In this tutorial we are going to configure SSH server to login with Key based Authentication. We need to create a private key for client and a public key for server to do it.
Create key pair for each user, so login with a common user and work it like follows.
# create key pair
[clado@easylinux ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/clado/.ssh/id_rsa): # Enter
Created directory '/home/clado/.ssh'.
Enter passphrase (empty for no passphrase): # set passphrase (set no passphrase to Enter with empty)
Enter same passphrase again:
Your identification has been saved in /home/clado/.ssh/id_rsa.
Your public key has been saved in /home/clado/.ssh/id_rsa.pub.
The key fingerprint is:
38:f1:b4:6d:d3:0e:59:c8:fa:1d:1d:48:86:f0:fe:74 clado@easylinux.com
The key's randomart image is:
[clado@easylinux ~]$ mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
[clado@easylinux ~]$ chmod 600 ~/.ssh/authorized_keys
[2] Transfer the secret key created on the Server to a Client, then it's possbile to login with keys authentication.
[clado@www ~]$ mkdir ~/.ssh
[clado@www ~]$ chmod 700 ~/.ssh
# copy the secret key to local ssh directory
[clado@www ~]$ scp clado@10.0.0.30:/home/clado/.ssh/id_rsa ~/.ssh/
clado@10.0.0.30's password:
id_rsa
[clado@www ~]$ ssh -i ~/.ssh/id_rsa clado@10.0.0.30
Enter passphrase for key '/home/clado/.ssh/id_rsa': # passphrase
Last login: Wed Jul 30 21:37:19 2014 from www.server.world
[clado@easylinux ~]$ # just logined
[3] If you set "PasswordAuthentication" no, it's more secure.
[root@easylinux ~]# vi /etc/ssh/sshd_config
# line 66: turn to "no"
PasswordAuthentication no
[root@easylinux ~]# /etc/rc.d/init.d/sshd restart
No comments:
Post a Comment