Setting up ssh key authentication
Hello Again,
In this post I am going to show how to change ssh password authentication to rsa key authentication.
The system I have used to perform it successfully was Fedora 9
to
Ubuntu 8.1
First step:
generate key-pair on client
once you are done with key-pair generation..(I you don't want to be bothered for passphrase during ssh login.. keep it empty).
ok now here goes the important thing...
Now directly send your client's public key from client computer to your SERVER...
From client computer perform following
ssh-copy-id -i ~/.ssh/id_rsa.pub user@your_server_address
specify port with -p if your server is listening at another port.
if all goes well you will have directions on terminal telling you to check the authorized_keys file to check for any other keys...
Now to make sure you can login with key authentication, logout from your server.. reconnect.... if allgoes well you will be logged on to the server without being asked for password...
Once you successfully login.. check the follow.. and change if necessary
REMEMBER!!!
check /etc/ssh/sshd_config
PermitRootLogin no
#good idea to keep this to no.
### logging in to root remotely is not a good practice .. always login as ordinary user and then use su -l to switch to root account on your server. if you still want keep it to yes
PubkeyAuthentication yes
# Specially check this for yes.
AuthorizedKeysFile .ssh/authorized_keys #specify if any
PasswordAuthentication no #set it to "no" to disable passwd login
ChallengeResponseAuthentication no
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE
LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE
LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
Once you are done with the above check list, restart you sshd to take effect of your changes made to sshd.config
or
Enjoy!!
Cheers!
In this post I am going to show how to change ssh password authentication to rsa key authentication.
The system I have used to perform it successfully was Fedora 9
to
Ubuntu 8.1
First step:
generate key-pair on client
Code:
ssh-keygen -t rsa
ok now here goes the important thing...
Now directly send your client's public key from client computer to your SERVER...
From client computer perform following
ssh-copy-id -i ~/.ssh/id_rsa.pub user@your_server_address
specify port with -p if your server is listening at another port.
if all goes well you will have directions on terminal telling you to check the authorized_keys file to check for any other keys...
Now to make sure you can login with key authentication, logout from your server.. reconnect.... if allgoes well you will be logged on to the server without being asked for password...
Once you successfully login.. check the follow.. and change if necessary
REMEMBER!!!
check /etc/ssh/sshd_config
PermitRootLogin no
#good idea to keep this to no.
### logging in to root remotely is not a good practice .. always login as ordinary user and then use su -l to switch to root account on your server. if you still want keep it to yes
PubkeyAuthentication yes
# Specially check this for yes.
AuthorizedKeysFile .ssh/authorized_keys #specify if any
PasswordAuthentication no #set it to "no" to disable passwd login
ChallengeResponseAuthentication no
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE
LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE
LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
Once you are done with the above check list, restart you sshd to take effect of your changes made to sshd.config
Code:
service sshd restart
Code:
/etc/init.d/sshd restart
Enjoy!!
Cheers!
Total Comments 3
Comments
-
Update.
When i triedQuote:ssh-copy-id
Cheers!!Posted 01-12-2009 at 04:27 AM by baig -
Doesn't work. =(
Fedora 10 client to CentOS 5 server ... followed the instructions to the letter. No errors, no problems reported, but still challenged for a password.
Checked my local id_rsa.pub file against authorized_keys on the server and they are identical. Checked and re-checked the sshd config file, as above. Again, no problems.
Restarted sshd many times.
Still it asks me for a password. Anyone got any suggestions?? =(Posted 06-05-2009 at 04:24 AM by gharvey -
Quote:Doesn't work. =(
Fedora 10 client to CentOS 5 server ... followed the instructions to the letter. No errors, no problems reported, but still challenged for a password.
Checked my local id_rsa.pub file against authorized_keys on the server and they are identical. Checked and re-checked the sshd config file, as above. Again, no problems.
Restarted sshd many times.
Still it asks me for a password. Anyone got any suggestions?? =(
If you think you might have the same situation, do this to check:
Code:ssh -i .ssh/your_private_key user@remote_host
Code:IdentityFile /path/to/your/key
Posted 06-05-2009 at 04:44 AM by gharvey