Contents
Create public and private key pairs
Create a public/private key pair for a user connecting to a Linux server using OpenSSH.
Use ssh-keygen to create the key pair.
This time, we will create a key set using the RSA cipher used in the SSH protocol Version 2.
The creation of a public/private key pair is performed with remote login user privileges (e.g., huong).
If you do not specify the destination and file name, id_ed25519 and id_ed25519.pub will be created in /home/huong/.ssh/. On the way, enter the password for the key.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
# su - huong huong@Lepard:~$ ssh-keygen -t ed25519 Generating public/private ed25519 key pair. Enter file in which to save the key (/home/huong/.ssh/id_ed25519): Created directory '/home/huong/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/huong/.ssh/id_ed25519 Your public key has been saved in /home/huong/.ssh/id_ed25519.pub The key fingerprint is: SHA256:KZJJgogFABx2SzuxPzEpFaTwphsmeHiv31fLrnJV6NU huong@Lepard The key's randomart image is: +--[ED25519 256]--+ |B=o+.+. | |++= B . | |+ .X.+ . . | |..oo+oo .. o E | |++o +o. S. o | |ooo. ... + | | . . + . | | . .. o o | | ... .+.o. | +----[SHA256]-----+ |
1 2 3 |
$ chmod 700 ~/.ssh $ cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys $ chmod 600 ~/.ssh/authorized_keys |
Use Winscp or other means to save the private key (~/.ssh/id_ed25519) in an appropriate location on Windows.
Start Winscp
Host name : Server IP Address
Port number : SSH Port
User name : Server Login User
Password : Password for the same user
「Save」
![](https://korodes.com/wp-content/uploads/2023/12/a0b16f36aa60d8931a4568ca1b5bd26e.png)
Site name : Name the connection with any name.
Click "OK"
![](https://korodes.com/wp-content/uploads/2023/12/c23ff17dbbe07b3828989a842d9cfdac.png)
Click "Login" to return to the following screen.
![](https://korodes.com/wp-content/uploads/2023/12/f0c96f6459a7a21a38b6a30c0fb518fd.png)
If the following screen appears, click "Update".
![](https://korodes.com/wp-content/uploads/2023/12/90d955b146933f2d2a0edb61aa628f31.png)
In the following screen, enter the user's password in the "Pasword" field.
![](https://korodes.com/wp-content/uploads/2023/12/16a778525e480a2675f90d19fd3a534e.png)
When connected, the left column is the server side and the right column is the PC (Windows) side.
Save the file “id_ed25519” in the .ssh directory to a suitable location on Windows in the right column.
![](https://korodes.com/wp-content/uploads/2024/04/c2186a28b9bc222f65434673672d7b22.jpg)
Change to log in only with private key
Edit the SSH configuration file to disable password authentication.
su - to become root.
1 2 3 4 5 6 7 8 9 |
$ su - Password: # vi /etc/ssh/sshd_config # Per Line 58 #PasswordAuthentication yes ← Uncomment by deleting # at the beginning of the line and change to the following PasswordAuthentication no # systemctl restart sshd |
How to connect with Tera Term
Start Tera Term, and select "File" menu "New connection
![](https://korodes.com/wp-content/uploads/2023/12/d940d933e7bbcc1ce6db975ad391ad98.png)
Host : Server IP Address
TCP port : SSH Port number
![](https://korodes.com/wp-content/uploads/2023/12/67c7940af7fc16acf6024d6977363108.png)
If you get the following security warning "Replace.... "check the box and "Continue".
![](https://korodes.com/wp-content/uploads/2023/12/877b9cd6bc9479bb88334d90d21c9ac0.png)
User name : Login username
Password :Password specified in the creation of a public/private key pair
Check the "Use RSA/DSA...." checkbox. and in the "Private key file" field, specify the "id_ed25519" that you just saved in windows.
![](https://korodes.com/wp-content/uploads/2023/12/f42dc1fb31e7159d9ca27b70d5f35d90.png)
Creating a private key using PuTTYgen
Start Winscp and launch "Run Puttygen" from "Tools".
Select the appropriate server
![](https://korodes.com/wp-content/uploads/2023/12/57bdadcfc764acd67a2e0c7825c7d6d7.png)
Click Load
![](https://korodes.com/wp-content/uploads/2023/12/ce62f27f25d5355247007e789c729fa0.png)
The [ Open File Dialog ] will open, change the file type to [ All Files (*. *)] and load the private key id_ed25519 transferred from the Linux server.
![](https://korodes.com/wp-content/uploads/2023/12/c329e197afacb4b17e1ead607261c2ae.png)
Enter the passphrase you entered when you created the private key on the server side
![](https://korodes.com/wp-content/uploads/2023/12/535aa8b0aecec3c9d017c2d2af85438f.png)
![](https://korodes.com/wp-content/uploads/2023/12/188a8992e7d283b19af82888e9c611a3.png)
Click the [ Save private key ] button to save the private key.
![](https://korodes.com/wp-content/uploads/2023/12/ec44aa6120427a19a5319c56c75b263d.png)
Save it here as id_ed25519.ppk (in Windows).
![](https://korodes.com/wp-content/uploads/2023/12/c5792a5adc825dbc3f55ae71cef26b09.png)
Select the appropriate server and click "Edit"
![](https://korodes.com/wp-content/uploads/2023/12/6a7ae3c32cc7edd84399c42ee5beec61.png)
Click on "Advanced"
![](https://korodes.com/wp-content/uploads/2023/12/f92e648cd04d3a9e690bf65f71748bd2.png)
Open the "Authentication" menu and specify "id_ed25519.ppk" saved in Windows for "Private key file
![](https://korodes.com/wp-content/uploads/2023/12/0fa603cba441b25b57c74dc09b1ce62d.png)
Click "Save"
![](https://korodes.com/wp-content/uploads/2023/12/07543e5a8974fb398b509e03f88ce51c.png)
Click on "Login"
![](https://korodes.com/wp-content/uploads/2023/12/c782c98d887696eb8e4f52616a092dde.png)
The password is the password set in "Creating a public and private key pair" above
![](https://korodes.com/wp-content/uploads/2023/12/a7c3a5364fff87f692c316c749c9714b.png)
When connecting with Tera Term
"Use RSA/DSA/ECDSA/…"
Specify "id_ed25519.ppk" saved in windows
![](https://korodes.com/wp-content/uploads/2023/12/3741557e111e17badc6cfe7c6fc09a96.png)