SSH Key-Pair Auth2015/11/05 |
Configure SSH server to login with Keys Authentication. Create a private key for client and a public key for server to do it.
|
|
[1] | Create key pair for each user, so login with a common user and work it like follows. |
# create key-pair [fedora@dlp ~]$ ssh-keygen -t ecdsa Generating public/private ecdsa key pair. Enter file in which to save the key (/home/fedora/.ssh/id_ecdsa): # Enter with default Created directory '/home/fedora/.ssh'. Enter passphrase (empty for no passphrase): # set passphrase (if set no passphrase, Enter with empty) Enter same passphrase again: Your identification has been saved in /home/fedora/.ssh/id_ecdsa. Your public key has been saved in /home/fedora/.ssh/id_ecdsa.pub. The key fingerprint is: SHA256:b4ZG1OZEtWEpxeAVLgRkTlK4tfysA5Y7hkYN14NZ2ZM fedora@localhost.localdomain The key's randomart image is:[fedora@dlp ~]$ mv ~/.ssh/id_ecdsa.pub ~/.ssh/authorized_keys [fedora@dlp ~]$ chmod 600 ~/.ssh/authorized_keys |
[2] | Transfer the secret key created on the Server to a Client, then it's possbile to login with keys authentication. |
# copy the secret key to local ssh directory [fedora@www ~]$ scp fedora@10.0.0.30:/home/fedora/.ssh/id_ecdsa ~/.ssh/ fedora@10.0.0.30's password: id_rsa ssh fedora@10.0.0.30 Enter passphrase for key '/home/fedora/.ssh/id_ecdsa': # passphrase Last login: Wed Dec 10 22:23:46 2014 from www.srv.world [fedora@dlp ~]$ # just logined |
[3] | If you set "PasswordAuthentication" no, it's more secure. |
[root@dlp ~]#
vi /etc/ssh/sshd_config # line 79: turn to "no" PasswordAuthentication no
systemctl restart sshd |
SSH Key-Pair Auth from Windows Client
|
It's the example to login to SSH server from Windows Client. It uses Putty on here.
Transfer a secret key to Windows Client first. |
|
[4] | Download "Puttygen.exe" from Putty Site and save it under the Putty directory. Download the latest development version because ECDSA is suported by only the version of Putty. Next execute it and click "Load" button. |
[5] | Specify the secret key which you downloaded, then passphrase is required like follows, answer it. |
[6] | Click "Save private key" button to save it under a folder you like with any file name you like. |
[7] | Start Putty and open [Connection]-[SSH]-[Auth] on the left menu, then select the "private_key" which was just saved above. |
[8] | Back to the [Session] on the left menu and connect to the SSH server. |
[9] | The passphrase is required to input, then answer it. If it's correct passphrase, it's possible to login normally like follows. |
Sponsored Link |