Setup SSH authentication with PEM RSA file without password on ubuntu/linux server
Wall Script
MailxEngine
Monday, April 26, 2021

Setup SSH authentication with PEM RSA file without password on ubuntu/linux server

Recently I have been working with Raspberry PI and creating my own home server to host some of my demo projects. This post is about setting up SSH authentication with a PEM certificate file without password on ubuntu/linux server. Implement the following steps and improve the security.

Setup SSH login with pem RSA file without password on ubuntu/linux server


Step 1: Login to Ubuntu/Raspberry account Login as a root user
ubuntu@ubuntu:/# sudo su

Step 2: Generate RSA pem file Give empty password.
root@ubuntu:/# ssh-keygen -p -m PEM -f ~/.ssh/id_rsa
Key has comment '[email protected]'
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.

root@ubuntu:/#

Step 3: Open RSA private key Copy this PEM file and store it in your local system.
$cat ~/.ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
Mxyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyK
Mxyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyK
Mxyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyz9xyK
NmyVmUKFzZuuq9Dm1I/AVE7hRfIa2Ks5CPumpKDG6wcmRMhbe7jZZKMqAudVKecq
VeM1ub6G5j75jm18lkODDK9ISxGdyiOJoTkx1QDq1syOlWFIFHhrzlL4SI+ipo76
....
....
....
-----END RSA PRIVATE KEY-----


Step 4: Restart SSH service
sudo service ssh restart

Step 5: Create a key.pem file Use system editor and copy Step: 3 certificate and paste here. Use ESC Key + wq! command to save the file.
$vi mykey.pem

Step 6: Give owner has full read and write access to the file
Use the following command for linux or macOS. Windows connect using Putty and create ppk file.
$sudo chmod 600 mykey.pem

Step 7: Connect your Ubuntu/Linux server
User:~/Keys$ ssh ubuntu@IP_ADDRESS
[email protected]_ADDRESS's password:*****
Linux ubuntu 21+ #1399 SMP Thu Jan 28 12:09:48 GMT 2021 armv7l

[email protected]:~ $ exit
logout
Connection to IP_ADDRESS closed.

Step 8: Disable Password Authentication
$sudo vi /etc/ssh/sshd_config

Update PasswordAuthentication from “yes” to “no” as below:
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

Step 9: Restart Linux Server
$sudo reboot

Step 10: Now you will get permission denied
User:~/Keys$ ssh ubuntu@IP_ADDRESS
[email protected]_ADDRESS: Permission denied (publickey).

Step 11: Now you can authenticate with PEM file
User:~/Keys$ ssh -i mykey.pem ubuntu@IP_ADDRESS
Linux ubuntu 21+ #1399 SMP Thu Jan 28 12:09:48 GMT 2021 armv7l
Build info: Fri Nov 20 09:43:06 UTC 2020 @
Last login: Tue Mar 9 00:23:49 2021 from 192.168.1.73
[email protected]:~ $ 
web notification

2 comments:

Make in India