Securing SSH of a server in a network is the primary task of every system admin. In the previous article I wrote about how to block root user login via ssh. This tutorials helps you to setup ssh public key based authentication.

ssh-keygen can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA keys for use by SSH protocol version 2. The type of key to be generated is specified with the -t option. If invoked with‐out any arguments, ssh-keygen will generate an RSA key for use in SSH protocol 2 connections

root@linuxinternetworks:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/user1
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/user1.
Your public key has been saved in /root/.ssh/user1.pub.
The key fingerprint is:
c6:60:cb:ca:6c:8f:5d:8c:d2:fd:a7:25:4b:c7:4c:59 root@linuxinternetworks
The key’s randomart image is:
+–[ RSA 2048]—-+
| |
| |
| o E |
| o + o |
| o S o |
| o
o = + |
| * o + o = |
| . = . o =. |
| . o +o |
+—————–+

Now copy the public key file to remote machine using ssh-copy-id command

Public Key : /root/.ssh/user1.pub
Private Key : /root/.ssh/user1

root@linuxinternetworks:~# ssh-copy-id -i /root/.ssh/user1.pub user1@server2.linuxinternetworks.com
user1@server2.linuxinternetworks.com’s password:
Now try logging into the machine, with “ssh ‘user1@server2.linuxinternetworks.com'”, and check in:

~/.ssh/authorized_keys

to make sure we haven’t added extra keys that you weren’t expecting.

Use the private to login into the remote machine, this time it wont ask the password

root@linuxinternetworks.com:~# ssh -i /root/.ssh/user1 user1@server2.linuxinternetworks.com
Last login: Sun Jun 30 09:46:58 2013 from 115.241.5.76
[user1@server2 ~]$ exit

If you want, you can keep both password and key based authentication or else you can disable password authentication. Check here about How to disable password authentication.


Subscribe Our Free Newsletter

Delivered by FeedBurner. We Respect Your Privacy

Tagged with:
 

Leave a Reply

%d bloggers like this: