OpenSSH : SSH Key-Pair Authentication2021/07/19 |
Configure SSH server to login with Key-Pair Authentication.
Create a private key for client and a public key for server to do it. |
|
[1] | Create Key-Pair by each user, so login with a common user on SSH Server Host and work like follows. |
# create key-pair [rocky@dlp ~]$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/rocky/.ssh/id_rsa): Created directory '/home/rocky/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/rocky/.ssh/id_rsa. Your public key has been saved in /home/rocky/.ssh/id_rsa.pub. The key fingerprint is: SHA256:TX8wjljDBsrx7FWYGDbuu/LV8T0RV+BoF/+Ju8WDkFU rocky@dlp.srv.world The key's randomart image is: ..... .....[rocky@dlp ~]$ ll ~/.ssh total 8 -rw-------. 1 rocky rocky 2655 Jul 16 19:04 id_rsa -rw-r--r--. 1 rocky rocky 573 Jul 16 19:04 id_rsa.pub[rocky@dlp ~]$ mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys |
[2] | Transfer the private key created on the Server to a Client, then it's possbile to login with Key-Pair authentication. |
# transfer the private key to the local ssh directory [rocky@node01 ~]$ scp rocky@dlp.srv.world:/home/rocky/.ssh/id_rsa ~/.ssh/ rocky@dlp.srv.world's password: id_rsa 100% 1876 193.2KB/s 00:00[rocky@node01 ~]$ ssh rocky@dlp.srv.world
Enter passphrase for key '/home/rocky/.ssh/id_rsa': # passphrase if you set
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Fri Jul 16 19:04:27 2021
[rocky@dlp ~]$ # logined |
[3] | If you set [PasswordAuthentication no], it's more secure. |
[root@dlp ~]#
vi /etc/ssh/sshd_config # line 70 : change to [no] PasswordAuthentication no
# line 74 : ChallengeResponseAuthentication is set [no] by default Rocky Linux, # but if it's enabled, change it to [no], too # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes ChallengeResponseAuthentication no systemctl restart sshd |
SSH Key-Pair Authentication on Windows Client #1
|
This is the example to login to SSH server from Windows Client.
On this example, it uses Putty. Before it, Transfer a private key to Windows Client. |
|
[4] | Run [Puttygen.exe] that is included in [Putty]. (placed in the same folder with [Putty.exe]) If not included, Download it from the official site (www.chiark.greenend.org.uk/~sgtatham/putty/). After starting [Puttygen.exe], Click [Load] button on the following window. |
[5] | Specify the private key that you transfered from SSH server, then passphrase is required like follows, answer it. (if not set passphrase, this step is skipped) |
[6] | Click the [Save private key] button to save it under a folder you like with any file name you like. |
[7] | Start Putty and Open [Connection] - [SSH] - [Auth] on the left pane, then specify your private key on the [Private key file] field. |
[8] | Back to the [Session] on the left pane and specify your SSH server host to Connect. |
[9] | When SSH key-pair is set, the passphrase if it is set is required to login like follows, then answer it. |
SSH Key-Pair Authentication on Windows #2
|
[10] | If you are using Windows 10 Version 1803 or later like here [8], OpenSSH Client has been implemented as a Windows feature, so it's possbile to authenticate with SSH Key-Pair without Putty and other 3rd party softwares. Transfer your private key to your Windows 10 and put it under the [(logon user home).ssh] folder like follows, then it's ready to use Key-Pair authentication. |
Sponsored Link |
|