Creating SSH Keys and setting up Key Based Authentication

I’ll be doing this walkthrough using an OVH SSD VPS with Ubuntu 16.04. You’ll need something with a better CPU like I listed in the homepage. In this section we’ll be covering setting up the basics and covering SSH Keys and Key based authentication.



Some notes before we start.

Everything is relative in this guide. If you change (for example) the location of folders to instead be /home/user/ you’ll also want to update the crons and rclone remotes. Same if you change the rclone remote names etc.

I must stress, that I’m only using a VPS as proof of concept and nothing more. Typically cheap VPS’s don’t come with much storage and you’ll want at least 50gb or so to provide some buffer (and seed). The CPU will also be nowhere near strong enough. If you want to keep things cheap, look into the Kimsufis and not a 3 dollar VPS!


First, lets do the DNS. I use Cloudflare for everything and we’re only using DNS, none of their CDN features so if you want to use Cloudflare too it’s pretty straightforward. Crucially, it’s also safe. We’re not using Cloudflares SSL nor their reverse proxy CDN setup, only DNS – so ensure the orange cloud is disabled. SECONDLY, do NOT update your SSH port before quickbox does, leave it at 22 and leave Quickbox update it for you!

Login to your domain provider and search for the ‘nameservers’ section. When found, create an account at Cloudflare. Login to Cloudflare, add site and follow the steps, at the end it will give you two Cloudflare nameserver addresses. Take these and go back to your domain provider and switch them out. This process can take a while but fortunately, Cloudflare will email you when it’s finished.

Once that’s done, (assuming you want to use nonwww) CNAME the WWW record to your root domain and create an A-Record for your domain to your servers IP Address. You can also create an A-Record for plex and point it to the same IP. It’s hard to give a rundown on DNS as every provider is different, the end goal is very straightforward, all you need to do is point your domain to your servers IP. Here’s an example image, obviously sub in your domain name and actual server IP.

Lets start next with setting up SSH keys.

If you’re on windows you should be using Putty. Boot up Puttygen, ensure SSH-2 RSA is selected and click on ‘Generate’. Follow the instructions and enter a Key Passphrase and then save both Public & Private Keys. Put them somewhere safe, (not Dropbox etc) and ideally, back them up on cold storage, a flash drive somewhere safe. Don’t close puttygen yet.

Boot up regular putty and connect to your new server and once logged in,

nano ~/.ssh/authorized_keys

If this file/folder doesn’t exist yet, you can create it yourself

mkdir ~/.ssh chmod 0700 ~/.ssh touch ~/.ssh/authorized_keys chmod 0644 ~/.ssh/authorized_keys

Then nano into it again. Go back to puttygen and right click on the box you waved your mouse over earlier with the random movements, select copy and paste it in (right click) the file we just opened in putty. Then close it out, ctrl + x, y.

Great, now we have our SSH keys created, now we need to configure the ssh service to allow key-based login and disallow password-enabled logins.

nano /etc/ssh/sshd_config

Change PasswordAuthentication yes to PasswordAuthentication no and UsePAM yes to UsePAM no. Then service sshd restart. Don’t logout of your current putty session yet as if you screwed anything up, you may get locked out. Open up a second Putty window, load the same server connection details but this time, click on the ‘SSH’ button on the left hand side, ‘Auth’ and in the ‘Private key file for authentication’ box, browse to your private key from earlier that you saved, then click ‘Session’ again on the left hand side and ‘Save’. Click ‘Open’ and enter the SSH passphrase if you created one, you should now be successfully logged in. You can close the first Putty window now as we’ve successfully setup SSH keys.

As for other security measures like changing SSH port and installing fail2ban, Quickbox will take care of this for us.

Next up, [Quickbox, installation and configuration.]