download ssh_with_pki_authentication.zip (1639 KB)
The document describes the configuration of Linux SSHD and Public/Private Key authentication with Putty's remote console. The document does not explain the wherabouts but gives a straight ahead route to success.
For demonstration purposes we use the rsa algorithm. You may use the same syntax for dsa.
login as root at your Server.
[root@server ~]# ssh-keygen -t rsa
[root@server ~]# Enter file in which to save the key : yourname_rsa
[root@server ~]# Enter passphrase (empty for no passphrase): ENTER A PASSPHRASE!!
[root@server ~]# Enter same passphrase again: ENTER A PASSPHRASE!!
[root@server ~]# Your identification has been saved in yourname_rsa
[root@server ~]# Your public key has been saved in yourname_rsa.pub.
[root@server ~]# The key fingerprint is:
Please check if the directory /etc/ssh/.ssh exists. If not create it and chmod 700
[root@server ~]# cat yourname_rsa.pub >> /etc/ssh/.ssh/authorized_keys
Unfortunately the sshd uses a file, not a directory, for the public keys, therefore we have to add the key to this standardfile.
Copy yourname_rsa (the private key) to your client. Grab the attached putty and winscp package (You may use this remote directory on an USB-Stick, sessions can be stored on the stick and not in the clients registry)
With the attached puttygen.exe import yourname_rsa and save it as yourname_rsa.ppk
NOW the Key is ready to use with putty and winscp.
Please use this preconfigured sshd_config File for /etc/ssh. Rename the original file to sshd_config.SRC and KEEP IT.
restart your sshd (On RedHat systems with service sshd restart)
Connect with putty and supply your privatekey.
If authentication is possible
login as: root
Authenticating with public key "imported-openssh-key"
Passphrase for key "imported-openssh-key":
When logged in, change the settings of the /etc/sshd_config to:
# UsePAM yes
Restart the sshd with service sshd restart
Congratulations - you are done.
[ top ]