OpenSSH : SSH Key-Pair Authentication

OpenSSH : SSH Key-Pair Authentication

Nakonfigurujte server SSH na prihlásenie pomocou autentifikácie Key-Pair.
Vytvorte súkromný kľúč pre klienta a verejný kľúč pre server.


[1]    Vytvorte Key-Pair od každého používateľa, takže sa prihláste so spoločným používateľom na serveri SSH Server Host a pracujte nasledovne.

 

# create key-pair
debian@dlp:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/debian/.ssh/id_rsa):   # Enter or input changes if you want
Created directory '/home/debian/.ssh'.
Enter passphrase (empty for no passphrase):   # set passphrase (if set no passphrase, Enter with empty)
Enter same passphrase again:
Your identification has been saved in /home/debian/.ssh/id_rsa
Your public key has been saved in /home/debian/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:0906O21b6CZoQseEYDbM3QYKa2kkqfmRYTnIOFZmBTI debian@dlp.srv.world
The key's randomart image is:
.....
.....

debian@dlp:~$ ll ~/.ssh
total 8
-rw------- 1 debian debian 2655 Jun 14 03:28 id_rsa
-rw-r--r-- 1 debian debian  574 Jun 14 03:28 id_rsa.pub

debian@dlp:~$ mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys

 

[2]    Preneste súkromný kľúč vytvorený na serveri klientovi a potom je možné sa prihlásiť pomocou autentifikácie Key-Pair.

 

debian@node01:~$ mkdir ~/.ssh
debian@node01:~$ chmod 700 ~/.ssh
# transfer the private key to the local ssh directory
debian@node01:~$ scp pihi@192.168.2.240:/home/pihi/.ssh/id_rsa ~/.ssh/
debian@10.0.0.30's password:
id_rsa                                        100% 2655     2.6MB/s   00:00

debian@node01:~$ ssh debian@10.0.0.30
Enter passphrase for key '/home/debian/.ssh/id_rsa':   # passphrase if you set
Linux dlp.srv.world 6.1.0-9-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.27-1 (2023-05-08) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
debian@dlp:~$     # logined

 

[3]    Ak nastavíte [PasswordAuthentication no], je to bezpečnejšie.

 


root@dlp:~# vi /etc/ssh/sshd_config
# line 57 : change to [no]
PasswordAuthentication no
# line 62 : confirm the value is [no]
KbdInteractiveAuthentication no
root@dlp:~# systemctl restart ssh

Marek Mihók

Vyhľadávanie

Kategórie

Posledné príspevky

OpenSSH : SSH Key-Pair Authentication

OpenSSH : SSH Key-Pair Authentication

Disable suspend and hibernation

Disable suspend and hibernation

Hibernacia

Hibernacia

pmbootstrap

pmbootstrap

Phosh nastavenie pozadia

Phosh nastavenie pozadia

Tagy