Almost all nix administrator use ssh (Secure shell) for managing server remotely. There are several way to use ssh. One of them is to use a manually generated public-private key pair to perform the authentication. In this tutorial I’ll show you how to create that public private key and use that key for login to a server remotely.
I use most popular putty for login from windows and the server I used is Ubuntu 14.04 LTS.
Launch putty and insert the server IP.
For first time connection putty will pops up a security warning. Click yes to continue.
Insert username and password for login.
You are logged in to the server with valid password.
Launch putty key generator (puttygen) and click on “Generate” button.
After click on generate button move your cursor randomly over the blank area to generate the public key.
After some time the public key will be generated.
Leave the window as it is and go to the server.
On the server side open a directory Name “.ssh” in the user Home directory. (.ssh is a hidden directory).
Give “700” permission on the directory which means the directory is only accessible by the user.
Create a file name “authorized_key2” inside the .ssh directory.
Now back to putty gen.
- Enter some comment in “Key comment” field. In my case I use “Key for server1”
- Select some strong password and enter in Key passphrase field. Confirm the password. This password will be use for protect the key.
- Click on “Save private key” button.Save the file in your disk and choose any name you like but the extension of the file should be “.ppk”.
- Click on “Save public key” button. Again save the file in your disk and choose any name you like. I leave the type of key and number of bits as default but you can change it if you like.
- And finally select and copy all string from the above box
Open the “authorized_key2” file and paste the string which we copy earlier from puttygen. Save and exit from the file
Give “600” permission on the file and logout from the server
Launch putty again and insert server IP.
Select “ssh” from Category and brows for the file you save earlier with extension “.ppk”. It’s the private key file. Click open.
The server will ask for the user name. Enter the username and press enter.
The server will show a message “Authenticating with public key” followed by the comments you enter while generating the key
After that the server will ask for the passphrase. Enter the passphrase you use while generating the key and press enter.
Congratulation. you are logged in to your server with ssh key.
But wait.
You can still login in to your server without the key. Which we don’t want. To make the server more smart or only allow key based login some little modification required in sshd_config file.
Open “sshd_config” file located at /etc/ssh directory with your favorite editor
Perform the following step
Search for the string “#PasswordAuthentication yes”
Uncomment the line and change “yes” to “no”
Search for the string “UsePAM yes”
Change “yes” to “no”. Save and exit from “sshd_config” file.
And lastly restart the ssh service.
Now try to login without the key and you will end up with a Disconnected message thrown by the server. Which simply means that you cannot login without the key.
Background activity
what actually happen in background with key based ssh login is
- Client initiate ssh connection using putty
- Server send random challenge message (encrypted with client public key) to the client.
- Client De crypt the message with client private key and send it to the server
- Client is only authenticated to the server if the message match.
That’s all for today. hope to see you soon with some new how tooo’s.
If you enjoyed the post, please share it with your network and let me know your thoughts in the comments.
About the Author: Imtiaz is working in a financial organization in Bangladesh and having experience in system, network and security administration. Feel free to contact with him on LinkedIn or Twitter.