Click here for "Safe Air Conditioner Repair and Proper Freon Recovery".

openSUSE ; SSH connection with authentication using public key cryptography

Create a private key for the client and a public key for the server so that the client can log in using the key pair authentication.

1.Key pair creation

Create a pair of public and private keys for the user who will connect to the Linux server using OpenSSH.
To create a key pair, use ssh-keygen.
The creation of a public/private key pair should be performed as a user with remote login privileges.
If you do not specify the destination and file name, id_ecdsa and id_ecdsa.pub will be created in /home/(user name)/.ssh/.    On the way, you will also enter the password for the key.

Key pair creation

Lepard:# su – lan
lan@Lepard:~> ssh-keygen -t ecdsa
Generating public/private ecdsa key pair.
Enter file in which to save the key (/home/lan/.ssh/id_ecdsa):    Empty Enter
Created directory ‘/home/lan/.ssh’.
Enter passphrase (empty for no passphrase):    Any password
Enter same passphrase again:  Password again
Your identification has been saved in /home/lan/.ssh/id_ecdsa
Your public key has been saved in /home/lan/.ssh/id_ecdsa.pub
The key fingerprint is:
SHA256:6sznBoibHBTvHW96JYuzWs+zMoELYpmcxJcCLvSPtHs lan@Lepard
The key’s randomart image is:
+—[ECDSA 256]—+
| |
|… |
|= .o. |
|.=.=. . |
|+.Bo++ oS |
|.*+o+.+.+ . |
|.o =..o* + |
| +..E*o* |
| o.=X=o |
+—-[SHA256]—–+
lan@Lepard:~> ll ~/.ssh
total 8
-rw——- 1 lan users 557 Jan 30 14:11 id_ecdsa
-rw-r–r– 1 lan users 172 Jan 30 14:11 id_ecdsa.pub
lan@Lepard:~>cat ~/.ssh/id_ecdsa.pub >> ~/.ssh/authorized_keys
lan@Lepard:~>chmod 600 ~/.ssh/authorized_keys
Save the created private key id_ecdsa to an appropriate location on Windows using winSCP.

2. Editing SSH settings

2.1 Edit the configuration file

If you use key authentication, you can make the environment more secure by disabling password authentication on the SSH server side as follows
If you are not a regular user, su – will make you root.

# vi /etc/ssh/sshd_config
# Lines 58, 62: uncomment and change to password authentication disabled.
PasswordAuthentication no
ChallengeResponseAuthentication no

# systemctl restart sshd.service

2.2 How to connect with Tera Term

Open TeraTerm and click “New Connection” from the “File” menu.
The host address (host name) and TCP port should match your server. ↓

User name and password should match your server.
Under “Use RSA/DSA/ECDSA/ED25519 key to log in”, set “Private key file:” to “id_ecdsa” that you just saved in Windows.
and click “OK”.  ↓

2.3 Creating a private key using PuTTYgen

Start Winscp and run “Run PuTTYgen” from Tools

Click Load.

Change the file type to [ All Files (*. Change the file type to [ All Files (*. *) ] and load the private key id_ecdsa transferred from the Linux server.

Click “Save private key”. ↓

Save the file as “id_ecdsa.ppk” with the extension “.ppk” in the same place as “id_ecdsa” saved earlier in Windows.  ↓

Launch WinSCP and click “Edit”.   ↓

Click on “Advanced”. ↓

Open the “Authentication” menu, and specify “id_ecdsa.ppk” that you just saved in Windows as the “Private key file”.  ↓

Click “Save” and then “Login”.   ↓

In the Password field, enter the password you defined in the first public key course you created.
It is not the user’s login password.  ↓

タイトルとURLをコピーしました