Contents
SSH connection with authentication using public key cryptography
Creation of public and private key pairs
Create a public/private key pair for a user connecting to the Linux server using OpenSSH.
Use ssh-keygen to create key pairs.
This time, we will create a key set using the RSA cipher used in the SSH protocol Version 2.
Creation of public/private key pairs is performed with remote login user privileges (huong).
If you do not specify the destination and file name, id_ed25519,id_ed25519.pub will be created in /home/huong/.ssh/. On the way, enter the password for the key.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
# su - huong huong@lepard:~$ ssh-keygen -t ed25519 Generating public/private ed25519 key pair. Enter file in which to save the key (/home/huong/.ssh/id_ed25519): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/huong/.ssh/id_ed25519 Your public key has been saved in /home/huong/.ssh/id_ed25519.pub The key fingerprint is: SHA256:HrwYjKC33QksrHJP36TJfsoZi4y4JzS+NGjPlC5XZi0 huong@lepard The key's randomart image is: +--[ED25519 256]--+ | | | | | . | | o o o . | |. + + + S | |.= +.E * o | |*++o* * + | |==B* = O. | |o==++.@o. | +----[SHA256]-----+ $ chmod 700 ~/.ssh $ cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys $ chmod 600 ~/.ssh/authorized_keys |
Save the created private key id_ed25519 to an appropriate location on windows using winSCP.
Start Winscp
Host name : IP address of the server
Port number : SSH port
User name : Server login user
Password : Password for the same user
click「Save」
Site name : any name
Click "OK"
After confirming the server, click "Login".
Click "Update" when the following screen appears
Password of the logged-in user in the Password field
When connected, the right column is the server side and the left column is the PC (Windows) side.
Save the file "id_ed25519" in the .ssh directory to an appropriate location on Windows in the left column.
Editing SSH Configuration File
Edit the SSH configuration file to disable password authentication.
This time, use su - to become root instead of a normal user.
|
1 2 3 4 5 6 |
$ su - Password: # vi /etc/ssh/sshd_config # Line 61 : Changed to no password authentication PasswordAuthentication no # systemctl restart ssh |
How to connect with Tera Term
Start Tera Term and select "File" menu "New connection"
Host : IP address of the server
TCP port : SSH port number
If you get the following security warning "Replace…. "Check
click"Contunue"
User name : Login user name
Password : Password specified when creating a public/private key pair
Under "Use RSA/DSA/ECDSA/ED25519 key to log in", set "id_ed25519" saved in Windows to "Private key file:" and click "OK
Creating a private key using PuTTYgen
Start Winscp and launch Run Puttygen from "Tools".
Select the appropriate server
Click Load
The [ Open File Dialog ] will open, change the file type to [ All Files (. Change the file type to [ All Files (. *) ] and load the private key id_ed25519 that was transferred from the Linux server.
The password is the password set in "Creating a public and private key pair" above
Click on "Save private key"
Save the file with the extension ".ppk" in the same place as "id_ed25519" saved earlier on the Windows side under the name "id_ed25519.ppk".
Select the appropriate server and click "Edit"
Click on "Advanced"
Open the "Authentication" menu and specify "id_ed25519.ppk" saved in Windows for "Private key file"
Click "Save"
Click on "Login"
The password is the password set in "Creating a public and private key pair" above
When connecting with Tera Term, use the following
Use RSA/DSA/ECDSA/…" Specify "id_ed25519.ppk" saved in windows in the "Use RSA/DSA/ECDSA/…" field.
