# SSH public key authentication ## General Instead of using password authentication - anywhere where you're able to provide SSH credentials (hypervisors, VMs applications, etc) you also have the public key alternative.\*\*.\ By default, Storware Backup & Recovery uses the `/opt/vprotect/.ssh/id_rsa` path, however, you also can override it with your own path\*.\ \&#xNAN;***\*(this needs to be owned by `vprotect` user and make sure it has the `0400` permission set.***\ ***\*\*You don't have to pass a passphrase, you can leave this parameter blank.*** {% hint style="info" %} **Note:** Storware Backup & Recovery does not support keys other than "RSA" {% endhint %} ### Example 1\. Generate a key or use yours and store it as `/opt/vprotect/.ssh/id_rsa` (make sure that the `vprotect` user and group own the file) * example key generation: ``` [root@vProtect3 vprotect]# sudo -u vprotect ssh-keygen -t rsa -m PEM Generating public/private rsa key pair. Enter file in which to save the key (/opt/vprotect/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /opt/vprotect/.ssh/id_rsa. Your public key has been saved in /opt/vprotect/.ssh/id_rsa.pub. The key fingerprint is: SHA256:86HSLKYwl7maDR7U1oIH1Y6VDtRFNJgHgfdjikg3VnQ vprotect@vProtect3 The key's randomart image is: +---[RSA 2048]----+ | .o=+XE | | .o X... | | . O o | | .+=.o + | | .o+=o.oS.. | | ..o.+.o + . | | = + + + . | | . O + o | | +.+ | +----[SHA256]-----+ ``` 2\. use `ssh-copy-id` to upload your public key (as `vprotect` user) to the KVM host: ``` sudo -u vprotect ssh-copy-id -i /opt/vprotect/.ssh/id_rsa.pub root@HYPERVISOR ``` 3\. Check if you're able to log in to the hypervisor using the local `vprotect` user without being asked for the password: ``` [root@vProtect3]# sudo -u vprotect ssh -i /opt/vprotect/.ssh/id_rsa root@dkvm Last failed login: Mon Jan 29 17:53:01 CET 2018 from 10.50.1.107 on ssh:notty There was 1 failed login attempt since the last successful login. Last login: Mon Jan 29 17:52:39 2018 from 10.50.1.107 [root@dKVM ~]# logout ``` 4\. Now you should be able to index VMs regardless of the password set for the hypervisor (the key should be used instead) 5\. Provide path to key (default: /opt/vprotect/.ssh/id\_rsa) in Storware Backup & Recovery dashboard ![](/files/Nborm410RMuPOnrjqMDi) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.storware.eu/backup-and-recovery-71/deployment/common-tasks/ssh-public-key-authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.