LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Blogs > baig
User Name
Password

Notices

Rate this Entry

Setting up ssh key authentication

Posted 01-10-2009 at 07:13 PM by baig
Updated 01-10-2009 at 07:28 PM by baig

Hello Again,

In this post I am going to show how to change ssh password authentication to rsa key authentication.

The system I have used to perform it successfully was Fedora 9

to

Ubuntu 8.1

First step:

generate key-pair on client

Code:
ssh-keygen -t rsa
once you are done with key-pair generation..(I you don't want to be bothered for passphrase during ssh login.. keep it empty).

ok now here goes the important thing...

Now directly send your client's public key from client computer to your SERVER...

From client computer perform following

ssh-copy-id -i ~/.ssh/id_rsa.pub user@your_server_address

specify port with -p if your server is listening at another port.

if all goes well you will have directions on terminal telling you to check the authorized_keys file to check for any other keys...

Now to make sure you can login with key authentication, logout from your server.. reconnect.... if allgoes well you will be logged on to the server without being asked for password...

Once you successfully login.. check the follow.. and change if necessary

REMEMBER!!!

check /etc/ssh/sshd_config
PermitRootLogin no

#good idea to keep this to no.
### logging in to root remotely is not a good practice .. always login as ordinary user and then use su -l to switch to root account on your server. if you still want keep it to yes

PubkeyAuthentication yes
# Specially check this for yes.

AuthorizedKeysFile .ssh/authorized_keys #specify if any

PasswordAuthentication no #set it to "no" to disable passwd login

ChallengeResponseAuthentication no

UsePAM yes

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE

LC_MONETARY LC_MESSAGES

AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE

LC_MEASUREMENT

AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE


Once you are done with the above check list, restart you sshd to take effect of your changes made to sshd.config

Code:
service sshd restart
or

Code:
 /etc/init.d/sshd restart

Enjoy!!

Cheers!
Posted in Uncategorized
Views 3730 Comments 3
« Prev     Main     Next »
Total Comments 3

Comments

  1. Old Comment
    Update.

    When i tried
    Quote:
    ssh-copy-id
    command to copy pub key to server while it was listening on a non standard port 2323.. it gave some errors.. I configured my server to prot 22 and it worked fine..

    Cheers!!
    Posted 01-12-2009 at 04:27 AM by baig baig is offline
  2. Old Comment
    Doesn't work. =(

    Fedora 10 client to CentOS 5 server ... followed the instructions to the letter. No errors, no problems reported, but still challenged for a password.

    Checked my local id_rsa.pub file against authorized_keys on the server and they are identical. Checked and re-checked the sshd config file, as above. Again, no problems.

    Restarted sshd many times.

    Still it asks me for a password. Anyone got any suggestions?? =(
    Posted 06-05-2009 at 04:24 AM by gharvey gharvey is offline
  3. Old Comment
    Quote:
    Originally Posted by gharvey View Comment
    Doesn't work. =(

    Fedora 10 client to CentOS 5 server ... followed the instructions to the letter. No errors, no problems reported, but still challenged for a password.

    Checked my local id_rsa.pub file against authorized_keys on the server and they are identical. Checked and re-checked the sshd config file, as above. Again, no problems.

    Restarted sshd many times.

    Still it asks me for a password. Anyone got any suggestions?? =(
    Worked in the end. Problem was *local* settings. I didn't use the default file name for the keys, I made my own, and that meant the *local* client didn't know where the private key was.

    If you think you might have the same situation, do this to check:

    Code:
    ssh -i .ssh/your_private_key user@remote_host
    If that works, add your key file to /etc/ssh/ssh_config like this:

    Code:
    IdentityFile /path/to/your/key
    Posted 06-05-2009 at 04:44 AM by gharvey gharvey is offline
 

  



All times are GMT -5. The time now is 05:29 AM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration