Last updated on July 27th, 2022 at 06:18 am.
Setup SSH Authentication using Git bash – Setup SSH key login for Linux Server.
In this post let’s see how you can setup SSH Authentication using Git Bash on a Windows PC. By the end of this post you will have generated a key pair, added the public key on your Linux server and tested your login.
The aim of this post is to enable you log into any Linux server using SSH keys (public and private key pair). This post is for anyone using Windows. That is, for the Windows user who would like to use Git Bash for this process. Here is a video for setting up SSH authentication using putty and Puttygen.
This post is adapted from this Linux / Mac SSH key setup.
Steps of what we’ll do to setup SSH Key Login using Git bash.
Step 0 : Install Git . Download git from the official site here. Click on Windows. The download begins automatically. Install it. Git will come with Git CMD, Git Bash and Git Gui. W’ll use git Bash.
Step 1: First we’ll create the ssh key folder storage location.
Step 2: Second, we’ll generate the key pairs .
Step 3: Third, we’ll add the public key onto the Linux server.
Step 4: Finally, we’ll test our SSH Authentication login
The way that I’m going to show you here is a nicer way whereby you can organize your keys in different folders and log in as you may need to.
Step 1 : Create the ssh key folder
Since we are on windows we can just cd into the users home directory. By default gitbash’es home directory is your Username home directory on Windows. To go to it, go to Local disk C, then Users, then your username. That is your Home directory.
In your home directory, check if .ssh folder is available. If it is not, create it; create a folder called, .ssh .
As I said, we’ll group our keys in different folders. This is a nice way to organize different keys for different servers. For this reason, inside of the .ssh folder, create another folder. I will call my folder , Debian10Server . A Name withNo spaces ,
For my first key pair, I will store them in .ssh/Debian10Server .
For the next server keys, I may store them in another folder.
Let us generate the keys.
Step 2: Generate SSH key using Git Bash
Open up Git Bash on Windows.
I want to avoid typing paths, so let’s cd into the folder we created for our ssh keys. Remember to create the folders before you can cd into them.
cd ~/.ssh/Debian10Server
Then once inside that folder, generate the SSH key pair as follows.
ssh-keygen -t rsa -b 4096 -C "" -f firstserverkey_rsa
Our keys will be called firstserverkey_rsa, that is firstserverkey_rsa.pub for the public key and firstserverkey_rsa for the private key. You can name them whatever you want.
-b specifies the bits to be generated, in this case 4096 bits
-C is just a comment for the key. Add a comment for the key. Read more about SSH options here.
Once you run the command above, Enter a passphrase for your key. A passphrase is a password for your key. You must add one to secure it (your private key) even further.
You key pair has successfully generated. Please remember that I’m currently in the folder where my files are, I did cd into that folder earlier. That is why once my files are generated, the path is as follows:
Now that we’ve generated the key, next , let’s add the public key to our Linux server. Please note that this step will work on any Linux server: Debian, Ubuntu, CentOS etc.
Step 3: Add the public SSH key onto the Linux server.
Since we did not put our key in the default location which is in the root of .ssh folder, we have to give the path identity of the key to upload. This is done as follows:
ssh-copy-id -i ~/path-to-public-key user@host
Whereby -i is used to specify the path / identity of the public key.
user@host: user is the server username for whom the public key is being setup. Host is the server ip or accessible hostname url.
The public key to be added, has a .pub extension.
For example we can add our public ssh key above as follows:
ssh-copy-id -i firstserverkey_rsa.pub [email protected]
Note: The above will work if you are still in the directory where the keys are. If not, cd into it.
An alternative would be to give the full path of the public key as follows:
ssh-copy-id -i ~/.ssh/firstserverkey_rsa.pub [email protected]
The tilde (~) represents the path to your home directory.
Step 4: Finally, we’ll test our SSH Authentication login
Logging in via SSH key.
To log in via SSH, this time round you have to add the path of your key:
ssh user@server_ip -i ~/.ssh/path-to-private-key
eg
ssh [email protected] -i firstserverkey_rsa
The -i option , enables you to choose an identity file to be used to log in.
The above will work if you cd into the folder where your keys are located.
Change permissions for .ssh and authorized_keys
The .ssh folder is on your Linux server. Inside it there is an authorized_keys file. Inside of this authorized-key file is where your public keys are.
We will change the permissions for .ssh folder and the default authorized_keys file using the following command:
sudo chmod 700 -R ~/.ssh && sudo chmod 600 ~/.ssh/authorized_keys
Then change ownership to your new user’s Folder. Do this if you are adding ssh keys for another user who isn’t root. In the following command, change all instances of joe with the username you are adding the key for.
sudo chown -R joe:joe /home/joe
Disable Root login and Password Authentication after Setting up SSH Authentication using Git bash
After changing the permissions above, try to login again. If you log in successfully, disable root login and password authentication.
Once you confirm you can log in successfully, disable Root Login and Password Authentication as is directed below.
Open up the SSH config file:
sudo nano /etc/ssh/sshd_config
Look for the PermitRootLogin line, uncomment it (remove the #) and set the value to no.
PermitRootLogin no
Do the same for the PasswordAuthentication line:
PasswordAuthentication no
Save and close the file. (CTRL X to exit and then Y to confirm changes . And then enter) To apply the new settings, reload SSH.
On Centos:
sudo systemctl reload sshd
Debian / ubuntu:
sudo service ssh restart
systemctl restart ssh
That is how to Setup SSH Authentication using Git bash on Windows.
If you experience any errors feel free to leave a comment. I will help you get it right.
This post is adapted from : How to Setup SSH Keys for Logging Into your Linux Server- Bizanosa .
Captions for the Video above.
Here are the captions for the Video embedded above:
In the last video, you saw how to set up a sudo user. An admin user with root privileges.
In this video let’s see how you can set up SSH authentication using git bash. I’m on windows that’s why I’m using Git Bash, but even if you’re on Linux or on a Mac you can still follow along with this. But as I told you in the last video, there’s another post that you can follow if you’re on Mac .
If you’re on a Mac, just come down to this part where it says SSH key authentication. The link for this is in the description, and click there and this is going to take you to this page and on this page you can set up ssh key for any Linux computer.
Let’s see how we can set up the same for our Debian. And I will be using Git Bash . As I said, if you don’t have git Bash, you can download git and it is going to come with git bash. And I showed you that in a previous video. Just download git and it’s going to come with git bash, git cmd and git gui.
Here are the steps of what you’re going to do. Of course install Git. You can download git and then we’ll generate the key pairs.
Since I’m on Windows, the first thing I want to do is, I want to go to my home directory, and on the home directory, there is an SSH folder. And inside of that folder I’m going to create another folder for this demonstration.
This method that I’ve illustrated in this video is a nice way for you to create multiple keys . So if you want to create multiple keys, this is the way for you to go. Okay?
Let’s go into my home directory. However you want to get to your home directory, if you’re in Windows you can always get to your home directory. You can just go to local disk and inside of users, whichever user, that is your home directory. For me that is also my home directory. okay.
So that is your home directory and you can see for me even hidden files, even hidden folders are being shown. If your hidden folders are not being shown, just come here under view. I think it’s under view. Then you go into options and then view again and hidden files and folders, show hidden files and make sure you select that. If you don’t have hidden folders showing up, make sure they are visible.
For me I want to go here inside of ssh and let me create another sample, ctrl shift N . And I want to call this, let’s call this virtualmin. You can see that this is a really nice way because you can group all your different ssh keys in different folders.
If you do any default method that most people show online you won’t be able to do this. So just make sure you follow either of my posts. It’s going to show you how you can log in even once you create multiple ssh keys. My ssh keys that I’m going to generate are going to be inside here. okay . So that’s the first step. Make sure that you have this dot ssh visible on your home directory in windows. Okay .
That’s the first step. I have created the folder. And you can see that in this post what I did is, I did change directory. So cd is a way for you to change directory into this folder. For me if I was following this method I would have to ssh into the virtualmin folder that I’ve just created, and that’s going to ensure that I don’t have to add the path every time I want to do anything here.
And eve next time when you have to log in, you see you can cd into that folder so that you can get the private key for logging in. This is much easier to understand if I’m doing a demonstration. So let me show you what I mean.
I’m not going to cd but you can see cd. Okay? You can change directory into that folder and if you change directory it simply means that anything else that you do after that you don’t have to put the path. For instance there that is the name of my key. Here if I did not cd into that folder, I would have to add this location. Copy that and then you put it before this. Okay.
That’s the way that I’m going to do it. You can still follow along with this and do it like this but I’m not going to cd. I’m just going to add the path. Let me copy that and I want to put this inside of a txt file. Let me put that inside of a txt file so that I don’t forget it.
This simply means my home directory. Instead of adding the link, adding the path to my home directory, that will replace that with my home directory.
What’s the name of the folder that I’ve just created… It’s called virtualmin. Let me copy this as well and I need the path. I just need this path and this is where our keys are going to be.
You can see our keys will be stored inside here. This is just the path to where my keys are, and now I can start following along with this tutorial.
The first step is, you can see if you cd, you don’t need to add the path but I’m going to have to add the path in my case. I will copy all of this and I will bring it into notepad, and here in notepad.
As I said you need to add the path. If you cd into the folder since you’re on windows you don’t need to add the path. That was just a way for me to save time.
And this is the name of the key, virtualmin/ . This is the name of the key. The private key and the public key will have that name. You can change this name it doesn’t have to be anything like this. I’m just calling it this but you can call it whatever you want.
I’ll just call it firstserver just to show you that you can change the name. This ssh-keygen is going to generate a key and the type of key we want to generate is rsa and the bytes we want to generate is 4096. You can generate 2048 there’s also 1024 but of course we want the highest which is b 4096. This is the bytes of the key we want to generate. And this is just a comment. You can add anything that you want there. It doesn’t have to be an email. That’s just a comment that I’ve added there.
This is going to be where the file is going to get stored. So if I copy this, and just remember that this is being done on your local computer. I will open… I was logged in here as root, I can just close this. I can just close that. I don’t need that and then I’m logged in here as a new user.
Remember we’re not doing this inside the server. We’re doing this outside of the server on our Windows computer. Right now we’re logged into the server so let me log out. And I can just do exit to log out . You can see that has logged me out. You want to do this on your computer. okay .This is on my computer, not in my server.
This is where we are going to generate the key and I’m going to paste that in there. You need to copy that and let me just clear the screen. I will paste in this. What is up?
Let me copy that.
Copy and then I will come here.
There, ssh-keygen . And remember since I did not cd into the folder I have to add the entire path. And as I said this just replaces the path to my home folder. That is what that does and I’m going to press enter to generate our key.
Of course you want to add a passphrase for your key. A passphrase is an extra security for your key. Even if somebody gets access to your key, they will not be able to use it without knowing your passphrase. It is like a password for your key and you’re going to generate the key with the passphrase. For me I’m just going to use a simple passphrase here but make sure you use a strong passphrase that you can remember.
Make sure you add this, this is very important. Ok. You can see our key has been generated and the path to the path to our private key is that and the path to our public key is that.
This is a public key and as I said this path right here can just be replaced. This entire path can just be replaced with the tilde. I’m going to copy this. Let me just copy both of them.
Copy.
I want to paste them down here because I’m going to need them. Of course I don’t want to copy the entire thing. So from here we’ll just replace that with the tilde. This one without dot pub, that is your private key and then this other one.
This is our public key.
And this one as well I don’t want the entire path, I’m just going to replace that with the tilde. Now we’ve generated the key.
The next step is for us to add it to our server. Just remember that I did cd in this post. I cd inside of that directory but I haven’t cd in this video that I’m doing.
ssh-copy-id, this is going to get used to to copy our public key to our server. And this is how it should be right there. What I’m going to do is I’m just going to copy this. Let me copy this one and then I’m going to replace all the elements that I need with the correct elements. I’m going to come to the text file that I had here and in this text file let me just paste in that.
ssh copy id , now we do want the identity of the key. This is just a flag to let the system know the identity of the key. We want to copy this into our server.
I’m going to copy that and I’m going to bring that path there and I will paste it. And then the user, that is the username that I’ve been using on my server . That is the user that I’ve been using and then the host, the ip address for my server. I can get that there.
Paste .
This is going to add the key to our server. It’s very important to note that in this post what I did is icd into that folder so that’s why the path doesn’t have doesn’t have the actual link. It just has the name of the key. Let’s come back to git bash and I’m going to paste in this.
This is going to try and install the key on our server.
And we need to log in. This is a login for your server. All right so the key has been added .
You can see that the key was added successfully. Now try logging into the machine with the ssh key.
To log into your server let’s come back here. To log into your server, you just need the identity of your key and that’s it. And the user you’re logging in as so I’m going to copy this and then I’m going to replace things appropriately as I need to.
So ssh into the user and we have the user here, user plus ip address.Copy user plus the ip address . That’s who we want to log in as. Remember to add the ssh authentication for this, so the user you set up. And then we need the path to our private key. Ok. We added, in this part we did add the dot pub key. Which is a public key. Now we need to log in with our private key.
The private key link is that. I’m going to copy this and remember the private key is the one that doesn’t have dot pub . The one with .pub is the one which is public, which is your public key.
Paste. So once you generate these keys make sure you save them somewhere so that if you ever lose your computer you can still get access to them. You can still get those keys and try to access your server using those keys especially the private key.
I’m going to copy that and I will come back here and I’ll just paste that in just to try to log in.
Enter the passphrase for the key if you did set up a passphrase for this keys when you were setting them up. Make sure that you enter that passphrase .
There we go, now we are logged into the server using our ssh keys. Before I even end the video, the next thing that I want to do is, I want to disable root login and I want to disable password authentication.
I’m going to come down here and I need to go to the ssh configuration file and I need to disable root login and I need to disable password authentication .
I want to do that in this video so I don’t have to do it in the next video. Copy.
Enter the user password, so every time you use sudo you need to enter the password for this user, all right?
I need to find root login and I need to change this to no. And I also need to find password authentication and I need to change that to no. I’m going to to do ctrl w on nano and then I will paste.
permit root login currently set to yes. We don’t want the root user to be able to log in via ssh so I’m going to change this one to no. And then the next step again is I need to disable password authentication. So if someone doesn’t have access to our keys. If someone doesn’t have our keys they will not be able to log into our server and that’s what we want.
We only want people to be able to log in using the key that we set up. So I’m going to paste that in there, enter and then password authentication you can see right now it is commented out so I’m just going to uncomment it and then scroll all the way. We want to make this no.
And then I will do control x , y enter and that’s going to save it . I need to restart ssh . I can just do sudo service ssh restart and that’s going to restart ssh.
Now if somebody tries to log in as a root user they will not be able to log in. If somebody tries to log in via password they will not be able to log in. Right now the only way to log into our server is using the keys that we’ve set up.
Do yourself a favor and just copy that and save it somewhere so that you can use this to log into your server if you need to. okay.
I’ve just recalled there’s something that I’ve forgotten to do and that is to change to change the permissions for our ssh key and the ssh folder.
What we need to do…let’s see if the permission thing is here. Ok. The permission thing is here, so I can just change permission for the ssh folder and the authorized keys on our server.
You need to make sure that the keys are not easily accessible and that’s what we’re doing here. I’m just going to copy this and this will change the permissions for that ssh folder and for the key. It’s going to give it a permission of 600 so no one else has access other than root okay. And once you do that you’ll have to change the ownership for that file to the new user that you’ve set up, otherwise you won’t be able to log in.
I’m going to copy this.
I will paste that in there. So the permissions have been changed. The next thing is for you to give ownership. You need to change the owner of that file and everything inside of this directory to the user that you’ve set up otherwise you will not be able to log in. This is very important .
I’m going to copy that.
And I’ll put it there. for every instance of joe give it the group of the user you’ve set up and the group will be that new user .
So the group of joe.
User joe, home directory joe.
And once you do this you’ll be able to login.
Copy paste and then enter. Now let’s open up a new instance of git bash.
And we need to try to log in . That is our login.
I will paste
All right you can still log in. That’s everything that we needed to do in this video.
In this video you have seen how you can set up ssh authentication using Git Bash .
You can follow the same steps if you’re on Linux or Mac. It’s basically the same steps and if you don’t use git bash you can also use putty and puTTYgen and i do have a video for that. If you come here, you can do that if you go to this link and you scroll, somewhere down here you can watch the video right there. This is a video for using putty and puttygen for ssh keys .
If you get lost make sure that you follow along and everything is going to work out correctly. The next step is in our setup, we’ve already set up ssh keys. The next step is going to be, let’s create the swap file.
I can create a swap file for 2 or 3 gb . A swap file is just a memory location that will be used when memory runs out on our server. That’s something that you need to add, especially if you have a low memory vps. And then once we do that, we’re going to installing Virtualmin.
And then we’ll see how to use Virtualmin to set up WordPress. I’m just using WordPress as a sample. If you want to use any other websites like Joomla, Magento you’ll see how you can do it.
Please note that I will be installing the LEMP stack. I will not be using lamp, i will not install apache. I will just install Nginx and php for for virtualmin.
So that’s it for this video . I will see you in the next one and let’s continue in the next one by creating a swap file.
Discover more from Bizanosa
Subscribe to get the latest posts sent to your email.