To create a key to use for authentication use the command

[john@workstation]$ ssh-keygen -t rsa -b 1024

-t rsa sets the algorythm type which can be either rsa or dsa
-b 1024 sets the keylength in bits

You'll need to enter the passphrase when asked for it.

Generating public/private rsa key pair.
Enter file in which to save the key (/home/john/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): thisismypassphrase
Enter same passphrase again: thisismypassphrase
Your identification has been saved in /home/john/.ssh/id_rsa.
Your public key has been saved in /home/john/.ssh/id_rsa.pub.
The key fingerprint is:
0a:fa:2b:92:16:7a:e9:4f:97:d4:d9:4d:2b:c5:2a:09 john@workstation

Afterwards copy the key to the server with the scp command, and enter password when required

[john@workstation]$ scp /home/john/.ssh/id_rsa.pub john@192.168.100.3:/home/john/.ssh/public_key
john@192.168.100.3's password:
id_rsa.pub                  100%  222     0.2KB/s   00:00

If you get an error "No such file or directory" when copying the file to the server, it may be because the folder ~/.ssh doesn't exist. To create the folder run the following command and then repeat the above command.

[john@workstation]$ ssh john@192.168.100.3 "mkdir .ssh"

Append the key to the authentication file with

[john@workstation]$ ssh john@192.168.100.3 "cat /home/john/.ssh/public_key >> /home/john/.ssh/authorized_keys"

Try to connect to the server now.

[john@workstation]$ ssh 192.168.100.3
Enter passphrase for key '/home/john/.ssh/id_rsa': 

Enter the passphrase when you're asked for it.

After you have succesfully logged in using your public key, you can block password authentication. To do this edit the file /etc/ssh/sshd_config and change the line containing

PasswordAuthentication yes

to

PasswordAuthentication no

To heighten the security also make sure the following is set accordingly

# Make sure the permissions on the authorized_keys file are secure (600)
StrictModes yes

# Max authentication tries before the actions are logged. Can be used to determine a brute force attack
MaxAuthTries 5

and restart the ssh server afterwards with

[root@server]$ /etc/rc.d/sshd restart

Resources

Book

Pro OpenSSH by Michael Stahnke
ISBN: 1-59059-476-2

Web

Arch Wiki - Using SSH Keys

Notes

It looks like a windows machine can not connect if you have StrictModes yes set. At least in my setup I had to set it to no to make a succesul connection.



Categories

Arch-Linux