OpenSSH : SSH Key-Pair Authentication2018/11/02 |
Configure SSH server to login with Key-Pair Authentication. Create a private key for client and a public key for server to do it.
|
|
[1] | Create Key-Pair for each user, so login with a common user on SSH Server Host and work like follows. |
# create key-pair [fedora@dlp ~]$ ssh-keygen -t ecdsa Generating public/private ecdsa key pair. Enter file in which to save the key (/home/fedora/.ssh/id_ecdsa): # Enter or input changes if you want Created directory '/home/fedora/.ssh'. Enter passphrase (empty for no passphrase): # set passphrase (if set no passphrase, Enter with empty) Enter same passphrase again: Your identification has been saved in /home/fedora/.ssh/id_ecdsa. Your public key has been saved in /home/fedora/.ssh/id_ecdsa.pub. The key fingerprint is: SHA256:cE5dP8aDaz8XHDWC/Nn93FGGXP9/TYKavnhgDqpwPnY fedora@dlp.srv.world The key's randomart image is: +---[ECDSA 256]---+ | . oo +o| | . + ++ *| | . o . o Oo+| | = *.=+| | S + .+*| | . o + . oB| |. . . + .o o =| | +o E .o. o.| | .o+ ..o. | +----[SHA256]-----+[fedora@dlp ~]$ ll ~/.ssh total 8 -rw-------. 1 fedora fedora 513 Nov 2 10:47 id_ecdsa -rw-r--r--. 1 fedora fedora 182 Nov 2 10:47 id_ecdsa.pub[fedora@dlp ~]$ mv ~/.ssh/id_ecdsa.pub ~/.ssh/authorized_keys |
[2] | Transfer the secret key created on the Server to a Client, then it's possbile to login with Key-Pair authentication. |
# copy the secret key to the local ssh directory [fedora@www ~]$ scp fedora@10.0.0.30:/home/fedora/.ssh/id_ecdsa ~/.ssh/ fedora@10.0.0.30's password: id_ecdsa ssh fedora@10.0.0.30 Enter passphrase for key '/home/fedora/.ssh/id_ecdsa': # passphrase if you set Last login: Tue May 7 19:16:49 2018 from www.srv.world [fedora@www ~]$ # just logined |
[3] | If you set [PasswordAuthentication no], it's more secure. |
[root@dlp ~]#
vi /etc/ssh/sshd_config # line 73: change to [no] PasswordAuthentication no
systemctl restart sshd |
SSH Key-Pair Authentication from Windows Client #1
|
It's the example to login to SSH server from Windows Client.
It uses Putty on here.
Transfer a secret key to Windows Client first. |
|
[4] | Download [Puttygen.exe] from Putty Site and save it under the Putty directory. Next execute it and click [Load] button. |
[5] | Specify the secret key which you downloaded, then passphrase is required like follows, answer it. |
[6] | Click [Save private key] button to save it under a folder you like with any file name you like. |
[7] | Start Putty and open [Connection] - [SSH] - [Auth] on the left menu, then select the [private_key] which was just saved above. |
[8] | Back to the [Session] on the left menu and connect to the SSH server. |
[9] | The passphrase is required to login, then answer it. If it's correct, it's possible to login normally like follows. |
SSH Key-Pair Authentication from Windows Client #2
|
[10] | If your Windows is Windows 10 Version 1803 or later like here, OpenSSH Client has been implemented as a Windows feature, so it's possbile to authenticate with SSH Key-Pair without Putty and others. Transfer the secret key to your Windows 10 and put it uder the [(logon user home).ssh] folder like follows, then it's ready to use Key-Pair login. |
Sponsored Link |