Secure Shell is a protocol which allows you to access a remote computer securely. You can increase the security by changing the SSH Password Authentication to Key authentication. The procedure is explained below.
Create SSH key
The first step to configuring SSH key authentication is to generate an SSH key pair. So type the following command on your local machine to generate an SSH key pair.
[root@localhost ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 47:84:27:f2:b2:2b:82:5e:f1:08:ce:cc:1a:72:ad:09 root@localhost The key's randomart image is: +--[ RSA 2048]----+ | .. | | . o.. | | o o. | | . .. | | . . oS . | |= ..+ . . | |E*.o.. . | |++oo. . | |o.o. . | +-----------------+
You can give any name for key files during the key creation. By default this command will create two files in ~/.ssh folder, id_rsa and id_rsa.pub. id_rsa is your private key and id_rsa.pub is your public key. Now you have to change the permission of the private key file to 600
[root@localhost ~]# chmod 600 ~/.ssh/id_rsa
Then you have to copy the public key
[root@localhost ~]# cat ~/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZiCpKTeimka12e826b5D2yDer4316ZRKaiS1agKybFfG/ HJBjbIXop1jcwwiz8nLkS88T40+G0jIhEYIV3zejAav6lWEaZS7hHNjkeSevmpsx1yi62tGcFcwv7p4WLOUj 5AN9ewHrJvyRmwSLZldv3DNr4vN3dJb1mLE3iZ0St/RC7FJtck2styorDRNIuuL1mp+py1MBrWpXVpQL3UxG NVeaKBnyyA/fXs6AHQTnLFSkW8mRAUTOIVuaouEnB5AbgwW5QpwNWvH93ieJgeZQJNH2fRJVy1HVx7TfooKe drjmwyVny/2YXrr9duIkIdEEn/I1Xtk+KGggh root@localhost
Add the public key on your remote machine
Paste the public key in the remote machines ~/.ssh/authorized_keys file. Here we are adding the key for root user. So login to the remote server as root user.
[root@localhost ~]# ssh root@1.2.3.4 root@1.2.3.4's password: [root@remote-machine ~]# echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZiCpKTeimka12e 826b5D2yDer4316ZRKaiS1agKybFfG/HJBjbIXop1jcwwiz8nLkS88T40+G0jIhEYIV3zejAav6lWEaZS7hH NjkeSevmpsx1yi62tGcFcwv7p4WLOUj5AN9ewHrJvyRmwSLZldv3DNr4vN3dJb1mLE3iZ0St/RC7FJtck2st yorDRNIuuL1mp+py1MBrWpXVpQL3UxGNVeaKBnyyA/fXs6AHQTnLFSkW8mRAUTOIVuaouEnB5AbgwW5QpwNW vH93ieJgeZQJNH2fRJVy1HVx7TfooKedrjmwyVny/2YXrr9duIkIdEEn/I1Xtk+KGggh root@localhost" >> ~/.ssh/authorized_keys
If the file ~/.ssh/authorized_keys does not exist, you have to create it. And change the permission of ~/.ssh folder to 700 and ~/.ssh/authorized_keys file to 600.
Configure the SSH on remote machine for key authentication
Now you have to configure the SSH for key authentication. So make changes on ssh configuration file as follow
[root@remote-server ~]# vim /etc/ssh/sshd_config PermitRootLogin yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no
Restart the SSH service
[root@remote-server ~]# service sshd restart
Now you can try the key authentication from your local machine.
[root@localhost ~]# ssh -i ~/.ssh/id_rsa root@1.2.3.4
Here we have saved the ssh private key on ~/.ssh/id_rsa file. So we gave that location on the above command. You can save it anywhere, but you have to use the full path of that key in the ssh command.
If you like the post and wish to receive more articles from us, please like our FB page: If you like this post and wish to receive more articles from us, please like our FB page: Button
Your suggestions and feedbacks will encourage us and help to improve further, please feel free to write your comments.
For more details on our services, please drop us an E-mail at info@grepitout.com
Add Comment