SSH Key-Pair Authentication

Create Key-Pair by each user, so login with a common user on SSH Server Host and work like follows.

# create key-pair
debian@dlp:~$ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/debian/.ssh/id_rsa): # Enter or input changes if you want
Created directory '/home/debian/.ssh'.
Enter passphrase (empty for no passphrase): # set passphrase (if set no passphrase, Enter with empty)
Enter same passphrase again:
Your identification has been saved in /home/debian/.ssh/id_rsa
Your public key has been saved in /home/debian/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:H+lFm+3c93VekrLiFCYAwoWDUVs43s4JEze8wr8QzG8 debian@dlp.srv.world
The key's randomart image is:
.....
.....

debian@dlp:~$ll ~/.ssh

total 8
-rw------- 1 debian debian 2655 Aug 17 13:48 id_rsa
-rw-r--r-- 1 debian debian 574 Aug 17 13:48 id_rsa.pub
debian@dlp:~$mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys

Transfer the private key created on the Server to a Client, then it’s possible to login with Key-Pair authentication. Below is an example to connect from a linux shell.

debian@node01:~$mkdir ~/.ssh
debian@node01:~$chmod 700 ~/.ssh
# transfer the private key to the local ssh directory
debian@node01:~$scp debian@dlp.srv.world:/home/debian/.ssh/id_rsa ~/.ssh/
debian@dlp.srv.world's password:
id_rsa 100% 2655 2.0MB/s 00:00

Now login:

debian@node01:~$ssh debian@dlp.srv.world

Enter passphrase for key '/home/debian/.ssh/id_rsa': # passphrase if you set
Linux dlp.srv.world 5.10.0-8-amd64 #1 SMP Debian 5.10.46-4 (2021-08-03) x86_64
.....
.....

debian@dlp:~$  # logined

If you set [PasswordAuthentication no], it’s more secure.

root@dlp:~#vi /etc/ssh/sshd_config
# line 58 : change to [no]
PasswordAuthenticationno
root@dlp:~#systemctl restart ssh

SSH Key-Pair Authentication on Windows Client #1

This is the example to login to SSH server from Windows Client. It uses Putty on this example. Before it, Transfer a private key to Windows Client.

Run [Puttygen.exe] that is included in [Putty]. (placed in the folder [Putty.exe] is also placed). If not included, Download it from official site (www.chiark.greenend.org.uk/~sgtatham/putty/). After starting [Puttygen.exe], Click [Load] button on the following window.

Specify the private key that you transfered from SSH server, then passphrase is required like follows, answer it. (if not set passphrase, this step is skipped)

Click [Save private key] button to save it under a folder you like with any file name you like.

Start Putty and Open [Connection] – [SSH] – [Auth] on the left pane, then specify your private key on the [Private key file] field.

Back to the [Session] on the left pane and specify your SSH server host to Connect.

When SSH key-pair is set, the passphrase if it is set is required to login like follows, then answer it.

SSH Key-Pair Authentication on Windows #2

On Windows 10 Version 1803 or later, OpenSSH Client has been implemented as a Windows feature, so it’s possbile to authenticate with SSH Key-Pair without Putty and other 3rd party softwares. Transfer your private key to your Windows 10 and put it under the [(logon user home).ssh] folder like follows, then it’s ready to use Key-Pair authentication.

Src: https://www.server-world.info/en/note?os=Debian_11&p=ssh&f=4

Share

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.