This page looks plain and unstyled because you're using a non-standard compliant browser. To see it in its best form, please upgrade to a browser that supports web standards. It's free and painless.

Blog About Dedicated Servers

« | »

OpenSSH public key login (no password)

Luigi Ramone | 15 December, 2005 21:37

How to connect to your linux server using OpenSSH and public keys.

This is for OpenSSH2 protocol only !

Ok, here we go....

To generate keys on a linux desktop / workstation :

First, in a local shell (on your machine as your normal user) you must generate your keys.



------------------------

ssh-keygen -q -t rsa -f $HOME/.ssh/id_rsa -C your_key_name_here

------------------------

(replace your_key_name_here with your key name ;-) can be anything, just no spaces )
You will be prompted for a passphrase, enter a sentence at least 10 or 15 words long that you will remember !

You will be prompted again, re-enter the passphrase

You then go back to the shell prompt.

now you can go to ~/.ssh/ and see the files there :

id_rsa
id_rsa.pub
known_hosts

the id_rsa.pub is your public key.

There are agents that can enter your passphrase for you automatically
Check out http://www.gentoo.org/proj/en/keychain.xml
or read this Redhat document fully
http://www.redhat.com/docs/manuals/...ent-config.html

###########################################

To generate keys on a Windows desktop / workstation :

Get puTTY from http://www.chiark.greenend.org.uk/~...y/download.html
Make sure you get the .exe files for puTTY, puttygen and pageant and also get the puttydoc.zip Unzip puttydoc and read the howtos in there as to generating your keys and using pageant.
Then use the putty generated public key in the server side section of my howto.

###########################################

To install the public key on the server (either generated by puttygen or ssh-keygen)

Log in as admin on the server.

While still in /home/admin

------------------------

mkdir .ssh
chmod 700 .ssh
cd .ssh
vi authorized_keys2

------------------------

hit i then add

------------------------

ssh-rsa

------------------------

followed by a space, then paste in your public key

( tip: vi the id_rsa.pub on your local machine and copy the contents, including the name at the end that you gave it , but be careful not to get any line breaks when you copy, it should be just one line)

Now hit Esc, then hit :wq to save and exit

then

------------------------

chmod 600 authorized_keys2

------------------------

now su - to root
enter

------------------------

service sshd restart

------------------------

Then logout from the server.

Log back in in the usual way, but now you will be asked for the passphrase.

Seems silly, but bear in mind that you are not sending the passphrase out over the net, it all takes place on your machine.

If you want to limit the connection for this key to your own hostname / ip address (client machine or for server to server) just add

host=xxx.xxx.xxx.xxx

before the ssh-rsa in authorized_keys2 , remembering to leave a space before ssh-rsa

(the x's being your ip or just enter your hostname if its real !)

ie

host=192.168.10.1 ssh-rsa pasteyourkeyhereexamplekeytextexamplekeytext your_key_name


It's done :-)

If you specify dsa in the keygen you will generate a DSA key, just remember to change rsa to dsa everywhere in this how to, except in the authorized_keys2 file where it should be ssh-dss

This howto should work for any linux servers with a reasonably current version of OpenSSH installed, and assuming that you haven't changed the authorization config to prevent key logins.

If the key login fails, you will still be able to use your password as normal ;-)


To disable password based logins :

Once you have the keys generated, set up on the server and you have tested the system, you can disable keyboard based logins.

This ensures that only the public key holders can ssh into the server.

ssh into the server as admin then,

------------------------

su -
vi /etc/ssh/sshd_config
/#PasswordAuthentication
i

------------------------

remove the # (uncomment the line) and change yes to no

hit Esc

------------------------

:wq

------------------------

then restart sshd

------------------------

service sshd restart

------------------------

SSH :: Comment (0) :: Permalink :: Trackbacks (2)

Add comment

Topic

Text

Your name

Your email address (if any)

Your personal page (if any)


authimage




Powered by Boonic, Bloogo & pLog
This Blog does not have any affiliation nor relation with the mentioned companies. All the logotipos, trade names and images are property of the companies that registered them.