OpenSSH : SSH Key-Pair Authentication2023/06/14
Configure SSH server to login with Key-Pair Authentication.
Create a private key for client and a public key for server to do it.
|||Create Key-Pair by each user, so login with a common user on SSH Server Host and work like follows.|
# create key-pair
Generating public/private rsa key pair. Enter file in which to save the key (/home/debian/.ssh/id_rsa): # Enter or input changes if you want Created directory '/home/debian/.ssh'. Enter passphrase (empty for no passphrase): # set passphrase (if set no passphrase, Enter with empty) Enter same passphrase again: Your identification has been saved in /home/debian/.ssh/id_rsa Your public key has been saved in /home/debian/.ssh/id_rsa.pub The key fingerprint is: SHA256:0906O21b6CZoQseEYDbM3QYKa2kkqfmRYTnIOFZmBTI firstname.lastname@example.org The key's randomart image is: ..... .....debian@dlp:~$
total 8 -rw------- 1 debian debian 2655 Jun 14 03:28 id_rsa -rw-r--r-- 1 debian debian 574 Jun 14 03:28 id_rsa.pubdebian@dlp:~$
mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
|||Transfer the private key created on the Server to a Client, then it's possible to login with Key-Pair authentication.|
# transfer the private key to the local ssh directory
scp email@example.com:/home/debian/.ssh/id_rsa ~/.ssh/
firstname.lastname@example.org's password: id_rsa 100% 2655 2.6MB/s 00:00debian@node01:~$
Enter passphrase for key '/home/debian/.ssh/id_rsa': # passphrase if you set Linux dlp.srv.world 6.1.0-9-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.27-1 (2023-05-08) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. debian@dlp:~$ # logined
|||If you set [PasswordAuthentication no], it's more secure.|
# line 57 : change to [no]
# line 62 : confirm the value is [no]
systemctl restart ssh
SSH Key-Pair Authentication on Windows Client #1
Run [Puttygen.exe] that is included in [Putty]. (placed in the folder [Putty.exe] is also placed)
If not included, Download it from official site (www.chiark.greenend.org.uk/~sgtatham/putty/).
After starting [Puttygen.exe], Click [Load] button on the following window.
|||Specify the private key that you transferred from SSH server, then passphrase is required like follows, answer it. (if not set passphrase, this step is skipped)|
|||Click [Save private key] button to save it under a folder you like with any file name you like.|
|||Start Putty and Open [Connection] - [SSH] - [Auth] - [Credencial] on the left pane, then specify your private key on the [Private key file] field.|
|||Back to the [Session] on the left pane and specify your SSH server host to Connect.|
|||When SSH key-pair is set, the passphrase if it is set is required to login like follows, then answer it.|
SSH Key-Pair Authentication on Windows #2
|||OpenSSH Client has been implemented as an Windows feature, so it's possible to authenticate with SSH Key-Pair without Putty and other 3rd party softwares. Transfer your private key to your Windows and put it under the [(logon user home).ssh] folder like follows, then it's ready to use Key-Pair authentication.|