OpenSSH : SSH Key-Pair Authentication2014/07/29 |
|
Configure SSH server to login with Key-Pair Authentication.
Create a private key for client and a public key for server to do it.
|
|
| [1] | Create Key-Pair for each user, so login with a common user on SSH Server Host and work like follows. |
|
# create key pair [cent@dlp ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/cent/.ssh/id_rsa): # Enter if keep default Created directory '/home/cent/.ssh'. Enter passphrase (empty for no passphrase): # set passphrase (set no passphrase to Enter with empty) Enter same passphrase again: Your identification has been saved in /home/cent/.ssh/id_rsa. Your public key has been saved in /home/cent/.ssh/id_rsa.pub. The key fingerprint is: 38:f1:b4:6d:d3:0e:59:c8:fa:1d:1d:48:86:f0:fe:74 cent@dlp.srv.world The key's randomart image is:[cent@dlp ~]$ mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys |
| [2] | Transfer the secret key created on the Server to a Client, then it's possible to login with keys authentication. |
|
# copy the secret key to local ssh directory [cent@www ~]$ scp cent@10.0.0.30:/home/cent/.ssh/id_rsa ~/.ssh/ cent@10.0.0.30's password: id_rsa ssh -i ~/.ssh/id_rsa cent@10.0.0.30 Enter passphrase for key '/home/cent/.ssh/id_rsa': # passphrase Last login: Wed Jul 30 21:37:19 2014 from www.srv.world [cent@dlp ~]$ # just logined |
| [3] | If you set [PasswordAuthentication no], it's more secure. |
|
[root@dlp ~]#
vi /etc/ssh/sshd_config # line 65: turn to [no] PasswordAuthentication no
# line 69: make sure the value is [no] ChallengeResponseAuthentication no # line 96: make sure the value is [yes] UsePAM yes systemctl restart sshd |
|
SSH Key-Pair Authentication from Windows Client
|
|
It's the example to login to SSH server from Windows Client. It uses Putty on here.
Transfer a secret key to Windows Client first. |
|
| [4] | Download [Puttygen.exe] from Putty Site and save it under the Putty directory. Next execute it and click [Load] button. |
|
| [5] | Specify the secret key which you downloaded, then passphrase is required like follows, answer it. |
|
| [6] | Click [Save private key] button to save it under a folder you like with any file name you like. |
|
| [7] | Start Putty and open [Connection] - [SSH] - [Auth] on the left menu, then select the [private_key] which was just saved above. |
|
| [8] | Back to the [Session] on the left menu and connect to the SSH server. |
|
| [9] | The passphrase is required to login, then answer it. If it's correct, it's possible to login normally like follows. |
|
|
SSH Key-Pair Authentication from Windows Client #2
|
| [10] | If your Windows is Windows 10 Version 1803 like here, OpenSSH Client has been implemented as a Windows feature, so it's possible to authenticate with SSH Key-Pair without Putty and others. Transfer the secret key to your Windows 10 and put it uder the [(logon user home).ssh] folder like follows, then it's ready to use Key-Pair login. |
|
Matched Content