comment and Key passphrase boxes. We recommend that you use your email address as the key comment. The passphrase will be required whenever you use the key. The key passphrase isn't mandatory and can be skipped by leaving the field blank, but it will significantly reduce the security of your key pair. Media Temple strongly recommends that you supply a password for your key pairs.

4. Save both your public and private keys. We recommend that you create a new folder in Documents titled 'SSH' and save your keys there.

Public Key: 104 bit wep key generator download.

user@gmail.com.pub

Private Key:

user@gmail.com.ppk

  • Some FTP clients and other programs require a key that is in a different format. You can create a converted key by clicking on Conversions and then Export OpenSSH Key. Save this key as user@gmail.com.pem

5. In order to use your new SSH key to connect to your AWS server, you must send your public key user@gmail.com.pub – to Media Temple. The easiest way to do this is to log in to your service portal and click on User Access. Either upload the .pub file to the ticket or open the file and copy/paste the contents into the ticket. After this, please allow up to 12 hours for your SSH keys to be added to your account.

Important: If you are asked to send your SSH Key or Public Key to Media Temple (or anyone else), you will only want to send the PUBLIC key file, which is the file with the “.pub” extension. If you email out the Private Key, it is no longer secure and should be replaced! Never transfer your Private Key off of your computer at any time!

Key Use

After Media Temple has received and confirmed the installation of your keys, you're ready to use them to connect to your server.

There are 3 primary ways to connect to your AWS services.

  • SSH - Used to issue commands to the server via a shell (terminal).
  • SFTP - Used to upload/download files. FTP is not allowed due to its relative lack of security.
  • MySQL - Allows you to query your data in the database.

SSH - Connect with Putty

These instructions show you how to configure Putty to use the SSH keys created earlier in this article.

1. Begin by opening putty.exe. Locate the Auth section in the category bar by opening Connection > SSH > Auth. Click on browse and find the your SSH keys. If you created your keys using this guide, they should be located in an SSH folder inside your Documents folder. Select the .ppk file and click Open.

2. Scroll to the top of the Category menu and select Session. Type your IP address into the Host Name block. If you're using AWS managed by Media Temple, remember that your production and dev servers have different IPs and will require 2 different sessions. Give the connection a name under Saved Sessions and click Save.

3. Once you've saved your server, select it from the list of sessions and click Open. You will receive a warning the first time you connect using your new keys. Click Yes.

4. You'll then be prompted to enter your username for your server. For Media Temple customers, this is the same as your domain. Next, type the passphrase for your key.

5. Once you've entered your password, you should receive a readout similar to the one below. You are now securely connected to your AWS server.

  • This will put you into the home directory of your user. By default this is: /home/mydomain.com
  • The default path for the web-root for your app should be at the following path: /home/mydomain.com/mydomain.com
  • For help with basic SSH commands and Linux file structure, refer to this community article.

SFTP - Connect with Cyberduck

Applications like Cyberduck and FileZilla make it easy to exchange information with servers using a graphical interface. The example in this guide uses Cyberduck, but there are many other options. Some, such as the popular FileZilla client, are free, and others have associated costs. These instructions should generally apply to other FTP programs as well.

1. If you don't already have Cyberduck, the client can be downloaded for free from their website. Download Cyberduck and install it using the packaged installer.

2. Open CyberDuck and select New Bookmark from the Bookmark dropdown.

3. Fill in the server's details.

  • Connection Type: SFTP (SSH File Transfer Protocol)
  • Nickname: Anything is fine
  • Server: Use the IP address or hostname
  • Username: For AWS managed by Media Temple, this is your domain.
  • Check 'Use Public Key Authentication' and select your key.

4. Close the window and double-click on your server to open a new connection. You'll receive an 'Unknown fingerprint' warning the first time you connect. Check the 'Always' box and click Allow.

5. You'll be prompted to enter your private key passphrase. Enter it and click Login.

6. You should now be connected to your server.

MYSQL - Connect with Workbench

In order to connect to your database, you will need to use an SSH tunnel through one of your machines. All environments designed by Media Temple use industry best practices for security. This means no database is publicly accessible, and is always located in private network subnets. Using a tool like MySQL Workbench makes it easy for you to connect to your database and retrieve info if needed. There are other clients that can be used, some are free, some are not. We’re choosing to give our example with MySQL Workbench.

1. Begin by downloading and installing MySQL Installer. This is Oracle's install program and allows you to select which MySQL version and related applications you need. Make sure you pick the right installer version for your OS.

MySQL Workbench also requires that you have the following dependency installed in order to operate properly:

Visual C++ Redistributable for Visual Studio 2013 - http://www.microsoft.com/en-us/download/details.aspx?id=40784

Once the MySQL installer is running, you'll be presented with several different install options. The easiest install is to select Custom from the list and then manually add only WorkBench to the install list.

  • The pre-selected 'Default Developer' install includes several applications beyond MySQL Workbench that you may not need. You can use this option, but these additional applications may have dependencies that need to be installed. If so, you will be prompted by the installer and linked to their respective downloads.

2. Click the (+) icon to create a new connection. Give your connection a name and set the connection type to “Standard TCP/IP over SSH”.

3. Enter the details from the environment document sent to you by your Media Temple support team.

You will enter in 2 sets of information. The first set is for the host computer you are connecting to, and the 2nd set is for the DB itself.

Generating An Ssh Key For Aws Login

Host info:

Generating An Ssh Key Pair

  • SSH Hostname: This information is listed in your environment document. The IP of the host will be the Elastic IP address given for the Production web-node or the Elastic IP address for the Dev web-node. This will determine to which database you are connecting. The Production EIP can only reach the Production DB, and vice versa for Dev.
  • Username: For AWS managed by Media Temple, this is your domain.
  • Password: There is no password for the host computer.
  • SSH Key File: Select your Private Key PEM file. If you don't have one, refer to the steps in this article for creation.

Database Connection Info:

  • MySQL Hostname:The DB hostname should be “rds.internal.dns” or “rds-main.internal.dns” depending on the age of your environment, but check your Environment Document to confirm.
  • MySQL Server Port: Use the default value of 3306.
  • Username: dbadmin
  • Password: This is the password to your dbamin user. Consult your environment document for your MySQL password.

4. Click on Test Connection. You will then be prompted to enter the password for your private key. The first time you connect, you will also receive a SSH Server Fingerprint Missing notification. Click continue.

5. After the test is successful, click Ok to save your new connection. You may now double click on the connection tile to connect to your DB. For additional help using Workbench, refer to the official documentation.

Mac or Linux

Key Creation

This guide assumes that you do not already have key pairs. If you have a key pair and you are certain that it is still secure, send the public key (.pub) file to Media Temple via your service portal.

1. Begin by determining if you already have a key on your computer. Open the Terminal App for Mac or any other shell program.

2. Run the following command:

  • If the path does not exist, or if you do not have any matching files in the directory, you likely don’t have a key.
  • The default names for key pairs generated via a bash terminal are id_rsa – this is your private key, and id_rsa.pub – this is your public key. If you have a suitable key, you can skip to step 6.

3. Run the following command to create a key, adding your email at the end:

4. You will be asked to pick a path. You can use the default path by hitting enter.

5. You will be asked to select a password. This password will be required anytime that you use the key. This isn't required and can be skipped by pressing enter, but it will significantly reduce the security of your key pair. Media Temple strongly recommends that you supply a password for your key pairs.

6. In order to use your new SSH key to connect to your AWS server, you must send your public key –id_rsa.pub – to Media Temple. The easiest way to do this is to log in to your service portal and click on User Access. Either upload the id_rsa.pub file to the ticket or open the file and copy/paste the contents into the ticket. After this, please allow up to 12 hours for your SSH keys to be added to your account.

Important: If you are asked to send your SSH Key or Public Key to Media Temple (or anyone else), you will only want to send the PUBLIC key file, which is the file with the “.pub” extension, i.e.: ~/.ssh/id_rsa.pub - If you email out the Private Key, it is no longer secure and should be replaced! Never transfer your Private Key off of your computer at any time!

Key Use

After Media Temple has received and confirmed the installation of your keys, you're ready to use them to connect to your server.

There are 3 primary ways to connect to your AWS services.

  • SSH - Used to issue commands to the server via a shell (terminal).
  • SFTP - Used to upload/download files. FTP is not allowed due to its relative lack of security.
  • MySQL - Allows you to query your data in the database.

SSH/SFTP - Connect with Terminal

These instructions explain how to connect to your AWS server using a terminal application. SSH allows for general server administration and SFTP is for exchanging information with your server. For general help with terminal commands and the basic Linux file structure, see this community article.

1. Open the Terminal app (Mac), or a shell (Linux). Refer to your environment document in order to get the proper IP address and username for the website you wish to connect. The environment document is the document sent to you by your Media Temple support team detailing the specifics of your AWS environment and how to connect. The username will be the same as the domain name.

2. Run one of the following commands depending on the connection type (with your proper domain name information inserted):

For SSH:
ssh mydomain.com@host.mydomain.com

For SFTP:

sftp mydomain.com@host.mydomain.com

You may encounter an unknown key warning. If prompted, type 'yes'. This will only happen the first time you connect.

Example output from a successful connection:

  • This will put you into the home directory of your user. By default this is: /home/mydomain.com
  • The default path for the web-root for your app should be at the following path: /home/mydomain.com/mydomain.com

SFTP - Connect with FileZilla

Applications like FileZilla and Cyberduck make it easy to exchange information with servers using a graphical interface. The example in this guide uses FileZilla, but there are many other options. Some, such as the popular Cyberduck client, are free, and others have associated costs. These instructions should generally apply to other FTP programs as well.

1. If you don't already have FileZilla, the client can be downloaded for free from their website. Download FileZilla and install it using the packaged installer.

2. Open FileZilla and then select Settings from the FileZilla dropdown menu in the top left corner. From the settings menu, select SFTP and add your SSH keys by clicking on Add key file.

3. Hold command+shift+g to bring up a search field. Type ~/.ssh into the field and press ok.

4. Select id_rsa from the list and click open.

5. You may be prompted to create a converted copy of your key. Click Yes and type in the password for your key.

6. Now that you have your keys, close the settings page and fill in your connection details.

  • Host: Your IP from the AWS environment details document that was sent to you by your Media Temple support team. Your development and production servers will have different IPs, but you will use the same SSH key to connect to them.
  • Username: Your domain name.
  • Password: This is left blank. Do not put your SSH key password into this field.
  • Port: 22

7. Click on Quickconnect. If the connection is successful, you will receive a status readout of 'Directory listing of '/home' successful.'

  • For additional information on how to use FileZilla and other FTP clients, refer to this community article.

MySQL - Connect with Workbench

Jan 27, 2015  We present to you the new and updated Dying Light Key Generator Tool.The Key Generator is simple, 100% clean and safe, virus free, works smoothly without any problems at all, updated weekly, all the keys are valid and uniqueGenerate 100% working and legit cd keys using the latest Dying Light key generator and install the game without spending any cent for it. Dying light key generator no survey. Apr 12, 2017  Thanks to this fantastic Dying Light: The Following Generator you can generate different Keys for you and your friends!The only Dying Light: The Following code generator that works.No download required.We just released a new leaked Dying Light: The Following Serial Key Generator that can generate keys for Windows PC, Xbox One and Playstation 4. DYING LIGHT KEY GENERATOR KEYGEN FOR FULL GAME + CRACK Alex Jordan. Dying Light Cd Key No survey, Dying Light Serial Key Download, Dying Light Activation Key, No Survey Dying Light License Key, Dying Light License Key Download, Dying Light License Key Free, Dying Light License Key No Survey, Dying Light Keygen, Dying Light Keygen. Feb 11, 2015  Dying Light Key Generator No Surveys Dying Light keygen, Dying Light is a first-person, action survival scary video game set in large open world. There is certainly harrowing day-night. Jan 27, 2019  Dying Light free keygen no survey, Dying Light key register, Dying Light ps4 keygen, Dying Light key activate, Dying Light online key generator, Dying Light steam keygen, Dying Light working.

In order to connect to your database, you will need to use an SSH tunnel through one of your machines. All environments designed by Media Temple use industry best practices for security. This means no database is publicly accessible, and is always located in private network subnets. Using a tool like MySQL Workbench makes it easy for you to connect to your database and retrieve info if needed. There are other clients that can be used, some are free, some are not. We’re choosing to give our example with MySQL Workbench.

1. Begin by downloading and installing MySQL Workbench. Make sure you pick the right version for your OS.

2. Click the (+) icon to create a new connection. Give your connection a name and set the connection type to “Standard TCP/IP over SSH”.

3. Enter the details from the environment document sent to you by your Media Temple support team.

You will enter in 2 sets of information. The first set is for the host computer you are connecting to, and the 2nd set is for the DB itself.

Host info:

  • SSH Hostname: This information is listed in your environment document. The IP of the host will be the Elastic IP address given for the Production web-node or the Elastic IP address for the Dev web-node. This will determine to which database you are connecting. The Production EIP can only reach the Production DB, and vice versa for Dev.
  • Username: For AWS managed by Media Temple, this is your domain.
  • Password: There is no password for the host computer.
  • SSH Key File: Select your Private Key PEM file. If you don't have one, refer to the steps in this article for creation.

Database Connection Info:

  • MySQL Hostname:The DB hostname should be “rds.internal.dns” or “rds-main.internal.dns” depending on the age of your environment, but check your Environment Document to confirm.
  • MySQL Server Port: Use the default value of 3306.
  • Username: dbadmin
  • Password: This is the password to your dbamin user. Consult your environment document for your MySQL password.

4. Click on Test Connection. You will then be prompted to enter the password for your private key. The first time you connect, you will also receive a SSH Server Fingerprint Missing notification. Click continue.

5. After the test is successful, click Ok to save your new connection. You may now double click on the connection tile to connect to your DB. For additional help using Workbench, refer to the official documentation.

Resources

Common SSH commands
Using FTP and SFTP
MySQL Workbench documentation