Contents
SSH connection with authentication using public key cryptography
Create a key pair
Create a public/private key pair for a user connecting to a Linux server using OpenSSH.
Use ssh-keygen to create the key pair.
The creation of a public/private key pair must be done as a user with remote login privileges.
If you do not specify the destination and file name, id_ed25519 and id_ed25519.pub will be created in /home/(user name)/.ssh/. On the way, enter the password for the key.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
# su - huong [huong@Lepard~]$ ssh-keygen -t ed25519 Generating public/private ed25519 key pair. Enter file in which to save the key (/home/huong/.ssh/id_ed25519): Created directory '/home/huong/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/huong/.ssh/id_ed25519. Your public key has been saved in /home/huong/.ssh/id_ed25519.pub. The key fingerprint is: SHA256:GbVD5aLnj4lgr1pn84kN/0P4PxwWMnXmom9ggcsiUq0 huong@Lepard The key's randomart image is: +--[ED25519 256]--+ | o.. | | o o . o| | .. +... + | | . .+.o+ o .| | . .S..o = o | | . E .o+ = o | | .+.=..+ = . | | o = O =o = | | ....+ B.o+.. | +----[SHA256]-----+ |
1 2 3 |
$ cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys $ chmod 600 ~/.ssh/authorized_keys $ chmod 700 ~/.ssh/ |
Copy the private key to the client PC (using WinSCP) Configure WinSCP settings
①Start WinSCP, set the following in "New Site", and click "Save".
Host name : Server IP address
Port number : SSH port number
User name : User name
Password : User password
![](https://korodes.com/wp-content/uploads/2023/10/28d7c91e55e37b6580daa5ae22d4c0cb.jpg)
Site name : Name the connection with any name.
Click "OK"
![](https://korodes.com/wp-content/uploads/2023/10/9b53ea99f4a94fce9b40b76482a6d8ad.jpg)
Click "Login" to return to the following screen.
![](https://korodes.com/wp-content/uploads/2023/10/7f90bf235e4df57ea9f4c2165b9516fc.jpg)
If the following screen appears, click "Update".
![](https://korodes.com/wp-content/uploads/2023/10/5a7168df0483b652c65acaac9ed13286.jpg)
In the following screen, enter the user's password in the "Pasword" field.
![](https://korodes.com/wp-content/uploads/2023/10/8aa20c02f60c1dbc6c0dd5a83737b409.jpg)
The following screen will appear. Copy id_ed25519 in the /home/user/.ssh directory to any location on the windows side (select id_ed25519 and drag & copy it to the left side).
![](https://korodes.com/wp-content/uploads/2023/10/075ed9e39823f5b545a0549a4238c407.jpg)
Change to log in only with private key
Edit the SSH configuration file to disable password authentication.
su - to become root.
1 2 3 4 5 6 7 |
$ su - Password: # vi /etc/ssh/sshd_config # Per Line 71 : Add "PasswordAuthentication no" under "#PasswordAuthentication yes" PasswordAuthentication no # systemctl restart sshd |
How to connect with Tera Term
Start Tera Term, and select "File" menu "New connection
![](https://korodes.com/wp-content/uploads/2023/10/48e6fd6615fad0b6d6915c6d4185cf00.jpg)
Host : Server IP Address
TCP port : SSH Port number
If you get the following security warning "Replace.... "check the box and "Continue".
![](https://korodes.com/wp-content/uploads/2023/10/bfc146f61977dd87faa537b17aae6d6b.jpg)
User name : Login username
Password :Password specified in the creation of a public/private key pair
Check the "Use RSA/DSA...." checkbox. and in the "Private key file" field, specify the "id_ed25519" that you just saved in windows.
![](https://korodes.com/wp-content/uploads/2023/10/1bcd03aeb9214a703f56b9ccabae241f.jpg)
Creating a private key using PuTTYgen
Start Winscp and launch "Run Puttygen" from "Tools".
Select the appropriate server
![](https://korodes.com/wp-content/uploads/2023/10/49c8695934c777b24c0dc2a54f76a355.jpg)
Click Load
![](https://korodes.com/wp-content/uploads/2023/10/9d20ce6f9b4fa31eff4d23fc21f6f2c2.jpg)
The [ Open File Dialog ] will open, change the file type to [ All Files (*. *)] and load the private key id_ed25519 transferred from the Linux server.
![](https://korodes.com/wp-content/uploads/2023/10/130d698d50f60ba13ec0df4e2ac53a15.jpg)
nter the passphrase you entered when you created the private key on the server side
![](https://korodes.com/wp-content/uploads/2023/10/6a190bc90b8eabb43058748714034e4e.jpg)
Click the [ OK ] button when the following appears
![](https://korodes.com/wp-content/uploads/2023/10/ca0ca4524e962f4af1120cacd0c8544e.jpg)
Click the [ Save private key ] button to save the private key.
![](https://korodes.com/wp-content/uploads/2023/10/fcda61780fb190de26621a4e5e38940c.jpg)
Save it here as id_ed25519.ppk (in Windows).
![](https://korodes.com/wp-content/uploads/2023/10/194ceaa640df36fd40220e72da4f5c8a.jpg)
Select the appropriate server and click "Edit"
![](https://korodes.com/wp-content/uploads/2023/10/0b261f50c40248eb8b2971cac14b2de8.jpg)
Click on "Advanced"
![](https://korodes.com/wp-content/uploads/2023/10/0deb533409c985aeed3c985c39830fe1.jpg)
Open the "Authentication" menu and specify "id_ed25519.ppk" saved in Windows for "Private key file
![](https://korodes.com/wp-content/uploads/2023/10/ce4768b632feb9afabf590167e40aaff.jpg)
Click "Save"
![](https://korodes.com/wp-content/uploads/2023/10/292992894ff62b28f2d42131f084f186.jpg)
Click on "Login"
![](https://korodes.com/wp-content/uploads/2023/10/fcf564b151c4b6de29daa926cd1e11a1.jpg)
The password is the password set in "Creating a public and private key pair" above
![](https://korodes.com/wp-content/uploads/2023/10/15744f289637bf936cfad9d9396396f3.jpg)
When successfully connected, the server side is displayed on the right and the Windows side on the left as shown below.
![](https://korodes.com/wp-content/uploads/2023/10/dc4129c46142be754bceafd63eb92cc1.png)
When connecting with Tera Term
"Use RSA/DSA/ECDSA/…"
Specify "id_ed25519.ppk" saved in windows
![](https://korodes.com/wp-content/uploads/2023/10/a985d924af8483e774304f4fc845112a.jpg)
This completes the security configuration for the SSH service.