To create a key to use for authentication use the command
-t rsa sets the algorythm type which can be either rsa or dsa
-b 1024 sets the keylength in bits
You'll need to enter the passphrase when asked for it.
Generating public/private rsa key pair. Enter file in which to save the key (/home/john/.ssh/id_rsa): Enter passphrase (empty for no passphrase): thisismypassphrase Enter same passphrase again: thisismypassphrase Your identification has been saved in /home/john/.ssh/id_rsa. Your public key has been saved in /home/john/.ssh/id_rsa.pub. The key fingerprint is: 0a:fa:2b:92:16:7a:e9:4f:97:d4:d9:4d:2b:c5:2a:09 john@workstation
Afterwards copy the key to the server with the scp command, and enter password when required
firstname.lastname@example.org's password: id_rsa.pub 100% 222 0.2KB/s 00:00
If you get an error "No such file or directory" when copying the file to the server, it may be because the folder ~/.ssh doesn't exist. To create the folder run the following command and then repeat the above command.
Append the key to the authentication file with
Try to connect to the server now.
Enter passphrase for key '/home/john/.ssh/id_rsa':
Enter the passphrase when you're asked for it.
After you have succesfully logged in using your public key, you can block password authentication. To do this edit the file /etc/ssh/sshd_config and change the line containing
To heighten the security also make sure the following is set accordingly
# Make sure the permissions on the authorized_keys file are secure (600) StrictModes yes # Max authentication tries before the actions are logged. Can be used to determine a brute force attack MaxAuthTries 5
and restart the ssh server afterwards with
Pro OpenSSH by Michael Stahnke
Arch Wiki - Using SSH Keys
It looks like a windows machine can not connect if you have StrictModes yes set. At least in my setup I had to set it to no to make a succesul connection.
CategoriesArch-Linux Security Network