Contents
SSH connection with authentication using RSA public key cryptography
Create public and private key pairs
Create a public/private key pair for a user connecting to a Linux server using OpenSSH.
Use ssh-keygen to create the key pair.
This time, we will create a key set using the RSA cipher used in the SSH protocol Version 2.
Creation of public/private key pairs is performed with remote login user privileges (huong).
If you do not specify the destination and file name, id_rsa and id_rsa.pub will be created in /home/huong/.ssh/. On the way, enter the password for the key.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
# su - huong [huong@Lepard~]$ /usr/bin/ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/huong/.ssh/id_rsa): [Enter] Created directory '/home/huong/.ssh'. Enter passphrase (empty for no passphrase): [Password] Enter same passphrase again: [again Password] Your identification has been saved in /home/huong/.ssh/id_rsa. Your public key has been saved in /home/huong/.ssh/id_rsa.pub. The key fingerprint is: SHA256:/s3sLJJXH+7Ul01UDQplwwd/PkzQ6fqn7OmEWCen/6g huong@Lepard The key's randomart image is: +---[RSA 2048]----+ | .o=oo.+| | o.+ooo| | ..o.o| | o= | | S o +oo| | . o.B.o+| | ....oo+o+| | o.o= =o+o| | o.oE=Xoo| +----[SHA256]-----+ |
|
1 2 |
$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys $ chmod 600 ~/.ssh/authorized_keys |
Using Winscp or similar, save the private key (~/.ssh/id_rsa) in an appropriate location on Windows.
Start Winscp and click [New Session].
Host name : Server IP Address
Port number : SSH Port
User name : Server Login User
Password : Password for the same user
「Save」
Site name : Any name
「OK」click
After confirming the server, click "Login".
Click "Update" when the following screen appears
Password of the logged-in user in the Password field
When connected, the right column is the server side and the left column is the PC (Windows) side.
Drag and drop "id.rsa" under /home/huong/.ssh on the server side to the left column Windows and save it.
Edit SSH configuration file
Edit the SSH configuration file to disable password authentication.
This time, use su - to become root instead of a normal user.
|
1 2 3 4 5 6 |
$ su - Password: # vi /etc/ssh/sshd_config # Line 66 : Changed to no password authentication PasswordAuthentication no # systemctl restart sshd |
How to connect with Tera Term
Start Tera Term, and select "File" menu "New connection"
Host : Server IP Address
TCP port : SSH Port
If you get the following security warning "Replace…". and click "Continue".
User name : Login User Name
Password :Password specified in the creation of a public/private key pair
Check the "Use RSA/DSA…." checkbox. and in the "Private key file" field, specify the "id_rsa" that you just saved in windows.
Creating a private key using PuTTYgen
Start Winscp and launch Run Puttygen from "Tools".
Select the appropriate server
Click Load
The [ Open File Dialog ] will open, change the file type to [ All Files (*. *)] and load the private key id_rsa transferred from the Linux server.
The password is the password set in "Creating a public and private key pair" above
Click on "Sve private key"
Save the private key file to windows, file name is "id_rsa.ppk"
Select the appropriate server and click "Edit"
Click on "Advanced"
Select "Authentication" and specify the "id_rsa.ppk" file saved by windows in the "Private key file" field.
Click "Save"
Click on "Login"
The password is the password set in "Creating a public and private key pair" above
When connecting with Tera Term, use the following
Use RSA/DSA/ECDSA/…" Specify "id_rsa.ppk" saved in windows in the "Use RSA/DSA/ECDSA/…" field.
