Skip to content

askmeaboutlinux

Knowledge not shared benefits no one.

  • Home
  • About Ask Me About Linux

Set up SSH using certificate authentication

Geetu R. Vaswani Broadband, Computer, Dialup Internet, Encryption, Fedora, Information, Install, Internet, Linux, Network, Security, Server, Services, Shell, Software, Web Server, Windows January 14, 2011November 3, 2019 2 Minutes

You want to connect from the internet to your computer. Internet is an insecure medium to use. There are a few options. You could use a VPN like OpenVPN, or you could use Secured Shell using OpenSSH.

Here is how you can connect to your computer using SSH.

Pre-requisites:

  1. OpenSSH and putty installed on your Linux desktop (in my case, Fedora 14).
  2. SSH service running on your computer.
1.Check for pre-requisitesOpen up a terminal window on your Linux computer. See here for more detail. At the $ prompt, type following (commands to type in italics):

$ rpm -qa | grep “openssh” <enter>
$ rpm -qa | grep “putty” <enter>

If both above commands find the respective packages, you will see them listed. If not, install the packages.

You can install them from the System -> Administration -> Add/Remove Software.

2.Create your SSH key pair for strong authentication.
In a terminal window, enter the commands as shown below.
$ ssh-keygen -t rsa <enter>Just accept the defaults, and enter a strong passphrase (password) for your key. This command generates a key pair in your home directory folder .ssh, for you to provide strong authentication when you connect over the internet into your computer.$ cd ~/.ssh <enter>
$ ls <enter>

You should see 2 files id_rsa and id_rsa.pub in the folder.
Now set the public key as the authorized key in your .ssh folder.
$ cat id_rsa.pub >> authorized_keys <enter>

You are now done with set up your keys for SSH. If you need to set up the key on other computers, you can repeat the step as many times:

  1. add the id_rsa.pub key file content to the authorized_keys list as shown in the cat command above;
  2. and copy the id_rsa key private key file to the computer from where you want to login using SSH-2.
3Set up your SSH server configuration file.
Login as root at the terminal $ prompt
$ su <enter>Enter your root password.
# cd /etc/ssh <enter>
# vi sshd_config <enter>Search for the following lines and change them as shown below:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
:wq

Restart SSH daemon / service to make the changes effective.
# /sbin/service sshd restart

Now you can test your SSH configuration.

4Test your SSH connection
From a terminal window, type:
$ ssh localhost <enter>
Accept the key fingerprint and enter your passphrase for the keys as you did in step 2 above.
If all is well, you are connected.
5Connect to your computer without certificatesIf you want to connect without certificates, you can connect using SSH with:
$ ssh localhost / <IP address>
where <IP address> = your computer’s IP address.

If you use this method, from an untrusted medium such as the internet, you are exposed to a security vulnerability. Therefore, it is recommended to use certificate authentication when connecting to your computer, using SSH.

You can use putty to set up SSH-2 on a Windows computer.

Share this:

  • Twitter
  • Facebook

Like this:

Like Loading...

Related

  • Tagged
  • Linux
  • openSSH
  • putty
  • remote login to server
  • s2putty
  • secure login
  • secure login using putty
  • secured shell
  • SSH
  • SSH Protocol 2
  • SSH-2
  • terminal
  • windows

Published by Geetu R. Vaswani

View all posts by Geetu R. Vaswani

Published January 14, 2011November 3, 2019

Post navigation

Previous Post Host your own web site on your desktop over ADSL broadband
Next Post Convert openSSH private key for use with Putty on Windows or Mobile Phones

@askmeaboutlinux

Tags

adb android android apps android emulator android studio applications Apps apt-get audio boot cross-platform cryptography desktop eclipse email email client encryption error evolution fedora Fedora 15 fedora 16 firefox firmware Gnome Gnome 3 gnucash gnupg GNU Privacy Guard google google drive gpg hardware install installation internet java java GUI java program key pair keyring Linux linuxmint linux mint Linux Shell mobile multimedia network openwrt package Package Manager packages privacy private key program programming public key router security services shell shell prompt software sony xperia zr swing terminal thunderbird ubuntu upgrade virtualbox windows wireless router wordpress XFCE xubuntu
Website Powered by WordPress.com.
  • Follow Following
    • askmeaboutlinux
    • Already have a WordPress.com account? Log in now.
    • askmeaboutlinux
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Copy shortlink
    • Report this content
    • View post in Reader
    • Manage subscriptions
    • Collapse this bar
%d bloggers like this: