Fedora 29
Sponsored Link

OpenSSH : SSH Key-Pair Authentication2018/11/02

 
Configure SSH server to login with Key-Pair Authentication. Create a private key for client and a public key for server to do it.
[1] Create Key-Pair for each user, so login with a common user on SSH Server Host and work like follows.
# create key-pair

[fedora@dlp ~]$
ssh-keygen -t ecdsa

Generating public/private ecdsa key pair.
Enter file in which to save the key (/home/fedora/.ssh/id_ecdsa):   # Enter or input changes if you want
Created directory '/home/fedora/.ssh'.
Enter passphrase (empty for no passphrase):    # set passphrase (if set no passphrase, Enter with empty)
Enter same passphrase again:
Your identification has been saved in /home/fedora/.ssh/id_ecdsa.
Your public key has been saved in /home/fedora/.ssh/id_ecdsa.pub.
The key fingerprint is:
SHA256:cE5dP8aDaz8XHDWC/Nn93FGGXP9/TYKavnhgDqpwPnY fedora@dlp.srv.world
The key's randomart image is:
+---[ECDSA 256]---+
|          . oo +o|
|         . + ++ *|
|      . o . o Oo+|
|       =     *.=+|
|        S   + .+*|
|      . o  + . oB|
|. .  . + .o   o =|
| +o E   .o.    o.|
| .o+    ..o.     |
+----[SHA256]-----+

[fedora@dlp ~]$
ll ~/.ssh

total 8
-rw-------. 1 fedora fedora 513 Nov  2 10:47 id_ecdsa
-rw-r--r--. 1 fedora fedora 182 Nov  2 10:47 id_ecdsa.pub

[fedora@dlp ~]$
mv ~/.ssh/id_ecdsa.pub ~/.ssh/authorized_keys

[2] Transfer the secret key created on the Server to a Client, then it's possbile to login with Key-Pair authentication.
[fedora@www ~]$
mkdir ~/.ssh

[fedora@www ~]$
chmod 700 ~/.ssh
# copy the secret key to the local ssh directory

[fedora@www ~]$
scp fedora@10.0.0.30:/home/fedora/.ssh/id_ecdsa ~/.ssh/

fedora@10.0.0.30's password:
id_ecdsa
[fedora@www ~]$
ssh fedora@10.0.0.30

Enter passphrase for key '/home/fedora/.ssh/id_ecdsa':    
# passphrase if you set

Last login: Tue May 7 19:16:49 2018 from www.srv.world
[fedora@www ~]$    
# just logined

[3] If you set [PasswordAuthentication no], it's more secure.
[root@dlp ~]#
vi /etc/ssh/sshd_config
# line 73: change to [no]

PasswordAuthentication
no
[root@dlp ~]#
systemctl restart sshd

SSH Key-Pair Authentication from Windows Client #1
 
It's the example to login to SSH server from Windows Client. It uses Putty on here.
Transfer a secret key to Windows Client first.
[4] Download [Puttygen.exe] from Putty Site and save it under the Putty directory. Next execute it and click [Load] button.
[5] Specify the secret key which you downloaded, then passphrase is required like follows, answer it.
[6] Click [Save private key] button to save it under a folder you like with any file name you like.
[7] Start Putty and open [Connection] - [SSH] - [Auth] on the left menu, then select the [private_key] which was just saved above.
[8] Back to the [Session] on the left menu and connect to the SSH server.
[9] The passphrase is required to login, then answer it. If it's correct, it's possible to login normally like follows.
SSH Key-Pair Authentication from Windows Client #2
[10] If your Windows is Windows 10 Version 1803 or later like here, OpenSSH Client has been implemented as a Windows feature, so it's possbile to authenticate with SSH Key-Pair without Putty and others. Transfer the secret key to your Windows 10 and put it uder the [(logon user home).ssh] folder like follows, then it's ready to use Key-Pair login.
Matched Content