SSH connection with authentication using public key cryptography
Contents
Creation of public and private key pairs
Create a public/private key pair for a user connecting to the Linux server using OpenSSH.
Use ssh-keygen to create key pairs.
Creation of public/private key pairs is performed with remote login user privileges。
If you do not specify the destination and file name, id_ed25519 and id_ed25519.pub will be created in /home/(user name)/.ssh/. On the way, enter the password for the key.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
# su - huong [huong@Lepard~]$ ssh-keygen -t ed25519 Generating public/private ed25519 key pair. Enter file in which to save the key (/home/huong/.ssh/id_ed25519): Created directory '/home/huong/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/huong/.ssh/id_ed25519 Your public key has been saved in /home/huong/.ssh/id_ed25519.pub The key fingerprint is: SHA256:Yq9/XCRZ6jjImkPg2FvzwFaAHaIiaoZGmMUVq6uYo18 huong@Lepard The key's randomart image is: +--[ED25519 256]--+ | .o++o | |.+o.o. . | |*. .. + | |* .. . + . | |oB.o oo.So o | |= o.B.ooo . . | | .=E* .o . | |oo..+ .. o | |*o. ..... | +----[SHA256]-----+ |
1 2 3 |
$ cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys $ chmod 600 ~/.ssh/authorized_keys $ chmod 700 ~/.ssh/ |
Save the created private key id_ed25519 to an appropriate location on windows using winSCP.
Start Winscp
Host name : Server IP Address
Port number : SSH port number
User name : Server Login User
Password : Password for the same user
Click "Save"
Site name : Any name
Click "OK
After confirming the server, click "Login".
Click "Update" when the following screen appears
Password of the logged-in user in the Password field
When connected, the right column is the server side and the left column is the PC (Windows) side.
Save the file "id_ed25519" in the .ssh directory to an appropriate location on Windows in the left column.
Editing SSH Configuration File
Edit the SSH configuration file to disable password authentication.
This time, instead of being an ordinary user, su - to become root.
1 2 3 4 5 6 7 |
$ su - Password: # vi /etc/ssh/sshd_config # Line 66 : Changed to no password authentication PasswordAuthentication no # systemctl restart sshd |
How to connect with Tera Term
Start Tera Term, and select "File" menu "New connection"
Host : Server IP Address
TCP port : SSH port number
If you get the following security warning Check "Replace...." and click "Continue".
User name : Login User Name
Password : Password specified in the creation of a public/private key pair
Under "Use RSA/DSA/ECDSA/ED25519 key to log in", set "Private key file:" to "id_ed25519" that you just saved in Windows. and click "OK".
Creating a private key using PuTTYgen
Start Winscp and launch [Run Puttygen] from [Tools].
Select the appropriate server
Click Load
The [ Open File Dialog ] will open, change the file type to [ All Files (*. Change the file type to [ All Files (*. *) ] and load the private key id_ed25519 that was transferred from the Linux server.
The password is the password set in "Creating a public and private key pair" above
Click on "Save private key"
Save the file with the extension ".pppk" in the same place as "id_ed25519" saved earlier on the Windows side under the name "id_ed25519.pppk".
Select the appropriate server and click "Edit"
Click on "Advanced"
Open the "Authentication" menu and specify "id_ed25519.ppk" saved in Windows for "Private key file
Click "Save"
Click on "Login"
The password is the password set in "Creating a public and private key pair" above
When connecting with Tera Term, use the following
Use RSA/DSA/ECDSA/..." Specify "id_ed25519.ppk" saved in windows in the "Use RSA/DSA/ECDSA/..." field.