# SSH public key authentication

## General

Instead of using password authentication - anywhere where you're able to provide SSH credentials (hypervisors, VMs applications, etc) you also have the public key alternative.\*\*.\
By default, Storware Backup & Recovery uses the `/opt/vprotect/.ssh/id_rsa` path, however, you also can override it with your own path\*.\
\&#xNAN;***\*(this needs to be owned by `vprotect` user and make sure it has the `0400` permission set.***\
***\*\*You don't have to pass a passphrase, you can leave this parameter blank.***

{% hint style="info" %}
**Note:**

Storware Backup & Recovery does not support keys other than "RSA"
{% endhint %}

### Example

1\. Generate a key or use yours and store it as `/opt/vprotect/.ssh/id_rsa` (make sure that the `vprotect` user and group own the file)

* example key generation:

```
[root@vProtect3 vprotect]# sudo -u vprotect ssh-keygen -t rsa -m PEM
Generating public/private rsa key pair.
Enter file in which to save the key (/opt/vprotect/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /opt/vprotect/.ssh/id_rsa.
Your public key has been saved in /opt/vprotect/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:86HSLKYwl7maDR7U1oIH1Y6VDtRFNJgHgfdjikg3VnQ vprotect@vProtect3
The key's randomart image is:
+---[RSA 2048]----+
|   .o=+XE        |
|   .o X...       |
|  .  O o         |
|  .+=.o +        |
| .o+=o.oS..      |
| ..o.+.o + .     |
|  = + + + .      |
| . O + o         |
|  +.+            |
+----[SHA256]-----+
```

2\. use `ssh-copy-id` to upload your public key (as `vprotect` user) to the KVM host:

```
sudo -u vprotect ssh-copy-id -i /opt/vprotect/.ssh/id_rsa.pub root@HYPERVISOR
```

3\. Check if you're able to log in to the hypervisor using the local `vprotect` user without being asked for the password:

```
[root@vProtect3]# sudo -u vprotect ssh -i /opt/vprotect/.ssh/id_rsa root@dkvm
Last failed login: Mon Jan 29 17:53:01 CET 2018 from 10.50.1.107 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Mon Jan 29 17:52:39 2018 from 10.50.1.107
[root@dKVM ~]# logout
```

4\. Now you should be able to index VMs regardless of the password set for the hypervisor (the key should be used instead)

5\. Provide path to key (default: /opt/vprotect/.ssh/id\_rsa) in Storware Backup & Recovery dashboard

![](https://content.gitbook.com/content/wUsKWUrceYHp8e9TJ00e/blobs/v38kPwhAeG07b5MohW38/deployment-common_tasks-ssh_public_key_authentication.png)