Recently I have been working with Raspberry PI and creating my own home server to host some of my demo projects. This post is about setting up SSH authentication with a PEM certificate file without password on ubuntu/linux server. Implement the following steps and improve the security.
Step 1: Login to Ubuntu/Raspberry account
Stay with same user.
ubuntu@ubuntu:/#
Step 2: Generate RSA pem file
Give empty password.
ubuntu@ubuntu:/# ssh-keygen -m PEM
Key has comment 'ubutu@ubuntu'
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.
root@ubuntu:/#
Step 3: Copy Public Key to Authorize_Keys
You have to include public key to system autorize_keys.
ubuntu@ubuntu:/#cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
Step 4: Open RSA private key Copy this PEM file and store it in your local system.
$cat ~/.ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
Mxyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyK
Mxyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyK
Mxyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyK
NmyVmUKFzZuuq9Dm1I/AVE7hRfIa2Ks5CPumpKDG6wcmRMhbe7jZZKMqAudVKecq
VeM1ub6G5j75jm18lkODDK9ISxGdyiOJoTkx1QDq1syOlWFIFHhrzlL4SI+ipo76
....
....
....
-----END RSA PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
Mxyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyK
Mxyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyK
Mxyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyK
NmyVmUKFzZuuq9Dm1I/AVE7hRfIa2Ks5CPumpKDG6wcmRMhbe7jZZKMqAudVKecq
VeM1ub6G5j75jm18lkODDK9ISxGdyiOJoTkx1QDq1syOlWFIFHhrzlL4SI+ipo76
....
....
....
-----END RSA PRIVATE KEY-----
Step 5: Restart SSH service
sudo service ssh restart
Step 6: Create a key.pem file Use system editor and copy Step: 3 certificate and paste here. Use ESC Key + wq! command to save the file.
$vi mykey.pem
Step 7: Give owner has full read and write access to the file
Use the following command for linux or macOS. Windows connect using Putty and create ppk file.
$sudo chmod 600 mykey.pem
Step 8: Connect your Ubuntu/Linux server
User:~/Keys$ ssh ubuntu@IP_ADDRESS
ubuntu@IP_ADDRESS's password:*****
Linux ubuntu 21+ #1399 SMP Thu Jan 28 12:09:48 GMT 2021 armv7l
ubuntu@ubuntu:~ $ exit
logout
Connection to IP_ADDRESS closed.
ubuntu@IP_ADDRESS's password:*****
Linux ubuntu 21+ #1399 SMP Thu Jan 28 12:09:48 GMT 2021 armv7l
ubuntu@ubuntu:~ $ exit
logout
Connection to IP_ADDRESS closed.
Step 9: Disable Password Authentication
$sudo vi /etc/ssh/sshd_config
or
// Ubuntu
$sudo vi /etc/ssh/sshd_config.d/50-cloud-init.conf
Update PasswordAuthentication from “yes” to “no” as below:
PasswordAuthentication no
Step 10: Restart Linux Server
$sudo reboot
Step 11: Now you will get permission denied
User:~/Keys$ ssh ubuntu@IP_ADDRESS
ubuntu@IP_ADDRESS: Permission denied (publickey).
ubuntu@IP_ADDRESS: Permission denied (publickey).
Step 12: Now you can authenticate with PEM file
User:~/Keys$ ssh -i mykey.pem ubuntu@IP_ADDRESS
Linux ubuntu 21+ #1399 SMP Thu Jan 28 12:09:48 GMT 2021 armv7l
Build info: Fri Nov 20 09:43:06 UTC 2020 @
Last login: Tue Mar 9 00:23:49 2021 from 192.168.1.73
ubuntu@ubuntu:~ $
Linux ubuntu 21+ #1399 SMP Thu Jan 28 12:09:48 GMT 2021 armv7l
Build info: Fri Nov 20 09:43:06 UTC 2020 @
Last login: Tue Mar 9 00:23:49 2021 from 192.168.1.73
ubuntu@ubuntu:~ $
Nice post bro..
ReplyDeleteGood One
ReplyDeleteMy friend, you don't need restart server, only restart sshd service is enough. Greetings
ReplyDeletebest
ReplyDelete