How to Set Up Login via SSH Keys on Linux Servers

Here’s a tutorial that talks about setting up login via SSH keys on Ubuntu servers as well as how to log in to such servers from Mac and Windows clients. This tutorial builds on DigitalOcean’s excellent tutorial (How To Set Up SSH Keys) [1].

About SSH Keys

SSH keys provide a more secure way of logging into a virtual private server with SSH than using a password alone. While a password can eventually be cracked with a brute force attack, SSH keys are nearly impossible to decipher by brute force alone. Generating a key pair provides you with two long string of characters: a public and a private key. You can place the public key on any server, and then unlock it by connecting to it with a client that already has the private key. When the two match up, the system unlocks without the need for a password. You can increase security even more by protecting the private key with a passphrase.

Step One—Create the RSA Key Pair
The first step is to create the key pair on the client machine (there is a good chance that this will just be your computer):

ssh-keygen -t rsa

Step Two—Store the Keys and Passphrase
Once you have entered the Gen Key command, you will get a few more questions:

Enter file in which to save the key (/home/demo/.ssh/id_rsa):
You can press enter here, saving the file to the user home (in this case, my example user is called demo).

Enter passphrase (empty for no passphrase):
It’s up to you whether you want to use a passphrase. Entering a passphrase does have its benefits: the security of a key, no matter how encrypted, still depends on the fact that it is not visible to anyone else. Should a passphrase-protected private key fall into an unauthorized users possession, they will be unable to log in to its associated accounts until they figure out the passphrase, buying the hacked user some extra time. The only downside, of course, to having a passphrase, is then having to type it in each time you use the Key Pair.

The entire key generation process looks like this:

ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/demo/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/demo/.ssh/id_rsa.
Your public key has been saved in /home/demo/.ssh/
The key fingerprint is:
4a:dd:0a:c6:35:4e:3f:ed:27:38:8c:74:44:4d:93:67 demo@a
The key's randomart image is:
+--[ RSA 2048]----+
|          .oo.   |
|         .  o.E  |
|        + .  o   |
|     . = = .     |
|      = S = .    |
|     o + = +     |
|      . o + o .  |
|           . o   |
|                 |

The public key is now located in /home/demo/.ssh/ The private key (identification) is now located in /home/demo/.ssh/id_rsa

Step Three—Copy the Public Key
Once the key pair is generated, it’s time to place the public key on the virtual server that we want to use.

You can copy the public key into the new machine’s authorized_keys file with the ssh-copy-id command. Make sure to replace the example username and IP address below.

ssh-copy-id user@

Alternatively, you can paste in the keys using SSH:

cat ~/.ssh/ | ssh user@ “mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys”
No matter which command you chose, you should see something like:

The authenticity of host ' (' can't be established.
RSA key fingerprint is b1:2d:33:67:ce:35:4d:5f:f3:a8:cd:c0:c4:48:86:12.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (RSA) to the list of known hosts.
user@'s password: 
Now try logging into the machine, with "ssh 'user@'", and check in:

to make sure we haven't added extra keys that you weren't expecting.

Note: if you create your private key in a non-standard location, you will want to copy it to the remote server using the ssh-copy-id command with the i flag as follows:

ssh-copy-id -i ~/.ssh/your-id-rsa-file user@

Now you can go ahead and log into user@ and you will not be prompted for a password. However, if you set a passphrase, you will be asked to enter the passphrase at that time (and whenever else you log in in the future).

Logging in from Various Clients


Note: if you are logging in from a Mac client, you may want to store your private key credentials in the keychain so that you don’t get asked for a password henceforth. To do this, run the following command:

ssh-add -K ~/.ssh/you-id-rsa-key

Then entire your passphrase when prompted (if you set one earlier).


If you are logging from a Windows machine, you may want to use a client like Putty. If you try to use your OpenSSH key directly with Putty, you may run into an error like “Unable to Use key file /Path/to/your/id-rsa-file (OpenSSH SSH-2 private key)”. To fix this, you will need to convert your private key to one that Putty can use. Puttygen is a software you can use for this. Download Puttygen, run the program, go to Conversions > Import key, find your private key and click Open, then click Save private key. This will generate a .ppk file which you can use with Putty. You may find more details in CNX Soft’s excellent tutorial [2].

Optional Step Four—Disable the Password for Root Login
Once you have copied your SSH keys unto your server and ensured that you can log in with the SSH keys alone, you can go ahead and restrict the root login to only be permitted via SSH keys.

In order to do this, open up the SSH config file:

sudo vim /etc/ssh/sshd_config

Within that file, find the line that includes PermitRootLogin and modify it to ensure that users can only connect with their SSH key:

PermitRootLogin without-password

Put the changes into effect:

reload ssh


1. How To Set Up SSH Keys.–2. [04/12/2016].

2. How To Use Putty with an SSH Private Key Generated by OpenSSH. [04/12/2016].

How to Create VirtualHost in Tomcat 8

Hi folks,

Today I will discuss how to create a VirtualHost on Tomcat 8. For those who don’t know, Tomcat is a very popular open-source web server for hosting Java web applicationsm. Tomcat implements a bunch of Java EE specifications like Java Servlet, JavaServer Pages (JSP), Websocket and Java EL [1].

Let’s assume you installed Tomcat 8 in /usr/local/apache-tomcat-8.0.30. you want to add a virtual host Assume the project folder is at /usr/local/apache-tomcat-8.0.30/webapps/myapp

Open the file /usr/local/apache-tomcat-8.0.30/conf/server.xml
Then add the following lines:

 <Host name="" appBase="webapps" unpackWARs="true" autoDeploy="true">
 <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
 prefix="sweetapp_access_log" suffix=".txt"
 pattern="%h %l %u %t "%r" %s %b" />
 <Context path="" docBase="/usr/local/apache-tomcat-8.0.30/webapps/myapp"
 debug="0" reloadable="true"/>

Save and close the file.

Then restart tomcat using the commands:



Apache Tomcat – Wikipedia, the free encyclopedia.

How to Mount External Hard Drives on Boot on Ubuntu

Sometimes you want your computer to load external hard drives automatically on boot, e.g. if it gets rebooted accidentally, recovers from power failure, etc. Here’s how to do that on Ubuntu 14.04.

First, create a desired directory for your mount point using a command like:

 mkdir /your/mount/point

Then, while the external hard drive is connected and the computer is on, find the drive’s UUID by running the command


This will list all block devices, including your external hard drive. Note the UUID and the type of the drive.

Then, open /etc/fstab and add a line like

UUID=<your uuid> /your/mount/point  <your mount point> users,defaults 0 0

Save and close the file, then test it by rebooting and perhaps logging in from another machine via SSH. Your drive should mount automatically!