How to Log in to a Linux Box Using SSH Keys

 This guide explains how to configure SSH key-based authentication for logging into a Linux server. SSH keys provide a secure and password-less way to access remote servers.

Step 1: Generate an SSH Key Pair

On your local machine, generate an SSH key pair using the ssh-keygen command.

[vallabh@lamp01 ~]$ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vallabh/.ssh/id_rsa):
Created directory '/home/vallabh/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/vallabh/.ssh/id_rsa.
Your public key has been saved in /home/vallabh/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:imXbSfApNhz53NGu8DV59xyEffv+9AHAjMRE5KHYnZg vallabh@lamp01.darole.org
The key's randomart image is:
+---[RSA 4096]----+
|        =*       |
|      o.B.*.  o  |
|     .+E =.+.. o.|
|     . * o o... o|
|      B S . =..o.|
|     = B + o o.o+|
|    . o o o    .=|
|               oo|
|                =|
+----[SHA256]-----+
[vallabh@lamp01 ~]$

-t rsa: Specifies the type of key to generate (RSA).
-b 4096: Specifies the key size (4096 bits for stronger encryption).
Private Key: Saved as id_rsa (keep this secure).
Public Key: Saved as id_rsa.pub (this will be shared with the server).

Step 2: Copy the Public Key to the Linux Server

Instead of manually copying the public key, you can use the ssh-copy-id command to automate the process. This command appends your public key to the ~/.ssh/authorized_keys file on the server.

Use the ssh-copy-id command:

[vallabh@lamp01 ~]$ ssh-copy-id web01

Replace username with your Linux server username.
Replace web01 with the hostname or IP address of the server.

[vallabh@lamp01 ~]$ ssh web01

Step 3: Log in Using SSH Keys

Now that the public key is configured on the server, you can log in without a password.

From Your Local Machine:

[root@lamp01 vallabh]# ssh -i /home/vallabh/.ssh/id_rsa vallabh@web01

If Successful: You will log in without being prompted for a password.

Step 4: Convert SSH Key to PPK Format (For PuTTY Users)

If you use PuTTY on Windows, you need to convert the private key (id_rsa) to PPK format.

ensure that you authorized_keys is created as below. 

[vallabh@lamp01 .ssh]$ ls
id_rsa  id_rsa.pub
[vallabh@lamp01 .ssh]$ cp id_rsa.pub authorized_keys

Copy id_rsa from server to windows 

Open PuTTYgen:

Click Load and select your id_rsa private key.
Ensure the file type is set to All Files (*.*) to locate your key.
After loading the key, click Save private key. (key.ppk)


Optionally, set a passphrase for added security.

Step 4: Configure PuTTY for SSH Key Authentication

Open PuTTY and enter the server's IP address or hostname in the Host Name field.


Navigate to Connection > SSH > Auth > Credentials  in the left-hand menu.
Under Private key file for authentication, click Browse and select your PPK file.



Save the session configuration for future use:
Go back to the Session menu.
Enter a name in the Saved Sessions field and click Save.

Step 5: Connect to the Linux Server Using PuTTY

Log in using ssh or PuTTY.

Ensure the login does not prompt for a password.


If you encounter issues, check the following:
The authorized_keys file on the server contains your public key.
Permissions for .ssh and authorized_keys are correct.
The SSH service on the server is configured to allow key-based authentication.
Security Recommendations
Use a passphrase for your private key for added security.
Keep your private key (id_rsa) secure and never share it.
Disable password-based SSH login on the server for enhanced security:

# vi /etc/ssh/sshd_config

Set:

PasswordAuthentication no

Restart the SSH service:

# systemctl restart sshd

This completes the setup for logging in to a Linux box using SSH keys.

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)