SSH authorization without password or by key

On a local machine (OS Linux), generate a key:

# ssh-keygen -t rsa -b 2048 -f /home/user/.ssh/id_rsa -N ''
Generating public/private dsa key pair.
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
95:e8:94:83:74:5c:63:0a:e1:4d:6d:77:30:86:aa:7b [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| +ooo+.+. |
| o *.=++... |
| o Boo. . |
| o.o |
| .S |
| . |
| . |
| . E |
| . |
+-----------------+
-t rsa — тип ключа. Есть rsa и dsa.
-b 2048 длина ключа
-f /home/user/.ssh/id_rsa — каталог где будет сохранен ключ id_rsa и его публичный ключ id_rsa.pub
-N '' - позволяет указать ключевую фразу в строчке, в данном случае парольная фраза пустая

We get two files id_rsa and id_rsa.pub. PUB key is public, and id_dsa is secret. We transfer the id_rsa.pub file to the server, where we will connect to the /home/user/.ssh/ directory of the user under which we will connect via ssh.

Copying the file with the key to our remote server.

ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

Add the key to the local machine

 ssh-add id_rsa

(Without this step, I could not connect to ssh using a certificate)

Server settings

After creating a pair of keys, the private one remains with the user in secret, and the public one must be placed in the user’s home directory, in the file ~ / .ssh / authorized_keys

Change the rights to the directory and to the file:

# chown -R user /home/user/.ssh
# chmod 700 /home/user/.ssh/
# chmod 600 /home/user/.ssh/authorized_keys

Also, make sure that key authorization is allowed on the server, for this there should be lines in the / etc / ssh / sshd_config file:

RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys

If our user is completely without a password, then for this we need to replace the user’s password hash with the * character in the / etc / shadow file. Example (cat / etc / shadow):

user:*:13783:0:99999:7:::

And if we want to disable password authorization on the server altogether, set the parameter in / etc / ssh / sshd_config:

PasswordAuthentication no
PermitEmptyPasswords no

After all this, you can check on the local machine:

# ssh [email protected]

On a local Windows machine
It is necessary to use the puttygen utility to convert the public key into its own format, and specify this converted file in the putty settings

Sidebar