Before proceeding with this guide, you need to whitelist your IP Address for SSH Access on the Plesk firewall.
Once you’ve done that, you can follow these steps to create a new SSH Key for the Plesk server.
Step 1 - Generate SSH key from server end
- Connect to the server via SSH.
- Create the RSA key pair by entering the following command:
ssh-keygen -t rsa -b 2048
Nominate a file name for your SSH keys and then enter a passphrase ( Keep the password safely as can't be reset ). The SSH keys will now be saved in your root document folder.
Public key -- /root/.ssh/id_rsa.pub
Private key -- /root/.ssh/id_rsa
Open the public key file, copy the line of text and paste it into the SSH authorized_keys file ( /root/.ssh/authorized_keys ).
- Download the private key via the alternative below
- Move the private key to your own domain web folder and download with FTP
- Download using SFTP with root login
- Open the private key file and manually copy and paste into your local file as text.
Next, if you’d like to convert the key to .ppk format for use in Putty or any other SSH client, you can follow these steps to do so:
a. Open PuTTYgen on your computer.
b. Click Load, and in the dialog window change the format to All Files (*.*).
c. Navigate to your private key file and load it into PuTTYgen. Enter your passphrase if you set one up earlier.
d. You should get a message “Successfully imported foreign key…”. Click OK.
e. Click Save the private key next to Save the generated key.
Done! You now have a private key in .ppk format, ready to use in PuTTY.
Step 2 - Add the private key to pageant.exe for server remote authentication via SSH key.
- Open pageant.exe from your computer and will appear at Windows taskbar
- Add private key( PPK format file ).
- Enter private key passphare that prompts.
- Done adding the private key.
- Open a new session from putty, entering your CentOS server IP and SSH port. A custom SSH port 8288 is configured for our server.
- Enter username "root", hit enter to remotely access the server with SSH key.
Step 3 - Disable SSH password authentication
For security reasons, it is recommended to leave SSH password authentication disabled. This simply means that password authentication is disabled and have to use an SSH key for remotely accessing the server.
a. Log into the server using SSH
b. Open SSH server configuration file /etc/ssh/sshd_config and edit with your favorite text editor:
[root@root ~]# nano /etc/ssh/sshd_config
c. Find the line that includes PasswordAuthentication and set it to:
d. Ensure that you are logged into the box with another shell before restarting SSHD to avoid locking yourself out of the server. Reload/ Restart the SSHD service
[root@root ~]# service sshd reload
You now are able to connect to your server via SSH with the root user without input the root password.
The failure login with SSH key demonstration.
The success login through SSH key demonstration.