Contents
SSH connection with authentication using RSA public key cryptography
Creation of public and private key pairs
Create a public/private key pair for a user connecting to a Linux server using OpenSSH.
Use ssh-keygen to create the key pair.
This time, we will create a key set using the RSA cipher used in the SSH protocol Version 2.
The creation of a public/private key pair is performed with remote login user privileges (huong).
If you do not specify the destination and file name, id_rsa and id_rsa.pub will be created in /home/huong/.ssh/. On the way, enter the password for the key.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
# su - huong [huong@Alma~]$ /usr/bin/ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/huong/.ssh/id_rsa): Enter Created directory '/home/huong/.ssh'. Enter passphrase (empty for no passphrase): Password Enter same passphrase again: Password again Your identification has been saved in /home/huong/.ssh/id_rsa. Your public key has been saved in /home/huong/.ssh/id_rsa.pub. The key fingerprint is: SHA256:/s3sLJJXH+7Ul01UDQplwwd/PkzQ6fqn7OmEWCen/6g huong@rocky The key's randomart image is: +---[RSA 3072]----+ | .o=oo.+| | o.+ooo| | ..o.o| | o= | | S o +oo| | . o.B.o+| | ....oo+o+| | o.o= =o+o| | o.oE=Xoo| +----[SHA256]-----+ $ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys $ chmod 600 ~/.ssh/authorized_keys |
Use Winscp or other means to save the private key (~/.ssh/id_rsa) in an appropriate location on Windows.
Start Winscp
Host name : Server IP Address
Port number : SSH Port number
User name : Server Login User name
Password : Password for the same user
Click "Save"
Site name : Any name
Click "OK"
After confirming the server, click "Login".
Click "Update" when the following screen appears
Password of the logged-in user in the Password field
When connected, the right column is the server side and the left column is the PC (Windows) side.
Drag and drop "id.rsa" under /home/huong/.ssh on the server side to the left column Windows and save it.
Editing SSH Configuration File
Edit the SSH configuration file to disable password authentication.
This time, instead of being an ordinary user, "su -" to become root.
|
1 2 3 4 5 6 |
$ su - Password: # vi /etc/ssh/sshd_config # Line 71 : Change to password authentication disabled PasswordAuthentication no # systemctl restart sshd |
How to connect with Tera Term
Start Tera Term, and select "File" menu "New connection"
Host : Server IP Address
TCP port : SSH Port number
If you get the following security warning "Replace...." and click "Continue".
User name : Login User Name
Password :Password specified in the creation of a public/private key pair
Check the "Use RSA/DSA...." checkbox. and in the "Private key file" field, specify the "id_rsa" that you just saved in windows.
Creating a private key using PuTTYgen
Start Winscp, select the server, and run Puttygen from "Tools".
該当サーバーを選択
Click "Load"
The [ Open File Dialog ] will open, change the file type to [ All Files (*. *)] and read the private key "id_rsa" transferred from the Linux server.
The password is the password set in "Creating a public and private key pair" above
Click on "Sve private key"
Save the private key file to windows, file name is "id_rsa.ppk"
Select the appropriate server and click "Edit"
Click on "Advanced"
Select "Authentication" and specify the "id_rsa.ppk" file saved by windows in the "Private key file" field.
Click "Save"
Click on "Login"
The password is the password set in "Creating a public and private key pair" above
When connecting with Tera Term
"Use RSA/DSA/ECDSA/..." Specify "id_rsa.ppk" saved in windows in the "Use RSA/DSA/ECDSA/..." field.
