ssh-keygen -t rsa generates a public and a private key; I did run it on the server. The pub;lic key needs to be added to the authorized_keys file and the private key can be carried around to other machines.
Code:
wim@webserver233:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/wim/.ssh/id_rsa):
Created directory '/home/wim/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/wim/.ssh/id_rsa.
Your public key has been saved in /home/wim/.ssh/id_rsa.pub.
The key fingerprint is:
9d:b7:00:ec:2d:be:70:ab:17:dd:86:8d:5f:32:64:95 wim@webserver233
wim@webserver233:~$ cd .ssh
wim@webserver233:~/.ssh$ cp id_rsa.pub authorized_keys
wim@webserver233:~$
Copy the id_rsa file (private key) to your windows machine and use puttygen to convert it.
You need to configure the sshd deamon to use key authetication
Code:
# To disable tunneled clear text passwords, change to no here!
# WimS
# enable passwordless login
PasswordAuthentication no
#PasswordAuthentication yes
#PermitEmptyPasswords no
Further you also don't want direct root access as that is what one will try to attack as it's the only know user and it's the user with all powers. root access can be achieved by login as a normal user and next use
su - .
Code:
# WimS
# do not allow root login
PermitRootLogin no
#PermitRootLogin yes
You can further limit the users that can login remotely
Code:
# WimS
AllowUsers wim brian
Next restart the sshd daemon or stop/start it. There is a subtle difference: in the first case existing connections are not affected and in the second case any existing connections are killed.