OpenSSH : SSH Key-Pair Authentication2021/08/17 |
|
Configure SSH server to login with Key-Pair Authentication.
Create a private key for client and a public key for server to do it. |
|
| [1] | Create Key-Pair by each user, so login with a common user on SSH Server Host and work like follows. |
|
# create key-pair debian@dlp:~$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/debian/.ssh/id_rsa): # Enter or input changes if you want Created directory '/home/debian/.ssh'. Enter passphrase (empty for no passphrase): # set passphrase (if set no passphrase, Enter with empty) Enter same passphrase again: Your identification has been saved in /home/debian/.ssh/id_rsa Your public key has been saved in /home/debian/.ssh/id_rsa.pub The key fingerprint is: SHA256:H+lFm+3c93VekrLiFCYAwoWDUVs43s4JEze8wr8QzG8 debian@dlp.srv.world The key's randomart image is: ..... .....debian@dlp:~$ ll ~/.ssh total 8 -rw------- 1 debian debian 2655 Aug 17 13:48 id_rsa -rw-r--r-- 1 debian debian 574 Aug 17 13:48 id_rsa.pubdebian@dlp:~$ mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys |
| [2] | Transfer the private key created on the Server to a Client, then it's possible to login with Key-Pair authentication. |
|
# transfer the private key to the local ssh directory debian@node01:~$ scp debian@dlp.srv.world:/home/debian/.ssh/id_rsa ~/.ssh/ debian@dlp.srv.world's password: id_rsa 100% 2655 2.0MB/s 00:00debian@node01:~$ ssh debian@dlp.srv.world
Enter passphrase for key '/home/debian/.ssh/id_rsa': # passphrase if you set
Linux dlp.srv.world 5.10.0-8-amd64 #1 SMP Debian 5.10.46-4 (2021-08-03) x86_64
.....
.....
debian@dlp:~$ # logined |
| [3] | If you set [PasswordAuthentication no], it's more secure. |
|
root@dlp:~#
vi /etc/ssh/sshd_config # line 58 : change to [no] PasswordAuthentication no
systemctl restart ssh |
|
SSH Key-Pair Authentication on Windows Client #1
|
|
This is the example to login to SSH server from Windows Client.
It uses Putty on this example. Before it, Transfer a private key to Windows Client. |
|
| [4] | Run [Puttygen.exe] that is included in [Putty]. (placed in the folder [Putty.exe] is also placed) If not included, Download it from official site (www.chiark.greenend.org.uk/~sgtatham/putty/). After starting [Puttygen.exe], Click [Load] button on the following window. |
|
| [5] | Specify the private key that you transferred from SSH server, then passphrase is required like follows, answer it. (if not set passphrase, this step is skipped) |
|
| [6] | Click [Save private key] button to save it under a folder you like with any file name you like. |
|
| [7] | Start Putty and Open [Connection] - [SSH] - [Auth] on the left pane, then specify your private key on the [Private key file] field. |
|
| [8] | Back to the [Session] on the left pane and specify your SSH server host to Connect. |
|
| [9] | When SSH key-pair is set, the passphrase if it is set is required to login like follows, then answer it. |
|
|
SSH Key-Pair Authentication on Windows #2
|
| [10] | On Windows 10 Version 1803 or later, OpenSSH Client has been implemented as a Windows feature, so it's possible to authenticate with SSH Key-Pair without Putty and other 3rd party softwares. Transfer your private key to your Windows 10 and put it under the [(logon user home).ssh] folder like follows, then it's ready to use Key-Pair authentication. |
|
Matched Content