How to SSH into Linux System with Private Key

Introduction

By default, Linux allow users to SSH into the system using only password without providing any private key. This is actually an insecure method of authentication as any users can SSH into the system as long as they have the username and password. Therefore we add an additional layer of security for the SSH authentication using owner’s private key.

First we need to generate an SSH-Key. The key format required for Windows and Linux are different, .ppk format are required by Windows while Linux can accept any kind of format as long as the key are in OpenSSH format.

For Windows User

First we have to generate a key pair that contain a public key and a private key using PuttyGen (Download PuttyGen here). After downloading the program, launch it. Follow the following steps to generate a key pair:

  1. For type of key to generate, choose RSA from the list.
  2. Click on Generate button under Actions to start the generation.
  3. Move your mouse pointer around in the blank area of the Key section, below the progress bar (to generate some randomness) until the progress bar is full;
  4. A private/ public key pair has now been generated;
  5. In the Key comment field, enter any comment you’d like, to help you identify this key pair, later (e.g. your e-mail address; home; office; etc.) — the key comment is particularly useful in the event you end up creating more than one key pair;
  6. Optional: Type a passphrase in the Key passphrase field & re-type the same passphrase in the Confirm passphrase field (if you would like to use your keys for automated processes, however, you should not create a passphrase);
  7. Click the Save public key button & choose whatever filename you’d like (some users create a folder in their computer named my_keys);
  8. Click the Save private key button & choose whatever filename you’d like (you can save it in the same location as the public key, but it should be a location that only you can access and that you will NOT lose! If you lose your keys and have disabled username/password logins, you will no longer be able log in!);
  9. Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and choose Select All;
  10. Right-click again in the same text field and choose Copy.
  11. SSH into target machine to upload the public key.
  12. Go to ~/.ssh/authorized_keys and copy over the content.
  13. Now you should be able to SSH into the target server by providing .ppk format private key.

NOTE: PuTTY and OpenSSH use different formats for public SSH keys. If the SSH Key you copied starts with “—- BEGIN SSH2 PUBLIC KEY …”, it is in the wrong format. Be sure to follow the instructions carefully. Your key should start with “ssh-rsa AAAA ….”

For Linux User

Linux user require no special program to generate SSH key pair. Follow the following steps below to generate a key pair:

  1. Type the following command into the terminal.
    ssh-keygen -t rsa -b 2048 -v
  2. You should see the following message after you enter the above command:
    Generating public/private rsa key pair.
    Enter file in which to save the key (~/.ssh/id_rsa): easierit
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in easierit.
    Your public key has been saved in easierit.pub.
    The key fingerprint is:
    bb:c6:9c:ee:6b:c0:67:58:b2:bb:4b:44:72:d3:cc:a5 localhost@localhost
    The key's randomart image is:
  3. You should now have two key files under ~/.ssh.
    id_rsa
    id_rsa.pub
  4. Next, we need to upload the public key to the server we will be SSH into using the following command.
    ssh-copy-id -i ~/.ssh/id_rsa.pub root@12.34.56.78
  5. Now try logging into the machine, with ssh root@12.34.56.78, and check in: ~/.ssh/authorized_keys to make sure we haven’t added extra keys that you weren’t expecting, you may still want to use a password. Your authorized_keys file should look something like this.
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAX ...
  6. Now you can try to login with your private key from original Linux terminal using the following the command.
    sudo ssh -i ~/easierit.pem root@12.34.56.78
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s