Generating your SSH Key

No more passwords! Keys will save time and are more secure.

What's a Passphrase?

A passphrase is not a password. It's a phrase that you only enter once when you start your computer, not for each login to another server. It unlocks your private key.

It could be a line from one of your favorite songs, a scripture verse, or a line from a poem, or, most securely, a random collection of words.

Linux has OpenSSH built right in, and we'll show you how to set up a handy key manager. Here's how to set it up:

First, generate a new ssh key:

mkdir ~/.ssh/
ssh-keygen -C "[email protected]"
When the command asks you where to save your key, just hit enter.

When prompted, a long, strong passphrase is recommended (use a phrase that only you know; it's not necessary to mix in extra punctuation if the passphrase is at least 5 or 6 randomly-chosen words.) You'll only have to type it in when you log into your desktop, not every time you want to log into a server. You can leave the other prompts blank.

You'll only have to type your passphrase in when you log into your Linux desktop session, not every time you want to log into a server. Since you're using Userify, if you forget your passphrase in the future, it's easy to rm .ssh/id_rsa* and then re-deploy a fresh key.

This will generate your SSH private key in the file ~/.ssh/id_rsa and your public key in the file ~/.ssh/id_rsa.pub. (Note the .pub). (~ is shorthand for your home directory, i.e., /home/username)

Upload your public key to Userify by copying and pasting the contents of ~/.ssh/id_rsa.pub in your home directory to Userify. Just cat the file and copy it from your terminal and paste it into Userify:


cat ~/.ssh/id_rsa.pub
    

Ubuntu running Unity and distributions such as Fedora running Gnome3 should also have a built-in key manager, so we recommend using the built-in key manager when available. Otherwise, a great keychain manager for Linux is called (appropriately!) GNU Keychain. If you're using Ubuntu or Debian (or a derivative), just sudo apt-get install keychain. For Fedora, Red Hat derivatives, etc, sudo yum install keychain should work as well.

Add a few lines to your .bashrc. (Not all Linux distributions have working .bashrc's, but try it first. Two possible fixes: /etc/bash/bashrc, and also check to ensure your shell is bash: grep username /etc/passwd.) You can create or append to your .bashrc in your home directory as follows:


cat << "EOF" >> ~/.bashrc
if [ -f /usr/bin/keychain ]; then
    [ -f $HOME/.ssh/id_rsa ] && keychain -q $HOME/.ssh/id_rsa
    [ -f $HOME/.keychain/${HOSTNAME}-sh ] && source ~/.keychain/${HOSTNAME}-sh
fi
EOF
This will load the SSH key whenever you open your terminal. Depending on your terminal application, you may need to log out and log back in in order to for this to take effect.

From now on, you can connect to any Userify-enabled server without typing a password, just by typing in ssh IP, where IP is the IP address or hostname of the server you wish to connect to.

If your Userify username is different from your Linux username, you can either ssh [email protected] each time or just add the following to .ssh/config, and then just ssh IP anytime.


Host *
    Username YourUserifyUsername

Macs have OpenSSH built right in, as well as a handy key manager. Here's how to set it up:

First, open your favorite Mac OSX terminal application (Applications/Utilities/Terminal) and generate a new ssh key:

mkdir ~/.ssh/
ssh-keygen -C "[email protected]"

When prompted, a long, strong passphrase is recommended (use a phrase that only you know; it's not necessary to mix in extra punctuation if the passphrase is at least 5 or 6 randomly-chosen words.) You'll only have to type it in when you log into your Mac, not every time you want to log into a server. You can leave the other prompts blank.

This will generate your SSH private key in the file /Users/yourusername/.ssh/id_rsa and your public key in the file /Users/yourusername/.ssh/id_rsa.pub. (Note the .pub).

Upload your public key to Userify by copying and pasting the contents of .ssh/id_rsa.pub in your home directory to Userify. You can just run the following code to copy it to your clipboard for easier copying and pasting:

pbcopy < ~/.ssh/id_rsa.pub

To take advantage of your Mac's handy keychain manager, just load your key one time into it:

ssh-add -K ~/.ssh/id_rsa

This will load the SSH key into your chain whenever you reboot your Mac. You should be able to see the keys from the command line via ssh-add -l as well as in the Keychain Access app.

From now on, you can connect to any Userify-enabled server without typing a password, just by typing in ssh IP, where IP is the IP address or hostname of the server you wish to connect to.

If your Userify username is different from your Mac username, you can either ssh [email protected] each time or just add the following to .ssh/config, and then just ssh IP anytime.

Host *
     Username YourUserifyUsername

The most frequently used tool in Windows for SSH is called Putty, and it has an easy-to-use key generator called the Putty Key Generator.

Using it is easy. Just open the Putty Key Generator and click Generate. Protect your key with a strong but memorable passphrase and set the key comment to your email address.

Just copy the top part ("Public Key for pasting into OpenSSH authorized_keys file") and paste it into your Userify profile page, and save the .PPK file to your Documents or Windows Start folder so that it will be unlocked as soon as you log in.

Quick Tip

Drag the PPK file you just generated into your Startup folder! After you've unlocked it, you won't be prompted for the passphrase again, and you'll be able to log into Userify-enabled servers instantly, without password prompts!

Pro Tip: Generating keys is optional if you only want to log into the dashboard and not servers.


Next step, Create Your Company.