Click here for "Safe Air Conditioner Repair and Proper Freon Recovery".

Fedora35 : SSH public key cipher setting

SSH public key cipher setting

Create an SSH private key on Windows and an SSH public key on the server to allow login by key pair authentication.

1.Create key pair with ECDSA

Become an ordinary user and create a key pair in ECDSA
# su – <user name>
$ ssh-keygen -t ecdsa
Generating public/private ecdsa key pair.
Enter file in which to save the key (/home/huong/.ssh/id_ecdsa):<Enter>
Created directory '/home/huong/.ssh'.
Enter passphrase (empty for no passphrase):  ← Enter any password
Enter same passphrase again:  ← Enter the same password again.
Your identification has been saved in /home/<user name>/.ssh/id_ecdsa.
Your public key has been saved in /home/<user name>/.ssh/id_ecdsa.pub.
The key fingerprint is:
SHA256:/C+8j0Ykpbqq80ABB/kkbwB8L76MUxmrkBvAsT6OVwg <user name>@fedora
The key's randomart image is:
+---[ECDSA 256]----+
oo=====++=|
| o ==.+*o+|
| ++E=.o+ |
| oo+++o .|
| S ..oo. |
| oo . |
| o o |
| + = |
| .+.o.o
+----[SHA256]-----+
$ mv ~/.ssh/id_ecdsa.pub ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys

2.Private Key Login Settings

$ su -
Password:
# vi /etc/ssh/sshd_config
■Delete "#" at the beginning of the line per line 46
Before change)
#PubkeyAuthentication yes
After change)
PubkeyAuthentication yes
Restart SSH
# systemctl restart sshd.service

Copy the private key to the client PC (using WinSCP) Set up WinSCP
①Start WinSCP, configure the following settings in "New Site" and click "Save"

Host name : Server IP Address
Port number :  SSH port number
User name : General username
Password :  General username Password

Any connection name ↓

You will be returned to the following screen.「Login」  ↓

If the following screen appears, say "Yes."   ↓

In the following screen, enter the user's password in the "Pasword" field.

Copy id_ecdsa in "/home/<user name>/.ssh" directory to any location on the windows side.(Select id_ecdsa, drag & copy to the left)

3.Change to log in only with private key

# vi /etc/ssh/sshd_config
■Per line 66
Add "PasswordAuthentication no" under "#PasswordAuthentication yes"
#PasswordAuthentication yes
PasswordAuthentication no
Restart SSH
# systemctl restart sshd.service

3.Creating a private key using PuTTYgen

Start Winscp, select the appropriate server, and launch Run PuTTYgen from Tools.

Click Load [ Open File Dialog ], change the file type to [ All Files (*. Change the file type to [ All Files (*. *) ] and load the private key id_ecdsa transferred from the Linux server.

Enter the passphrase you entered when you created the private key on the server side

Click the [ OK ] button when the following appears


Click the [ Save private key ] button to save the private key.

Here we save it as id_ecdsa.ppk (in Windows).

Connect to SSH server with private key
Start Winscp, specify the target server, open "Edit", "Advanced", and "Authentication".
Specify id_ecdsa.ppk saved in windows in the "Private key file" field.

Enter the passphrase you entered when you created the private key on the server side

This completes the security configuration for the SSH service.

タイトルとURLをコピーしました