woensdag 13 maart 2013

SSH Public Key authentication

In an earlier article I described how to secure your SSH server and ended the artice with the promise to describe how to setup SSH Public key authentication.


First of all we need to prepare the server and accounts. Lets start with the configuration in
/etc/ssh/sshd_config

Change yours to match

RSAAuthentication yes
PubkeyAuthentication yes AuthorizedKeysFile ~/.ssh/authorized_keys


Warning: On CentOS 6.4 I spent some time getting the ~/.ssh path right, the SSH daemon tried to match my private key with the public key in /root/.ssh/authorized_key in stead of using the home directory location of the specific user. I changed it to .ssh/authorized_keys

If you only connect from Linux hosts you can generate your SSH keys with the ssh-keygen
ssh-keygen -t rsa -b 1024

Enter a passphrase when asked(or just enter to leave it empty).

This will generate a .ssh/id_rsa and a .ssh/id_rsa.pub

In this case, the content of file id_rsa.pub is
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEArkwv9X8eTVK4F7pMlSt45pWoiakFkZMw
G9BjydOJPGH0RFNAy1QqIWBGWv7vS5K2tr+EEO+F8WL2Y/jK4ZkUoQgoi+n7DWQVOHsR
ijcS3LvtO+50Np4yjXYWJKh29JL6GHcp8o7+YKEyVUMB2CSDOP99eF9g5Q0d+1U2WVdB
WQM= 20130312-123

It is one line in length. Its content is then copied in file ~/.ssh/authorized_keys(or /home/<user>/.ssh/authorized_keys) of the system you wish to SSH to without being prompted for a password. Possible that the .ssh directory and authorized_keys file not exists, you can create the directory and the file BUT beware: chmod 700 the .ssh directory andchmod 400 the authorized_keys file
And make sure owner is set correctly.

If you connect with Putty you need to download PuttyGen to generate your keys and configure the session profile as descibed in the following article.



1 opmerking:

  1. Thank you very much! I've tried everything, but the key is the permission from directory .ssh and from the file authorized_keys.

    Thank you again.

    BeantwoordenVerwijderen