SSH Key-Pair Auth2015/11/05
Configure SSH server to login with Keys Authentication. Create a private key for client and a public key for server to do it.
|||Create key pair for each user, so login with a common user and work it like follows.|
# create key-pair
ssh-keygen -t ecdsa
Generating public/private ecdsa key pair.
Enter file in which to save the key (/home/fedora/.ssh/id_ecdsa):
# Enter with default
Created directory '/home/fedora/.ssh'.
Enter passphrase (empty for no passphrase):
# set passphrase (if set no passphrase, Enter with empty)
Enter same passphrase again: Your identification has been saved in /home/fedora/.ssh/id_ecdsa. Your public key has been saved in /home/fedora/.ssh/id_ecdsa.pub. The key fingerprint is: SHA256:b4ZG1OZEtWEpxeAVLgRkTlK4tfysA5Y7hkYN14NZ2ZM firstname.lastname@example.org The key's randomart image is:[fedora@dlp ~]$
mv ~/.ssh/id_ecdsa.pub ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
|||Transfer the secret key created on the Server to a Client, then it's possbile to login with keys authentication.|
# copy the secret key to local ssh directory
scp email@example.com:/home/fedora/.ssh/id_ecdsa ~/.ssh/
Enter passphrase for key '/home/fedora/.ssh/id_ecdsa':
Last login: Wed Dec 10 22:23:46 2014 from www.srv.world
# just logined
|||If you set "PasswordAuthentication" no, it's more secure.|
# line 79: turn to "no"
systemctl restart sshd
SSH Key-Pair Auth from Windows Client
|||Download "Puttygen.exe" from Putty Site and save it under the Putty directory.
Download the latest development version because ECDSA is suported by only the version of Putty.
Next execute it and click "Load" button.
|||Specify the secret key which you downloaded, then passphrase is required like follows, answer it.|
|||Click "Save private key" button to save it under a folder you like with any file name you like.|
|||Start Putty and open [Connection]-[SSH]-[Auth] on the left menu, then select the "private_key" which was just saved above.|
|||Back to the [Session] on the left menu and connect to the SSH server.|
|||The passphrase is required to input, then answer it. If it's correct passphrase, it's possible to login normally like follows.|