SSH public key authentication is based on cryptographic algorithms that generate a pair of separate keys, private and public. The private key that you use to connect to a remote server is stored on your computer. But you can transfer the public key to anyone without jeopardizing the private one.
For example, you have already bred a server from your personal account. How to do this is described in this article. Next, in your personal account, copy the access data from the Instructions.
Next, download the Putty program to connect to the server. Or you can use alternative programs.
In the Host Name (or IP address) field, enter the IP of your server. Enter 22 in the Port field.
To generate a key pair, there is the ssh-keygen utility. It is already installed by default. It generates a pair of 2048-bit RSA keys, which suits us.
On behalf of the user for whom you want to create keys, execute the command (in this case, this is root):
For questions asked during the generation process, you can simply press Enter. Since our goal is simply to generate a key.
And we get an approximate picture:
After that, the contents of the id_rsa.pub file are placed in the ~/.ssh/authorized_keys file with the following command:
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
For security, set the necessary rights:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Now, in order to authorize using the created key, you need to enable key authentication in the /etc/ssh/sshd_config file.
To do this, we will edit it.
We find the line PubkeyAuthentication , uncomment it if it is commented out, and bring it to the form:
We save the changes.
Then we restart the service:
service sshd reload
Now we output the key to the console to copy it to our PC.
Copying from the beginning:
-----BEGIN OPENSSH PRIVATE KEY-----
-----END OPENSSH PRIVATE KEY-----
Add to PuttyGen. This program was installed with Putty.
After that, save the public and private keys.
We can now use the private key to connect via SSH.
To connect it for use in authorization, select it as shown in the figure.
After that, we return to the Session category, in the Host Name (or IP address) field, enter the IP of your server. In the Port field, enter 22. In the Saved Sessions field, enter any name, and click Save.
Now to connect by key, select your server from the Saved Sessions list, and click Load and Open.
Now you can connect in this way without entering a password, and at the same time protect your connection.
In the next article, we will further secure our server and connection to it by disabling password authorization and changing the standard port 22 to a non-standard one.