Fedora 31
Sponsored Link

OpenSSH : SSH Key-Pair Authentication
2019/11/12
 
Configure SSH server to login with Key-Pair Authentication.
Create a private key for client and a public key for server to do it.
[1] Create Key-Pair by each user, so login with a common user on SSH Server Host and work like follows.
# create key-pair

[fedora@dlp ~]$
ssh-keygen

Generating public/private rsa key pair.
Enter file in which to save the key (/home/fedora/.ssh/id_rsa): # Enter or input changes if you want
Created directory '/home/fedora/.ssh'.
Enter passphrase (empty for no passphrase): # set passphrase (if set no passphrase, Enter with empty)
Enter same passphrase again:
Your identification has been saved in /home/fedora/.ssh/id_rsa.
Your public key has been saved in /home/fedora/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:N64p0kXAaqN/dFCdNz7IDnqm0vOTSDihz+yr2kXjyKQ fedora@dlp.srv.world
The key's randomart image is:
.....
.....

[fedora@dlp ~]$
ll ~/.ssh

total 8
-rw-------. 1 fedora fedora 2655 Nov 11 18:38 id_rsa
-rw-r--r--. 1 fedora fedora  574 Nov 11 18:38 id_rsa.pub

[fedora@dlp ~]$
mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys

[2] Transfer the private key created on the Server to a Client, then it's possbile to login with Key-Pair authentication.
[fedora@node01 ~]$
mkdir ~/.ssh

[fedora@node01 ~]$
chmod 700 ~/.ssh
# transfer the private key to the local ssh directory

[fedora@node01 ~]$
scp fedora@dlp.srv.world:/home/fedora/.ssh/id_rsa ~/.ssh/

fedora@dlp.srv.world's password:
id_rsa                                        100% 1876   193.2KB/s   00:00

[fedora@node01 ~]$
ssh fedora@dlp.srv.world

Enter passphrase for key '/home/fedora/.ssh/id_rsa':   # passphrase if you set
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Mon Nov 11 18:38:51 2019
[fedora@dlp ~]$  
# logined

[3] If you set [PasswordAuthentication no], it's more secure.
[root@dlp ~]#
vi /etc/ssh/sshd_config
# line 73: change to [no]

PasswordAuthentication
no
[root@dlp ~]#
systemctl restart sshd

SSH Key-Pair Authentication on Windows Client #1
 
This is the example to login to SSH server from Windows Client.
On this example, it shows with Putty.
Before it, Transfer a private key to Windows Client.
[4] Run [Puttygen.exe] that is included in [Putty]. (placed in the folder [Putty.exe] is also placed)
If not included, Download it from official site (www.chiark.greenend.org.uk/~sgtatham/putty/).
After starting [Puttygen.exe], Click [Load] button on the following window.
[5] Specify the private key that you transfered from SSH server, then passphrase is required like follows, answer it. (if not set passphrase, this step is skipped)
[6] Click [Save private key] button to save it under a folder you like with any file name you like.
[7] Start Putty and Open [Connection] - [SSH] - [Auth] on the left pane, then specify your private key on the [Private key file] field.
[8] Back to the [Session] on the left pane and specify your SSH server host to Connect.
[9] When SSH key-pair is set, the passphrase if it is set is required to login like follows, then answer it.
SSH Key-Pair Authentication on Windows #2
[10] If you are using Windows 10 Version 1803 or later like here [8], OpenSSH Client has been implemented as a Windows feature, so it's possbile to authenticate with SSH Key-Pair without Putty and other 3rd party softwares. Transfer your private key to your Windows 10 and put it under the [(logon user home).ssh] folder like follows, then it's ready to use Key-Pair authentication.
Matched Content