Date: 11/11/2021
Below are the steps to connect to a Vultr Linux instance as root with SSH Key.
1. Generate ssh key.
Windows users can use Git Bash to generate the keys.
ssh-keygen -t ed25519 -C "vultr_server"
In this command ed25519 is the latest public key signature system and is preferred. -C “vultr_server” is just a comment. It can be anything that describes the key. If you are on some legacy systems which doesn’t support ed25519, use rsa to generate a key. I am going to use ed25519 for this demo.
ssh-keygen -t rsa -b 4096 -C "vultr_root"
$ ssh-keygen -t ed25519 -C "vultr_server"
Generating public/private ed25519 key pair.
Enter file in which to save the key (/c/Users/saji2/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /c/Users/saji2/.ssh/id_ed25519
Your public key has been saved in /c/Users/saji2/.ssh/id_ed25519.pub
The key fingerprint is:
SHA256:gkQRCUIPZkY+TkZQF9yyGQ2GL4yXm2i0X85J/O6pUp8 vultr_server
The key's randomart image is:
+--[ED25519 256]--+
|Xo+OO | |.++= o |
| B +.= |
|=.*.+. |
|.+.+o . S |
|.oo = . |
|. . * + . |
| o + E. |
| ..++ |
+----[SHA256]-----+Select the defaults for file name & passphrase (or) change if needed. The above command will generate 2 files:
id_ed25519 is the private key.id_ed25519.pub is the public key.
2. Add SSH Key via Vultr console while creating the server.
Now create or deploy a new Instance. Select the instance you need. For demo purpose i am selecting Cloud Compute and Debian instance.
Under SSH Keys, click Add New.
Then Paste the contents of the public key file: id_ed25519.pub . If you are using rsa it should be the contents of id_rsa.pub file.
Note: Make sure you select the key after adding it. Note the blue tick mark at the right hand top corner.
Then Deploy. The key will be added to root by default. After the server comes up, use the below ssh command to login.
3. Connect to server using SSH.
Use the below command to connect to the server.
ssh -i <path_to_private_key_file> root@<server_ip>
Example:
$ ssh -i /c/Users/saji2/.ssh/id_ed25519 root@104.207.152.73
The authenticity of host '104.207.152.73 (104.207.152.73)' can't be established.
ECDSA key fingerprint is SHA256:1okjLOM2gnzc2+xB5P3/uoyysj+DO4pGl14WSFxRjeE.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '104.207.152.73' (ECDSA) to the list of known hosts.
Linux jsession4d 5.10.0-8-amd64 #1 SMP Debian 5.10.46-3 (2021-07-28) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
root@jsession4d:~#
Thats all you need to connect to the server using SSH.
It is also a good security practice to disable the password authentication. To do that login to the server. Then change PasswordAuthentication yes to no in /etc/ssh/sshd_config.
Then restart sshd:
systemctl restart sshd