LinuxTech

How to set up SSH Keys on your Linux System

1.What is ssh keys?

The SSH key pair allows you to log in to the SSH server conveniently without entering a password. SSH key pairs always appear in pairs, one public key and one private key. The public key can be freely placed on the SSH server you need to connect to, and the private key must be kept well.
Public key login is often referred to as public key authentication. The principle of public key login: First, the user stores his public key on the remote machine that needs to log in, and then when logging in, the remote host sends a random string to the user. Then the user encrypts the string with his private key and sends it to the remote host. Finally, the remote host uses the stored public key to decrypt. If the decryption is successful, the user is trusted and is allowed to log in without prompting for a password.

The SSH key pair allows you to log in to the SSH server conveniently without entering a password. SSH key pairs always appear in pairs, one public key and one private key. The public key can be freely placed on the SSH server you need to connect to, and the private key must be kept well.
Public key login is often referred to as public key authentication. The principle of public key login: First, the user stores his public key on the remote machine that needs to log in, and then when logging in, the remote host sends a random string to the user. Then the user encrypts the string with his private key and sends it to the remote host. Finally, the remote host uses the stored public key to decrypt. If the decryption is successful, the user is trusted and is allowed to log in without prompting for a password.

We generally use SSH clients such as PuTTY to remotely manage Linux servers. However, the general password login method is prone to brute force cracking of the password. Therefore, generally we will set the SSH port to a port other than the default 22, or disable root account login. In fact, there is a better way to ensure security and allow you to log in remotely with the root account with confidence-that is, log in by means of a key.

The principle of key form registration is: use a key generator to make a pair of keys-a public key and a private key. Add the public key to an account on the server, and then use the private key on the client to complete the authentication and log in. In this way, without the private key, no one can brute force your password through SSH to log in to the system remotely. In addition, if you copy the public key to other accounts or even the host, you can also log in with the private key.

Let’s explain how to make a key pair on a Linux server, add the public key to the account, set up SSH, and finally log in through the client.

2.Set up SSH keys on Debian/Centos/Ubuntu System

First make a key pair on the server. First use the password to log in to the account you intend to log in with the key, and then execute the following command:

ssh-keygen

Establish a key pair

You will see this:

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): <== press Enter
Created directory'/root/.ssh'.
Enter passphrase (empty for no passphrase): <== Enter the key lock code, or directly press Enter to leave it blank
Enter same passphrase again: <== Enter the key lock code again
Your identification has been saved in /root/.ssh/id_rsa. <== private key
Your public key has been saved in /root/.ssh/id_rsa.pub. <== public key
The key fingerprint is:
8v:7h:5g:23:sc:23:54:03:f1:19:f1:53:cw:3b:c4:6f

The key lock code must be entered when using the private key, so that the private key can be protected from being stolen. Of course, you can also leave it blank to achieve passwordless login.
Now, a hidden .ssh directory is generated in the root user’s home directory, which contains two key files. id_rsa is the private key, id_rsa.pub is the public key.

Type the following command to install the public key on the server:

cd .ssh
cat id_rsa.pub >> authorized_keys

This completes the installation of the public key. In order to ensure a successful connection, please ensure that the following file permissions are correct:

chmod 600 authorized_keys
chmod 700 ~/.ssh

Set up SSH, turn on the key login function

Edit the /etc/ssh/sshd_config file and make the following settings:

RSAAuthentication yes
PubkeyAuthentication yes

In addition, please pay attention to whether the root user can log in via SSH:

PermitRootLogin yes

After you have completed all the settings and successfully logged in with the key, then disable the password login:

PasswordAuthentication no

Finally, restart the SSH service:

service sshd restart

Download the private key to the client, and then convert it to a format that PuTTY can use.
Use WinSCP, SFTP and other tools to download the private key file id_rsa to the client machine. Then open PuTTYGen and click the Load button in Actions to load the private key file you just downloaded. If you have set the key lock code just now, you need to enter it at this time.
After loading successfully, PuTTYGen will display key related information. Type in the key description information in Key comment, and then click the Save private key button to save the private key file in a format that PuTTY can use.
In the future, when you log in with PuTTY, you can select your private key file for authentication: in Connection -> SSH -> Auth on the left, and then you can log in. You only need to enter the key in the process Just lock the code.

Show More

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button