CentOS 7
Ads

SSH Keys Authentication
2014/07/29
 
Configure SSH server to login with Keys Authentication. Create a private key for client and a public key for server to do it.
[1] Create key pair for each user, so login with a common user and work it like follows.
# create key pair

[cent@dlp ~]$
ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/cent/.ssh/id_rsa):  
# Enter

Created directory '/home/cent/.ssh'.
Enter passphrase (empty for no passphrase):  
# set passphrase (set no passphrase to Enter with empty)

Enter same passphrase again:
Your identification has been saved in /home/cent/.ssh/id_rsa.
Your public key has been saved in /home/cent/.ssh/id_rsa.pub.
The key fingerprint is:
38:f1:b4:6d:d3:0e:59:c8:fa:1d:1d:48:86:f0:fe:74 cent@dlp.srv.world
The key's randomart image is:

[cent@dlp ~]$
mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys

[cent@dlp ~]$
chmod 600 ~/.ssh/authorized_keys

[2] Transfer the secret key created on the Server to a Client, then it's possbile to login with keys authentication.
[cent@www ~]$
mkdir ~/.ssh

[cent@www ~]$
chmod 700 ~/.ssh
# copy the secret key to local ssh directory

[cent@www ~]$
scp cent@10.0.0.30:/home/cent/.ssh/id_rsa ~/.ssh/

cent@10.0.0.30's password:
id_rsa
[cent@www ~]$
ssh -i ~/.ssh/id_rsa cent@10.0.0.30

Enter passphrase for key '/home/cent/.ssh/id_rsa':  
# passphrase

Last login: Wed Jul 30 21:37:19 2014 from www.srv.world
[cent@dlp ~]$  
# just logined

[3] If you set "PasswordAuthentication" no, it's more secure.
[root@dlp ~]#
vi /etc/ssh/sshd_config
# line 78: turn to "no"

PasswordAuthentication
no
# line 83: make sure the value is "no"

ChallengeResponseAuthentication no
# line 110: make sure the value is "yes"

UsePAM yes
[root@dlp ~]#
systemctl restart sshd

SSH Keys Auth from Windows Client
 
It's the example to login to SSH server from Windows Client. It uses Putty on here.
Transfer a secret key to Windows Client first.
[4] Download "Puttygen.exe" from Putty Site and save it under the Putty directory. Next execute it and click "Load" button.
[5] Specify the secret key which you downloaded, then passphrase is required like follows, answer it.
[6] Click "Save private key" button to save it under a folder you like with any file name you like.
[7] Start Putty and open [Connection]-[SSH]-[Auth] on the left menu, then select the "private_key" which was just saved above.
[8] Back to the [Session] on the left menu and connect to the SSH server.
[9] The passphrase is required to input, then answer it. If it's correct passphrase, it's possible to login normally like follows.
 
Tweet