Debian11.3 : SSH public key cryptosystem

RSA SSH connection with authentication using public key cryptography

Create public and private key pairs

Create a public/private key pair for a user connecting to a Linux server using OpenSSH.
Use ssh-keygen to create the key pair.
This time, we will create a key set using the RSA cipher used in the SSH protocol Version 2.
The creation of a public/private key pair is performed with remote login user privileges (e.g., huong).
If you do not specify the destination and file name, id_rsa and id_rsa.pub will be created in /home/huong/.ssh/. On the way, enter the password for the key.

# su - huong
huong@debian:~$ /usr/bin/ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/huong/.ssh/id_rsa):  ←enter
Enter passphrase (empty for no passphrase): ←Any password
Enter same passphrase again:  ←Same password again
Your identification has been saved in /home/huong/.ssh/id_rsa
Your public key has been saved in /home/huong/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:+5y+1HQyhqfImQ3t2Lb+PeN5cUfoduddZr2QjEMzFXE huong@ubuntu22
The key's randomart image is:
+---[RSA 3072]----+
| ooE |
| .. |
| . . |
| . = . .|
| S + @.o..|
| . @ O Bo.X|
| B B o..=O|
| = o .oo+|
| oOo..++ |
+----[SHA256]-----+
$ chmod 700 ~/.ssh

$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys

Use Winscp or other means to save the private key (~/.ssh/id_rsa) in an appropriate location on Windows.
Start Winscp
Host name  : Server IP Address
Port number : SSH Port
User name : Server Login User
Password : Password for the same user
「Save」

Site name : Any name
「OK」

After confirming the server, click "Login".

Click "Update" when the following screen appears

Password of the logged-in user in the Password field

When connected, the right column is the server side and the left column is the PC (Windows) side.
Drag and drop "id.rsa" under /home/huong/.ssh on the server side to the left column Windows and save it.

Edit SSH configuration file

Edit the SSH configuration file to disable password authentication.
This time, instead of being an ordinary user, su - to become root.

$ su -
Password:
# vi /etc/ssh/sshd_config
# Per line 59.
#PasswordAuthentication yes ← Uncomment by deleting # at the beginning of the line and change to the following
PasswordAuthentication no
# systemctl restart sshd

How to connect with Tera Term

Start Tera Term, and select "File" menu "New connection

Host : Server IP Address
TCP port : SSH Port number

If you get the following security warning "Replace.... "check the box and "Continue".

User name : Login username
Password :Password specified in the creation of a public/private key pair
Check the "Use RSA/DSA...." checkbox. and in the "Private key file" field, specify the "id_rsa" that you just saved in windows.

Creating a private key using PuTTYgen

Start Winscp and launch "Run Puttygen" from "Tools".

Select the appropriate server

Click Load

The [ Open File Dialog ] will open, change the file type to [ All Files (*. *)] and load the private key id_rsa transferred from the Linux server.

The password is the password set in "Creating a public and private key pair" above

Save the private key file to windows, file name is "id_rsa.ppk"

Select the appropriate server and click "Edit

Click on "Advanced"

Select "Authentication" and specify the "id_rsa.ppk" file saved by windows in the "Private key file" field.

Click "Save"

Click "Login"

The password is the password set in "Creating a public and private key pair" above

When connecting with Tera Term, use the following
Use RSA/DSA/ECDSA/..." Specify "id_rsa.ppk" saved in windows in the "Use RSA/DSA/ECDSA/..." field.



 

タイトルとURLをコピーしました