Contents
Public key
1.Create a key pair with RSA
Become an ordinary user and create a key pair with RSA
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
# su – <user name> $ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/<user name>/.ssh/id_rsa): <Enter> Created directory '/home/<user name>/.ssh'. Enter passphrase (empty for no passphrase): ← Any password Enter same passphrase again: ← Any password again Your identification has been saved in /home/<user name>/.ssh/id_rsa. Your public key has been saved in /home/<user name>/.ssh/id_rsa.pub. The key fingerprint is: SHA256:/C+8j0Ykpbqq80ABB/kkbwB8L76MUxmrkBvAsT6OVwg <user name>@Lepard The key's randomart image is: +---[RSA 2048]----+ |*o. | |+=.. . | |.*= . o | |Eo++ . .o . | |o+o.= .So | |++.=. . .. | |+oB.. . o. | |o=o+ . +o | | .o+o. .o+o | +----[SHA256]-----+ |
|
1 2 |
$ mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys $ chmod 600 ~/.ssh/authorized_keys |
2.Private Key Login Settings
|
1 2 3 4 5 6 |
$ su - password: # vi /etc/ssh/sshd_config ●Remove the "#" at the beginning of the line per line 49 #PubkeyAuthentication yes PubkeyAuthentication yes |
Restart SSH
|
1 |
# systemctl restart sshd.service |
Copy the private key to the client PC (using WinSCP) Configure WinSCP settings
①Start WinSCP, set the following in "New Site", and click "Save".
Host name : Server IP address
Port number : SSH port number
User name : User name
Password : User password
Give the connection a name of your choice. ↓
You will return to the following screen and click "Login. ↓
When the following screen appears, click "Update. ↓
In the following screen, enter the user's password in "Password".
Copy the id_rsa in the /home/user/.ssh directory to the desired location on the windows side (select id_rsa, drag it to the left side and copy it).
3.Change to login only with private key
|
1 2 3 4 5 |
# vi /etc/ssh/sshd_config ●Per line 69 Add "PasswordAuthentication no" under "#PasswordAuthentication yes". #PasswordAuthentication yes PasswordAuthentication no |
|
1 |
# systemctl restart sshd.service |
4.Creating a private key using PuTTYgen
Launch Winscp and start puttygen.exe from Tools
Click Load to open the Open File dialog box, change the file type to [ All Files (*. Change the file type to [ All Files (*. *) ] and load the private key id_rsa transferred from the Linux server.
Enter the passphrase that you entered when you created your private key.
When the following message is displayed, click the [ OK ] button.
Click the [ Save private key ] button to save the private key.
In this case, save it as id_rsa.ppk (in Windows).
Connect to an SSH server using a private key
Start Winscp, specify the target server, and open "Edit", "Advanceds", and "Authentication" in that order.
Specify id_rsa.ppk saved in windows in the "Private Key" field.
Enter the passphrase that you entered when you created the private key on the server side.
