Jump to content

Setting up ssh key authentication


Recommended Posts

  • Bronze

Dear Community,

 

In this tutorial I will show you how you to set up ssh key instead of password-based authentication for your server.

With ssh key you can easily connect to your server on the ssh port without password, and it provides much stronger protection than the simple password-based authentication.

First of all, you have to generate your own unique key via Puttygen by moving your mouse cursor over the blank area:

 

9377983961_www.kepfeltoltes.hu_.png

 

Then you will get something like this:

 

10523790772_www.kepfeltoltes.hu_.png

 

The random code that I highlighted will be needed, so do not close your generator! You can add here password protection for your key if you like, and when you are finished, save it as a private key.

 

After that, you have to create a new user for your system without using password.

My example is 'sshkeytest'

 

11729026803_www.kepfeltoltes.hu_.png

 

After that, type the following commands:

su sshkeytest
cd /home/sshkeytest
mkdir .ssh
chmod 700 .ssh
cd .ssh

In this directory you have to create a file called authorized_keys2. You can do it via sftp, or by using the following command:

ee authorized_keys2

Now insert the code that is shown in the Puttygen, but only to the last == characters (which I highlighted before), it must not include the rsa-key-20... characters. It is important that you have to past it in only one line.

 

If you are ready, type the following:

chmod 600 authorized_keys2

After that you have to allow your new user's login by editing the sshd_config file:

ee /etc/ssh/sshd_config

Search for something like this:

 

4_www.kepfeltoltes.hu_.png

 

And rewrite it to this:

 

5_www.kepfeltoltes.hu_.png

 

With this option you allowed the ssh login of the 'sshkeytest' user (and only for this user!), and disabled the root login. If you do not find these lines, you can just simple type into the end of the file.

 

!! WARNING !! 

If you can connect to your server only via ssh protocoll, do not disable root login at first, because if you did something wrong, you will not be able to connect after this step.

 

If you are ready, you have to restart the sshd:

/etc/rc.d/sshd restart

Now open your PageAnt, and browse your .ppk file. While PageAnt is running with your key, you can log in via Putty or FileZilla (or any other client which supports ssh key authentication) without password.

 

If your server still asks for password, you did something wrong. Try again.

 

With the new user you do not have full rights, but you will need root rights for many operations. You can easily switch to root by using the su command:

su root

After you gave the right password, you are logged in with the root user with full rights.

 

 

Download the mentioned programs here.

 

 

Sorry if this tutorial already exists in this board, but I could not find it anywhere.

 

I hope that it was useful and I could help some of you with that. Good luck!

 

 

Kind regards,

RoxaLyssa

Edited by Metin2 Dev
Core X - External 2 Internal
  • Metin2 Dev 1
  • Good 1
  • Love 6
Link to comment
Share on other sites

  • 8 months later...

i create this user:

[root@ow(~)]>  adduser
Username: sshstefan
Full name: Stefan
Uid (Leave empty for default):
Login group [sshstefan]: wheel
Login group is wheel. Invite sshstefan into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash rbash nologin) [sh]: csh
Home directory [/home/sshstefan]:
Home directory permissions (Leave empty for default): 777
Use password-based authentication? [yes]: no
Lock out the account after creation? [no]:
Username   : sshstefan
Password   : <disabled>
Full Name  : Stefan
Uid        : 1001
Class      :
Groups     : wheel
Home       : /home/sshstefan
Home Mode  : 777
Shell      : /bin/csh
Locked     : no
 
 
 

when i tipe this command: 

[root@ow(~)]>  su <span class="searchlite">ssh</span>stefan
gives me this error:
-bash: span: No such file or directory
Link to comment
Share on other sites

  • 5 years later...

Announcements



×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.