What is an SSH Key?
SSH (Secure Shell) is a protocol used for securely accessing remote servers, primarily through command-line operations. An SSH key is a digital key pair used for authentication within this protocol, consisting of a public key and a private key.
- Public Key: The key that is registered on the server side, and it can be shared with others without any security concerns.
- Private Key: The key that is stored on the client side (typically on your PC) and must be kept secret from others.
By using this pair of keys, you can establish a secure connection that does not rely on passwords. SSH key authentication is particularly secure compared to password authentication and is recommended by many cloud services and server management platforms.
Introduction to TeraTerm and VS Code
When setting up an SSH connection, choosing efficient and user-friendly tools is essential. Here, we introduce two tools: TeraTerm and Visual Studio Code (VS Code).
- TeraTerm: A widely used terminal emulator in Japan, TeraTerm is a standard tool for establishing SSH connections. Its intuitive interface makes it easy to generate keys and configure connections, even for those who are not familiar with the command line.
- Visual Studio Code (VS Code): A code editor provided by Microsoft, equipped with a wide range of extensions. By using the Remote – SSH extension, you can directly edit files on a remote server and execute commands through an SSH connection. VS Code is an excellent tool for managing project files and streamlining development tasks.
By leveraging these tools, you can seamlessly handle everything from SSH key generation to connection setup and remote server operations. In the next chapter, we will explain the specific steps for generating SSH keys.
With this, the SSH key generation using TeraTerm is complete. In the latest major upgrade of TeraTerm, ED25519 has become the default option for SSH key generation, as it is faster and more secure. As a result, ED25519 is now often recommended. Additionally, the file names have been updated to id_ed25519.pub
and id_ed25519
.
Managing SSH Keys with VS Code
Next, we’ll explain how to generate and manage SSH keys using Visual Studio Code (VS Code). By using VS Code’s integrated terminal, managing keys within your project becomes straightforward.
- Launching VS Code: Start VS Code and open the terminal. From the menu bar, select “Terminal” and then choose “New Terminal.”
- Generating an SSH Key: Enter the following command in the terminal to generate an SSH key:
ssh-keygen -t rsa -b 2048 -C "your_email@example.com"
-t rsa
: Specifies the key type as RSA.-b 2048
: Sets the key length to 2048 bits.-C "your_email@example.com"
: Adds a comment to the key for identification.
- Specifying the Save Location: When prompted, specify where to save the key. If you want to save it in the default location (
~/.ssh/id_rsa
), simply press Enter. - Setting a Passphrase: You can choose to set a passphrase or press Enter to skip this step.
- Verifying the Key: Once the key is successfully generated, the private and public keys will be saved in the specified location. The next step is to copy the public key to the server to enable SSH connections.
When ED25519 is recommended, the SSH key generation command is slightly different. ED25519 is faster and more secure, so it has become increasingly recommended in recent times.
To generate an SSH key using ED25519, the command is as follows:
ssh-keygen -t ed25519 -C "your_email@example.com"
With this command, there’s no need to specify the key length as you do with RSA, so the -b 2048
option is unnecessary. ED25519 is already a strong encryption algorithm, so the default settings provide sufficient security.
With this, SSH key generation and management using VS Code is complete. VS Code is a convenient tool for editing files and executing commands on a remote server, making future tasks more efficient.
Registering the Public Key on the Server
After generating the SSH key, the next step is to register the public key on the server. This will enable a secure connection with the server. Here, we explain the methods using TeraTerm and the VS Code extension.
Registering the Key Using TeraTerm
The following steps describe how to register the public key on the server using TeraTerm. Whether you use RSA or ED25519 with TeraTerm, the steps for creating directories and registering the public key remain the same.
- Connecting to the Server with TeraTerm: Start TeraTerm and connect to the server using SSH. Enter the hostname, port number, and username of the destination, then click “Connect.”
- Navigating to the Home Directory: Once connected to the server, enter the following command to navigate to the user’s home directory:
cd ~
- Creating the .ssh Directory: If the
.ssh
directory does not exist, create it using the following commands:mkdir -p ~/.ssh
chmod 700 ~/.ssh
mkdir -p ~/.ssh
: Creates the.ssh
directory.
chmod 700 ~/.ssh
: Sets the directory’s access permissions.
.ssh
directory did not exist initially. - Transferring the Public Key File: From TeraTerm’s menu bar, select “File Transfer” and then choose “SCP.” Next, select the public key file (
id_rsa.pub
orid_ed25519.pub
) and transfer it to the.ssh
folder in the server’s home directory. - Placing the Public Key: After the public key file has been transferred via SCP, move it to the
.ssh
directory and add it to theauthorized_keys
file using the following commands:cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
Alternatively, if you’re using ED25519, use the following commands:cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
: Adds the contents ofid_rsa.pub
toauthorized_keys
.chmod 600 ~/.ssh/authorized_keys
: Sets the access permissions for theauthorized_keys
file.
Note: In the steps above, the name of the public key file varies depending on the type of key you use. Make sure to adjust the file name accordingly:
- If using an RSA key: The public key file will be
id_rsa.pub
, and the private key file will beid_rsa
. - If using an ED25519 key: The public key file will be
id_ed25519.pub
, and the private key file will beid_ed25519
.
With this, the registration of the public key using TeraTerm is complete. Since I did not set a passphrase, I can log in using just the username and the private key.
Easy Server Connection Using the VS Code Extension
Next, I’ll explain how to register the public key and connect to the server using the Remote – SSH extension for Visual Studio Code (VS Code).
- Installing the Remote – SSH Extension: Install the Remote – SSH extension from the VS Code Marketplace.
- Setting Up the Remote Server Connection: Open the VS Code Command Palette (
Ctrl + Shift + P
) and select “Remote-SSH: Connect to Host…“. Enter the host information for the server you want to connect to, and start the connection. - Automatic Public Key Registration: During the initial connection, VS Code will automatically copy the public key to the server. This process is very simple, as there is no need to manually configure the public key.
- Verifying the Connection: Once the connection is successful, you can directly edit files on the remote server and execute commands using the terminal within VS Code.
- Manual Public Key Registration: If you need to manually register the public key, execute the following command from the VS Code terminal to add the public key to the
authorized_keys
file:cat ~/.ssh/id_rsa.pub | ssh user@hostname "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
With this, the process of connecting to the remote server and registering the public key using the VS Code Remote – SSH extension is complete. Using VS Code makes server connections incredibly simple and efficient, which is particularly beneficial for project management and development tasks.
Utilizing the .ssh/config File
When you frequently connect via SSH, manually entering the hostname, username, and key path each time can be cumbersome. To simplify your SSH configuration, it is recommended to utilize the .ssh/config
file. By predefining your connection details in this file, you can connect to your server with ease.
Basic Structure of the .ssh/config File
First, if the .ssh/config
file does not already exist, you can create it using the following commands:
touch ~/.ssh/config
chmod 600 ~/.ssh/config
touch ~/.ssh/config
: Creates theconfig
file.chmod 600 ~/.ssh/config
: Sets the file’s access permissions.
Next, open the .ssh/config
file in a text editor (such as VS Code or Nano) and add the following configuration:
Host alias_name
HostName server_hostname_or_IP
User username
Port port_number (usually 22)
IdentityFile ~/.ssh/private_key_filename
Example:
For example, let’s set up the following configuration:
Host myserver
HostName 192.168.1.100
User ubuntu
Port 22
IdentityFile ~/.ssh/id_ed25519
After saving this configuration, you can connect to the server by simply entering the following command:
ssh myserver
This allows you to easily connect to the configured host using the alias myserver
.
Managing Multiple Servers
If you manage multiple servers, you can add different configurations for each server. For example, you can add multiple entries like the following:
Host server1
HostName 192.168.1.101
User ubuntu
IdentityFile ~/.ssh/id_rsa
Host server2
HostName example.com
User admin
IdentityFile ~/.ssh/id_ed25519
By setting it up this way, you can easily manage different connection methods for each server.
Benefits of Using the .ssh/config File
- Simplification: You can minimize the information you need to enter during connection, reducing the chance of errors.
- Ease of Management: You can centrally manage the settings for multiple servers, making it easy to switch between them.
- Enhanced Security: Clear management of keys contributes to strengthening security.
The following is a method to make connections even more convenient by using VS Code plugins.
Conclusion
In this article, we have explained the steps for generating SSH keys, registering public keys on the server, and utilizing the .ssh/config
file. By following these steps, you can perform SSH connections more efficiently and securely.
- Generating SSH Keys: You can easily generate SSH keys using TeraTerm or VS Code. ED25519 is recommended as it provides strong security.
- Registering the Public Key on the Server: You can easily register the public key on the server using TeraTerm’s SCP function or the VS Code Remote-SSH extension.
- Utilizing the .ssh/config File: By registering connection settings as aliases, you can greatly reduce the effort required when connecting. This is particularly useful if you need to access servers frequently, allowing you to work smoothly.
By understanding and implementing these steps, you can greatly improve the efficiency of remote connections using SSH. This method is especially beneficial when managing multiple servers or working in a security-conscious environment.
Case Study
Recently, when creating an instance on Google Cloud, Ubuntu 22.04 was added as an OS option. I configured the SSH connection as I did with Ubuntu 20.04, but I couldn’t log in even when using TeraTerm. I assumed it was a configuration mistake and tried several times, but the connection was unsuccessful.
I then tried the same on Oracle Cloud, but the connection issue persisted. After further investigation, I found that the default settings in Ubuntu 22.04 had changed, and ssh-rsa
, used for SSH connections, was disabled by default. Since I was logging in with a password without using keys within the LAN, I overlooked this change.
To resolve this issue, follow the steps below. Work on your Windows terminal, open PowerShell, and enter the following command. In Oracle Cloud, you can save the public and private keys during instance creation.
ssh -i path_to_private_key/private_key_filename ubuntu@external_IP_address
Example:
ssh -i C:\Users\minok\OneDrive\Documents\oracle\ssh-key.key ubuntu@140.34.56.78
If the key is located in a deeply nested directory, you can open File Explorer, copy the path as text, and paste it into the command. Alternatively, you can move the file to a simpler location, such as directly under the C drive, for convenience. When connecting, if you see the following message, type “yes”:
ECDSA key fingerprint is SHA256:
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Once you successfully log in, switch to the root user and execute the following sed
command. This command adds the setting PubkeyAcceptedAlgorithms=+ssh-rsa
to the /etc/ssh/sshd_config
file:
sudo su -
sed -i '1s/^/PubkeyAcceptedAlgorithms=+ssh-rsa\n/' /etc/ssh/sshd_config
To apply the changes, restart the SSH service:
systemctl restart ssh.service
You should now be able to log in using the key with TeraTerm.
Please note that this issue has been resolved in Ubuntu 24.04, where SSH connections are possible with the default settings. However, if you are using an older version or have already made changes to the settings, refer to the steps above to resolve the issue.