Contents [Open]
Public key
1.Create a key pair with RSA
Become an ordinary user and create a key pair with RSA
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
# su – <user name> $ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/<user name>/.ssh/id_rsa): <Enter> Created directory '/home/<user name>/.ssh'. Enter passphrase (empty for no passphrase): ← Any password Enter same passphrase again: ← Any password again Your identification has been saved in /home/<user name>/.ssh/id_rsa. Your public key has been saved in /home/<user name>/.ssh/id_rsa.pub. The key fingerprint is: SHA256:/C+8j0Ykpbqq80ABB/kkbwB8L76MUxmrkBvAsT6OVwg <user name>@Lepard The key's randomart image is: +---[RSA 2048]----+ |*o. | |+=.. . | |.*= . o | |Eo++ . .o . | |o+o.= .So | |++.=. . .. | |+oB.. . o. | |o=o+ . +o | | .o+o. .o+o | +----[SHA256]-----+ |
|
1 2 |
$ mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys $ chmod 600 ~/.ssh/authorized_keys |
2.Private Key Login Settings
|
1 2 3 4 5 6 |
$ su - password: # vi /etc/ssh/sshd_config ●Remove the "#" at the beginning of the line per line 49 #PubkeyAuthentication yes PubkeyAuthentication yes |
Restart SSH
|
1 |
# systemctl restart sshd.service |
Copy the private key to the client PC (using WinSCP) Configure WinSCP settings
①Start WinSCP, set the following in "New Site", and click "Save".
Host name : Server IP address
Port number : SSH port number
User name : User name
Password : User password
Give the connection a name of your choice.
You will return to the following screen and click "Login.
When the following screen appears, click "Update.
In the following screen, enter the user's password in "Password".
Copy the id_rsa in the /home/user/.ssh directory to the desired location on the windows side (select id_rsa, drag it to the left side and copy it).
3.Change to login only with private key
|
1 2 3 4 5 |
# vi /etc/ssh/sshd_config ●Per line 69 Add "PasswordAuthentication no" under "#PasswordAuthentication yes". #PasswordAuthentication yes PasswordAuthentication no |
|
1 |
# systemctl restart sshd.service |
4.Creating a private key using PuTTYgen
Launch Winscp and start puttygen.exe from Tools
Click Load to open the Open File dialog box, change the file type to [ All Files (*. Change the file type to [ All Files (*. *) ] and load the private key id_rsa transferred from the Linux server.
Enter the passphrase that you entered when you created your private key.
When the following message is displayed, click the [ OK ] button.
Click the [ Save private key ] button to save the private key.
In this case, save it as id_rsa.ppk (in Windows).
Connect to an SSH server using a private key
Start Winscp, specify the target server, and open "Edit", "Advanceds", and "Authentication" in that order.
Specify id_rsa.ppk saved in windows in the "Private Key" field.
Enter the passphrase that you entered when you created the private key on the server side.
