with OpenSSH - How to create and configure a public key in Linux
OpenSSH encryption - How to create and configure a public key in Linux
Setting up a public key
First of all, regardless if our Linux is a Debian, Red Hat, SuSe, etc, we must ensure that OpenSSH is the SSH application installed on the client system. The key generation varies under different implementation of SSH. Ssh-V command should display a line containing OpenSSH, followed by other details
mail: ~ # ssh-V OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8c 05 Sep 2006 Key generation
The RSA key pair must be generated on the client system. The public part of this key will be stored on servers to which we connect, while the private part of the key must be stored in a secure area of the client system, by default in ~ / .ssh / id_rsa.
The key pair generation can be done with the ssh-keygen (1).
fher98 @ deathbian: ~ $ mkdir ~ /. ssh fher98 @ deathbian: ~ $ chmod 700 ~ /. ssh fher98 @ deathbian: ~ $ ssh-keygen-q-f ~ / .ssh / id_rsa-t rsa Enter passphrase (empty for no passphrase): Enter passphrase Same again:
Do not use as your user password passphrase or leave it blank. The password should be at least 16 characters long, and not a simple prayer. A good option is a paragraph of a song or poem, using all possible grammatical symbols. During the configuration of ssh-agent will reduce the revenue required a password, so I recommend using a long passphrase.
File permissions should ensure that other users can not read data from the key pair. You may not permit the use OpenSSH public-key authentication if the file permissions are not sure. These changes must be made in all the systems involved.
fher98 @ deathbian: ~ $ chmod go-w ~ / fher98 @ deathbian: ~ $ chmod 700 ~ /. ssh fher98 @ deathbian: ~ $ chmod go-rwx ~ /. ssh / *
Key distribution
The public part of RSA key pair must be copied to all servers that will be accessed by the client. The public key information to be copied can be found in the file ~ / .ssh / id_rsa.pub client. Assuming that all servers use OpenSSH instead of another different implementation of SSH public key must be added to the file ~ / .ssh / authorized_keys in each server.
Copy the public key from client to server
fher98 @ deathbian: ~ $ scp ~ / .ssh / id_rsa.pub servidor.guatewireless.org: id_rsa.pub 100% 395 0.4KB / s 00:00
Now the public key is configured on the server
server $ mkdir ~ /. ssh server $ chmod 700 ~ /. ssh server $ cat ~ / id_rsa.pub>> ~ / .ssh / authorized_keys server $ chmod 600 ~ / .ssh / authorized_keys server $ rm ~ / id_rsa.pub
Remember that you need to add new data from public keys in the authorized_keys file, so you can use multiple public keys on the same server. Each record in public key must be in a different line of the file.
To verify that connections to the server public keys are working properly engage in the following test;
From the client
fher98 @ deathbian: ~ $ ssh-o = publickey servidor.guatewireless.org PreferredAuthentications Enter passphrase for key '/ ï ¿½ / .ssh / id_rsa': ï ¿½ ï ¿½ $ server
In a future article I'll show you how to configure ssh-agent process.
Popularity: 5% [ ? ]
Filed under: Articles , Debian , Howto , Internetworking , Linux , Protocols , Security , Ubuntu
3 Responses to "OpenSSH encryption - How to create and configure a public key in Linux"
Leave a Reply
Search Terms
Translator
From Our Forums
- fher98 in The Onion Router - What is the network and its connections anonymous Onion
- As fher98 in your Sitemap to your site to search engines
- fher98 on how I can add the google button in wordpress plus 1
- Killer fher98 Apache - Apache Denial of Service
- fher98 on how I can add the google button in wordpress plus 1
Super well didactic.
Thank you for your article, I found it pretty good and I have implemented the service with one of my machines ... it has worked perfectly. As you could make an automatic loggin using the same concept ... taking into account that if you copy your key, there will be a serious security problem which is solved by generating another key and authorized_keys erasing earlier.
The article by ssh-agent, you do not have yet?
Greetings and thank you once again.
Ricardo:
I like that you have served the article. It's a big problem if you steal the key, so you have to keep it well protected on your system to someone else not using it.
Even so I have no ssh-agent, but since you are interested in what you get for this week, we?
greetings! and thanks for reading