SSH Key-Pair Authentication Rumi, September 3, 2022 Create Key-Pair by each user, so login with a common user on SSH Server Host and work like follows. # create key-pair debian@dlp:~$ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/debian/.ssh/id_rsa): # Enter or input changes if you want Created directory '/home/debian/.ssh'. Enter passphrase (empty for no passphrase): # set passphrase (if set no passphrase, Enter with empty) Enter same passphrase again: Your identification has been saved in /home/debian/.ssh/id_rsa Your public key has been saved in /home/debian/.ssh/id_rsa.pub The key fingerprint is: SHA256:H+lFm+3c93VekrLiFCYAwoWDUVs43s4JEze8wr8QzG8 debian@dlp.srv.world The key's randomart image is: ..... ..... debian@dlp:~$ll ~/.ssh total 8 -rw------- 1 debian debian 2655 Aug 17 13:48 id_rsa -rw-r--r-- 1 debian debian 574 Aug 17 13:48 id_rsa.pub debian@dlp:~$mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys Transfer the private key created on the Server to a Client, then it’s possible to login with Key-Pair authentication. Below is an example to connect from a linux shell. debian@node01:~$mkdir ~/.ssh debian@node01:~$chmod 700 ~/.ssh # transfer the private key to the local ssh directory debian@node01:~$scp debian@dlp.srv.world:/home/debian/.ssh/id_rsa ~/.ssh/ debian@dlp.srv.world's password: id_rsa 100% 2655 2.0MB/s 00:00 Now login: debian@node01:~$ssh debian@dlp.srv.world Enter passphrase for key '/home/debian/.ssh/id_rsa': # passphrase if you set Linux dlp.srv.world 5.10.0-8-amd64 #1 SMP Debian 5.10.46-4 (2021-08-03) x86_64 ..... ..... debian@dlp:~$ # logined If you set [PasswordAuthentication no], it’s more secure. root@dlp:~#vi /etc/ssh/sshd_config # line 58 : change to [no] PasswordAuthenticationno root@dlp:~#systemctl restart ssh SSH Key-Pair Authentication on Windows Client #1 This is the example to login to SSH server from Windows Client. It uses Putty on this example. Before it, Transfer a private key to Windows Client. Run [Puttygen.exe] that is included in [Putty]. (placed in the folder [Putty.exe] is also placed). If not included, Download it from official site (www.chiark.greenend.org.uk/~sgtatham/putty/). After starting [Puttygen.exe], Click [Load] button on the following window. Specify the private key that you transfered from SSH server, then passphrase is required like follows, answer it. (if not set passphrase, this step is skipped) Click [Save private key] button to save it under a folder you like with any file name you like. Start Putty and Open [Connection] – [SSH] – [Auth] on the left pane, then specify your private key on the [Private key file] field. Back to the [Session] on the left pane and specify your SSH server host to Connect. When SSH key-pair is set, the passphrase if it is set is required to login like follows, then answer it. SSH Key-Pair Authentication on Windows #2 On Windows 10 Version 1803 or later, OpenSSH Client has been implemented as a Windows feature, so it’s possbile to authenticate with SSH Key-Pair without Putty and other 3rd party softwares. Transfer your private key to your Windows 10 and put it under the [(logon user home).ssh] folder like follows, then it’s ready to use Key-Pair authentication. Src: https://www.server-world.info/en/note?os=Debian_11&p=ssh&f=4 Collected Articles PuttygenSSHSSH Authentication