Create a private key for the client and a public key for the server so that the client can log in using the key pair authentication.
Contents
1.Key pair creation
Create a pair of public and private keys for the user who will connect to the Linux server using OpenSSH.
To create a key pair, use ssh-keygen.
The creation of a public/private key pair should be performed as a user with remote login privileges.
If you do not specify the destination and file name, id_ecdsa and id_ecdsa.pub will be created in /home/(user name)/.ssh/. On the way, you will also enter the password for the key.
Key pair creation
lan@Lepard:~> ssh-keygen -t ecdsa
Generating public/private ecdsa key pair.
Enter file in which to save the key (/home/lan/.ssh/id_ecdsa): Empty Enter
Created directory ‘/home/lan/.ssh’.
Enter passphrase (empty for no passphrase): Any password
Enter same passphrase again: Password again
Your identification has been saved in /home/lan/.ssh/id_ecdsa
Your public key has been saved in /home/lan/.ssh/id_ecdsa.pub
The key fingerprint is:
SHA256:6sznBoibHBTvHW96JYuzWs+zMoELYpmcxJcCLvSPtHs lan@Lepard
The key’s randomart image is:
+—[ECDSA 256]—+
| |
|… |
|= .o. |
|.=.=. . |
|+.Bo++ oS |
|.*+o+.+.+ . |
|.o =..o* + |
| +..E*o* |
| o.=X=o |
+—-[SHA256]—–+
total 8
-rw——- 1 lan users 557 Jan 30 14:11 id_ecdsa
-rw-r–r– 1 lan users 172 Jan 30 14:11 id_ecdsa.pub
lan@Lepard:~>chmod 600 ~/.ssh/authorized_keys
2. Editing SSH settings
2.1 Edit the configuration file
If you use key authentication, you can make the environment more secure by disabling password authentication on the SSH server side as follows
If you are not a regular user, su – will make you root.
# Lines 58, 62: uncomment and change to password authentication disabled.
PasswordAuthentication no
ChallengeResponseAuthentication no
# systemctl restart sshd.service
2.2 How to connect with Tera Term
Open TeraTerm and click “New Connection” from the “File” menu.
The host address (host name) and TCP port should match your server. ↓
User name and password should match your server.
Under “Use RSA/DSA/ECDSA/ED25519 key to log in”, set “Private key file:” to “id_ecdsa” that you just saved in Windows.
and click “OK”. ↓
2.3 Creating a private key using PuTTYgen
Start Winscp and run “Run PuTTYgen” from Tools
Click Load.
Change the file type to [ All Files (*. Change the file type to [ All Files (*. *) ] and load the private key id_ecdsa transferred from the Linux server.
Click “Save private key”. ↓
Save the file as “id_ecdsa.ppk” with the extension “.ppk” in the same place as “id_ecdsa” saved earlier in Windows. ↓
Launch WinSCP and click “Edit”. ↓
Click on “Advanced”. ↓
Open the “Authentication” menu, and specify “id_ecdsa.ppk” that you just saved in Windows as the “Private key file”. ↓
Click “Save” and then “Login”. ↓
In the Password field, enter the password you defined in the first public key course you created.
It is not the user’s login password. ↓
