laptopwiki:guides:os:linux:sshkeys

SSH keys

More detailed guide by Digital Ocean https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server
You will have two keys (in a pair)

  • Public
    This one will be on the server you are logging to. If this one gets stolen it isn't that big of a deal.
  • Private
    This is the one that will live on your machine, be careful with it. This will allow you to log into any server that has public key from its pair.

Keep in mind you don't need a new pair for every server, you can use one pair for everything if you want (but if one gets compromised all of them do).

You can do this on a Windows machine if you have open-ssh installed.

  1. Start generating key
 ssh-keygen
  1. Pick name for your private ssh key (default is id_rsa without any file extension)
  2. You can give it a password if you want, adds another layer of security.

Linux: ~/.ssh

 mv example ~/.ssh

Windows: C:\Users\username\.ssh

Using scp

 scp .\example.pub user@serverip:/home/user/.ssh
 cat /home/user/.ssh/example.pub > /home/user/.ssh/authorized_keys

By default open-ssh is looking for id_rsa file. If you haven't changed your key's name, you can use

 ssh user@serverip

If you changed your key's name, you need to specify what key you want to use using the -i parameter

 ssh user@serverip -i /path/to/example

This will work on Linux and Windows, but if you need to use Powershell (which translates some unix commands to Windows APIs, so ~ is your home directory, even on Windows)

 ssh [email protected] -i ~\.ssh\example

Edit /etc/ssh/sshd_config

 sudo nano /etc/ssh/sshd_config 
  1. On line 57 find “#PasswordAuthentication Yes”
  2. Change Yes to No
  3. Remove # from the line
  4. Restart sshd service
     sudo systemctl restart sshd 

Optional

  1. Change ChallengeResponseAuthentication to No
  2. Change UsePAM to No
  3. Restart sshd service
     sudo systemctl restart sshd 

Now you must log in using your ssh key. Do not lose it.

Filezilla can't to sftp connect using the open-ssh key, so we need to convert it to a PuTTY compatible format.

  1. Install PuTTY
     winget install PuTTY.PuTTY 
  1. Run PuTTYgen
  2. In the Conversion tab use “Import Key”
  3. (Optional) You can remove the commend and add a password for the key
  4. In the top bar, open Key and Parameters for saving key files
  5. Select PPK Version 2 and Ok
  6. Click “Save Private Key”
  7. I recommend you name the file the same as the openssh one with .ppk, for example “example.ppk”
  1. Run Pageant (installed alongside PuTTY)
  2. Open it by double clicking it in the system tray
  3. Add key
  4. Sidenote: this isn't persistent. Your key will only be loaded until you quit Pageant.
    You can get around this by creating a full PuTTY profile, but that is for another guide
  1. Run FileZilla
  2. host
     sftp://serverip 
  3. username
     username 
  4. port
     your SSH port (default is 22) 
  5. password
     keep empty even if Filezilla asks you again 
  6. You should be logged in
  • laptopwiki/guides/os/linux/sshkeys.txt
  • Last modified: 29/06/2024 15:17
  • by 127.0.0.1