SSH Keys and Passwordless Authentication

SSH Keys and Passwordless Authentication

Ensure that you have the public key in OpenSSH format. To generate a public key in OpenSSH format, you can use the ssh-keygen command with the -y and -f flags, followed by the path to your private key:

ssh-keygen -y -f ~/.ssh/id_rsa > "%HOMEDRIVE%%HOMEPATH%\.ssh\id_rsa.pub"

Now, copy that public key to your home directory on a remote server:

scp -P 22001 ~/.ssh/id_rsa.pub upravitelj@savioko.com:~

Then log in to the remote server:

ssh upravitelj@savioko.com -p 22001

# append a key to a authorised_keys file
cp ~/.ssh/authorized_keys ~/.ssh/authorized_keys.backup
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys

# add the same public key to the virtual machine
ssh-copy-id -i ~/id_rsa.pub root@apach-1

# now I can delete a file
rm -f ~/id_rsa.pub

Configure client for easier connection:

set F="%HOMEDRIVE%%HOMEPATH%\.ssh\config"
echo. >> %F%
echo Host savioko >> %F%
echo     HostName savioko.com >> %F%
echo     User upravitelj >> %F%
echo     Port 22001 >> %F%
echo     IdentityFile "~/.ssh/id_rsa" >> %F%
echo     IdentitiesOnly yes >> %F%

This is it. Check that you can log in with keys, and disable password login after that.

ssh savioko

Disable SSH Password Authentication for added security

Edit /etc/ssh/sshd_config and these must be set as follows:

ChallengeResponseAuthentication no
PasswordAuthentication no

And reload SSH server configuration:

service ssh reload

Problem: Public Key File Formats

The two major implementations of OpenSSH and SSH Secure Shell (“SSH2”) use different file formats for SSH-2 protocol keys.

OpenSSH public keys for the SSH-2 protocol begin like this:

ssh-rsa ...

SSH Secure Shell (RFC 4716) public keys for the SSH-2 protocol look like this:

---- BEGIN SSH2 PUBLIC KEY ----
...
---- END SSH2 PUBLIC KEY ----

These keys are installed differently too. For OpenSSH, you insert your public keys into the file ~/.ssh/authorized_keys. For SSH Secure Shell, you copy your public key files into the directory ~/.ssh2 and reference them in the file ~/.ssh2/authorization by name:

You can easily convert SSH2 to OpenSSH public key formats, and vice versa. Command line switches are -i or -e. For example, SSH2 to OpenSSH, in Linux:

ssh-keygen -i -f ~/.ssh/id_rsa_ssh2.pub > ~/.ssh/id_rsa.pub
date 08. Apr 2013 | modified 29. Dec 2023
filename: SSH Public-Key Authentication