ssh Using a public key to login to your Linux servers

[brent]

Do you want to access your fleet of Linux servers without a password?  

First and foremost using password authentication via SSH is a bad practice even more so if your Linux server is internet-facing.

Using a public key to access your Linux servers is best practice and prevents brute force attacks.

Permissions:

from your Linux workstation, if you are getting a permission error trying to ssh to a server check the following permissions.

~/.ssh needs to be owned by the user account.

Make sure authorized_keys has the correct permissions.

ls -l .ssh/authorized_keys

make sure it has a permission of 600.

sudo chmod 600 ~/.ssh/authorized_keys

make sure the ~/.ssh directory is owned by the user.

sudo chown brent:brent ~/.ssh

~/.ssh/id_rsa needs to have a permission of 600.

sudo chmod 600 ~/.ssh/id_rsa

The id_rsa.pub public key needs to have a permission of 644.

sudo chmod 644 ~/.ssh/id_rsa.pub

Prerequisites:

Windows workstation

putty for Windows (Download putty for Windows. You can find the latest Windows installer here.

Linux workstation

Linux server

 

Generating SSH keys in Windows

Create a folder on your local computer called SSH keys. This folder can be anywhere desktop, documents, etc..

Open PuTTygen from your start menu. 

 

 

Change the number of bits in the generated key to 4096 and click Generated.

 

Move the mouse in the open area until complete.

 

Copy the public key to Notepad and save it in the SSH keys folder.

 

Now save the private key to the SSH key folder.

 

You can close PuTTYgen once the files have been saved.

Now you should have two files in the folder ssh keys.

 

Copying the Public key to the Linux server.

Open Putty and login to your Linux server.

 

We need to check to see if a ssh folder already exists

cd ~/.ssh

 

if you don't have one

sudo mkdir ~/.ssh

 

Create a file called authorized_keys

sudo mkdir ~/.ssh/authorized_keys

 

Open your public key in Notepad and copy the key.

 

Using your favorite text editor paste the key into the authorized_keys file and save. 

If you already have an authorized_keys file, add the key on another line.

sudo nano ~/.ssh/authorized_keys

Log out of your server.

 

 

Open PuTTy up to make a couple of changes.

make sure to add user@ in front of your hostname or IP.

 

On the left side navigate to SSH > Auth > Credentials and click Browse to point to the Private key.

 

Once the Key has been added Click on Session and save the session. You will need to repeat this for every server.

 

Create SSH keys on a Linux workstation.

 

Let's make sure we don't have an SSH key pair.

ls -l ~/.ssh

If the directory exists you may want to back it up as the following command will overwrite the folder.

 

ssh-keygen -b 4096

Save the path in the default location.

Enter Passphrase. This isn't required but is suggested as another layer of protection. If you choose to use a passphrase know that you will have to use the passphrase every time you log in.

 

Let's verify that the keys have been created.

ls -l ~/.ssh

You should see two files id_rsa, the private key, and id_rsa.pub, the public key.

 

Now let's copy the public key over to the server.

ssh-copy-id [email protected]

Type the server user password.

Like below once you log in you should see the Number of key(s) added:1 

 

Let's verify the public key is working.

ssh [email protected]

 

If the key is working you won't be prompted for a password.