Create a private key for the client and a public key for the server to allow login with key pair authentication
Contents
1.key pair creation
Create a public/private key pair for a user connecting to the Linux server using OpenSSH.
Use ssh-keygen to create key pairs.
Creation of public/private key pairs is performed with remote login user privileges.
If you do not specify the creation destination and file name, id_ed25519 and id_ed25519.pub will be created in /home/huong/.ssh/.
On the way, also enter the password for the key.
key pair creation
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
# su - huong huong@Lepard:~> ssh-keygen -t ed25519 Generating public/private ed25519 key pair. Enter file in which to save the key (/home/huong/.ssh/id_ed25519): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/huong/.ssh/id_ed25519 Your public key has been saved in /home/huong/.ssh/id_ed25519.pub The key fingerprint is: SHA256:NleLv0hKEYu5YhaBjJITQLUughwcP/NMxZ/uFWeilSY huong@Lepard The key's randomart image is: +--[ED25519 256]--+ |=o.. .. | |.=o.. .. | |=oo=.. o . o | |+.o *. o E O + | |oo ..oo S B * | |. . . o * o | | + . o o . | | o . . + . . | | . . . | +----[SHA256]-----+ |
|
1 2 3 4 |
huong@Lepard:~> ll ~/.ssh total 8 -rw------- 1 huong users 444 Jun 15 15:17 id_ed25519 -rw-r--r-- 1 huong users 94 Jun 15 15:17 id_ed25519.pub |
|
1 2 |
huong@Lepard:~> cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys huong@Lepard:~> chmod 600 ~/.ssh/authorized_keys |
Save the created private key id_ecdsa to an appropriate location on windows using winSCP.
Start winSCP
New Site click
Host name : server IP address
Port number : SSH port number
User name : login user name
Password : Password for the above user
Save click
Site name : Give it any name you like.
OK click
Select the appropriate server and click Login.
Click "Update" when the following security confirmation screen is displayed.
Password : login user password
OK click
When connected, the left column is the server side and the right column is the PC (Windows) side.
Save the file "id_ed25519" in the .ssh directory to a suitable location on Windows in the right column.
2. Edit SSH settings
2.1 Editing Configuration Files
If you use key authentication, you can make the environment more secure by disabling password authentication on the SSH server side as follows. This time, use su - to become root instead of a general user.
|
1 2 3 4 |
# vi /etc/ssh/sshd_config # Line 66: Change to password authentication disabled. PasswordAuthentication no |
|
1 |
# systemctl restart sshd.service |
2.2 How to connect with Tera Term
Open TeraTerm and click "New Connection" from the "File" menu.
Host : server IP address
TCP port : SSH Port number
OK click
If you get the following security warning [Replace….] Check the box
User name : login user name
Password :Password specified in the creation of a public/private key pair
Use RSA/DSA/ECDSA/ED25519 key to log in : check
Private key file: Set "id_ed25519" saved in Windows
OK click
2.3 Creating a private key using PuTTYgen
Start Winscp and launch Run PuTTYgen from Tools
Select the appropriate server
Click Load
Click Load [ Open File Dialog ], change the file type to [ All Files (*. *) ] and load the private key id_ed25519 transferred from the Linux server.
The password is the password set in "Creating a public and private key pair" above
Click on "Save private key"
Save the file as ".ppk" extension with the name "id_ed25519.ppk" in the same place as "id_ed25519" saved earlier on the Windows side.
Check the appropriate server and click Save.
Click Edit
Click Advabced
Open the "Authentication" menu and specify "id_ed25519.ppk" saved in Windows for "Private key file"
Click "Login" after "Save"
In the Password field, enter the password defined in the first public key course you created.
Not the user's login password
When connecting with Tera Term, use the following
Use RSA/DSA/ECDSA/…" Specify "id_ed25519.ppk" saved in windows in the "Use RSA/DSA/ECDSA/…" field.
