SSH Key Authentication (Linux)
Step By Step Instructions
In order to authenticate using public and private keys, perform the following steps:
- Create a key-pair on the client workstation.
- Add the public-key of the key-pair on the server.
- Test logging on to the server from the client.
Create a key-pair on the client workstation
From the client workstation, create a key-pair using the ssh-keygen command. This command will compute a key-pair and deposit the key-pair into the ~/.ssh directory. To do this, enter the following command.
It is very important to use a passphrase when creating the key-pair!
-bash-4.2$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/test/.ssh/id_rsa): <return> Enter passphrase (empty for no passphrase): passphrase Enter same passphrase again: passphrase Your identification has been saved in /home/test/.ssh/id_rsa. Your public key has been saved in /home/test/.ssh/id_rsa.pub. The key fingerprint is: SHA256:OXvMnRK6aFjRfWZ7ShXSUzgKrmdjpzTOknoqbDMVqSk test@pier.ecn.purdue.edu The key's randomart image is: +---[RSA 2048]----+ | . o.| | . . * | | o o . o + | | + ..o = . | | o oS..+ o | | E o o .*Bo+.. | | o + oO=*oo | | B ..+o+.. | | . =++.. | +----[SHA256]-----+ -bash-4.2$
Add the public-key of the key-pair on the server
From the server, add the public key to the list of keys authorized to use the account. Each line in the ~/.ssh/authorized_keys lists the public-keys that are authorized to log on to the server account. Then only those users have a copy of the key-pair will be authorized to use the server account. There can be multiple public keys listed in the file.
-bash-4.2$ ssh-copy-id pier.ecn.purdue.edu /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/test/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys test@pier.ecn.purdue.edu's password: password Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'pier.ecn.purdue.edu'" and check to make sure that only the key(s) you wanted were added. -bash-4.2$
Test logging on to the server from the client
Test to see that key-pair authentication is working. This time when logging on to the server, instead of prompting for the UNIX password, ssh will prompt for the passphrase used to encrypt the private key of the key-pair. If the right passphrase is entered, the server ought to authorize the log-on because (1) it knows that the public-key is allowed access by being listed in the ~/.ssh/authorized_keys file, and (2) that the client ssh program knew the private key.
-bash-4.2$ slogin pier.ecn.purdue.edu Enter passphrase for key '/home/test/.ssh/id_rsa': passphrase Last login: Thu Oct 15 13:11:57 2020 from pier.ecn.purdue.edu Linux pier.ecn.purdue.edu 3.10.0-1127.13.1.el7.x86_64 #1 SMP Tue Jun 23 15:46:38 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux - No news at this time. -bash-4.2$ logout Connection to pier.ecn.purdue.edu closed. -bash-4.2$
Last modified: 2020/10/16 11:06:39.533315 GMT-4 by
curtis.f.smith.1
Created: 2020/10/14 14:41:9.496959 GMT-4 by curtis.f.smith.1.