Contents
Remote connection with SSH public key cryptography
Creation of public and private key pairs
Create a public/private key pair for a user connecting to a Linux server using OpenSSH.
Use ssh-keygen to create the key pair.
The creation of a public/private key pair is performed with the authority of the user logging in remotely.
If you do not specify the creation destination and file name, id_ed25519 and id_ed25519.pub will be created in /home/(user name)/.ssh/. On the way, also enter the password for the key.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
# su - huong [huong@Lepard~]$ ssh-keygen -t ed25519 Generating public/private ed25519 key pair. Enter file in which to save the key (/home/huong/.ssh/id_ed25519): Created directory '/home/huong/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/huong/.ssh/id_ed25519 Your public key has been saved in /home/huong/.ssh/id_ed25519.pub The key fingerprint is: SHA256:g0vsIkL8LcOzX0JDFacYiIztXtCD+waLWkgPiBJTJT8 huong@Lepard The key's randomart image is: +--[ED25519 256]--+ |oo++o. o.. | |+o++o + o | |o+ oE+ . | |=o+ oo . | |o*o= o+ S | |+ *.=o.. . | |o..B.oo. | |.. .=.o | | ... | +----[SHA256]-----+ |
1 2 3 |
$ cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys $ chmod 600 ~/.ssh/authorized_keys $ chmod 700 ~/.ssh/ |
Save the created private key id_ed25519 to an appropriate location on windows using winSCP.
Start Winscp and click "New Session"
Host name : Server IP Address
Port number : SSH port number
User name : General username
Password : General username Password
「Save」
Site name : Any connection name
Click "OK"
After confirming the server, click "Login".
Click "Update" when the following screen appears
In the following screen, enter the user's password in the "Pasword" field.
When connected, the left column is the server side and the right column is the PC (Windows) side.
Save the file "id_ed25519" in the .ssh directory to an appropriate location on Windows in the right column.
Editing SSH Configuration File
Edit the SSH configuration file to disable password authentication.
This time, instead of being a regular user, su - to become root.
1 2 |
$ su - Password: |
1 2 3 |
# vi /etc/ssh/sshd_config # Line 65 : Uncommented and changed to password authentication disabled. PasswordAuthentication no |
sshd service restart
1 |
# systemctl restart sshd |
How to connect with Tera Term
Start Tera Term, and select "File" menu "New connection"
Host : Server IP Address
TCP port : SSH Port
If you get the following security warning "Replace…. and click "Continue".
User name : Login User Name
Password :Password specified in the creation of a public/private key pair
Set "id_ed25519" saved in Windows to "Private key file:" in "Use RSA/DSA/ECDSA/ED25519 key to log in"
Creating a private key using PuTTYgen
Start Winscp, select the appropriate server, and launch Run PuTTYgen from Tools.
Select the appropriate server
Click "Load"
[ Open File Dialog ], change the file type to [ All Files (. Change the file type to [ All Files (. *) ] and load the private key id_ed25519 transferred from the Linux server.
Enter the passphrase you entered when you created the private key on the server side
Click the [ Save private key ] button to save the private key.
Here we save it as id_ed25519.ppk (in Windows).
Select the appropriate server and click "Edit"
Click on "Advanced"
Open the "Authentication" menu and specify "id_ed25519.ppk" saved in Windows for "Private key file"
Click "Save"
Click on "Login"
The password is the password set in "Creating a public and private key pair" above
When connecting with Tera Term
In the "Use RSA/DSA/ECDSA/…" field.
Specify "id_ed25519.ppk" saved in window