Setting Up SSH Key Based Authentication

To set up SSH key based authentication from Linux Server B to Server A, follow these steps:

To set up SSH key based authentication from Linux Server B to Server A

Step 1: Generate SSH Key Pair on Server B

1. 1.Generate the SSH key pair on Server B (the client):

ssh-keygen -t rsa -b 4096 -C “your_email@example.com”

1. Files Involved:
2. o ~/.ssh/id_rsa (Private Key)
   o ~/.ssh/id_rsa.pub (Public Key)
3. • The private key should remain on Server B, and the public key will be copied to Server A.

2.When prompted, press Enter to save the keys in the default location (~/.ssh/),
and optionally, set a passphrase.

Step 2: Copy the Public Key to Server A

1. 1.Copy the public key from Server B to Server A using the ssh-copy-id command:

   ssh-copy-id user@server_A_IP

ssh-copy-id user@server_A

1. IP Files Involved:
   On Server A: ~/.ssh/authorized_keys
   This command appends the public key from Server B to the authorized keys file on Server A.

2.Verify permissions on Server A:
Ensure that the ~/.ssh directory and authorized_keys file have the correct permissions on Server A:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Step 3: Test SSH Key-Based Authentication

1. 1.Log in from Server B to Server A:

   ssh user@server_A_IP

ssh user@ServerA

• You should now be able to log in without being prompted for a password, as the authentication will use the SSH key pair.

Step 4: (Optional) Disable Password Authentication on Server A

1. 1.Edit the SSH configuration file : on Server A to disable password authentication:

   sudo nano /etc/ssh/sshd_config

sudo nano /etc/ssh/sshd_config

1. Files Involved:
   • /etc/ssh/sshd_config
     o Find and set the following parameters:

ChallengeResponseAuthentication no

PasswordAuthentication no

PasswordAuthentication no

o Save and close the file.

2. 2.Restart the SSH service on Server A to apply changes:
   bash
3. sudo systemctl restart sshd

sudo systemctl restart sshd

2. By following these steps, you’ll have successfully set up SSH key-based authentication from Server B to Server A, enhancing security by eliminating the need for password-based logins.

If Server B is running Windows and Server A is running Linux

you can still set up SSH key-based authentication. Here’s how you can do it using tools available on Windows:

Step 1: Generate SSH Key Pair on Windows (Server B)

1. 1.Install Git for Windows (if not already installed):
   • Download and install Git for Windows (https://git-scm.com/download/win).
   This package includes Git Bash, a terminal that supports ssh-keygen.

2.Generate the SSH key pair:
• Open Git Bash on Windows.
• Run the following command to generate an SSH key pair:
ssh-keygen -t rsa -b 4096 -C “your_email@example.com”

ssh-keygen -t rsa -b 4096 -C “your_email@example.com”

• When prompted*, press Enter to save the keys in the default location (/c/Users/YourUsername/.ssh/id_rsa), and optionally, set a passphrase.
Files Involved:
o – C:\Users\YourUsername.ssh\id_rsa (Private Key)
o – C:\Users\YourUsername.ssh\id_rsa.pub (Public Key)

Step 2: Copy the Public Key to Linux Server (Server A)

1. 1.Use ssh-copy-id command via Git Bash:
   Copy the public key from Server B to Server A using the ssh-copy-id command:
   ssh-copy-id user@server_A_IP

ssh-copy-id user@ServerA

1. If ssh-copy-id is not available, you may manually copy the public key.

• 1.Display the public key in Git Bash:
• cat ~/.ssh/id_rsa.pub

2.Copy the key output from the above command.

• 2.Copy the key output from the above command.

3.Log in to Server A using PuTTY or another SSH client and open the .ssh/authorized_keys file on Server A:
nano ~/.ssh/authorized_keys

• 4.Paste the public key into the authorized_keys file on Server A.

5.Save and close the file.

Files Involved:
• On Server A: ~/.ssh/authorized_keys

Step 3: Test SSH Key-Based Authentication

1. 1.Use an SSH client like PuTTY or Git Bash to log in from Server B (Windows) to Server A (Linux):
   • *If using PuTTY, load the private key using Pageant (PuTTY’s SSH authentication agent).
   • *If using Git Bash, simply run:
     ssh user@server_A_IP

• You should be able to log in without entering a password, as the key will be used for authentication.

Step 4: (Optional) Disable Password Authentication on Server A

1. 1.Edit the SSH configuration file on Server A to disable password authentication:
   sudo nano /etc/ssh/sshd_config

• Set the following parameters:
PasswordAuthentication no
ChallengeResponseAuthentication no

1. 2.Restart the SSH service on Server A to apply changes:
   bash
   sudo systemctl restart sshd

Tools You Might Need on Windows

• Git Bash: Provides a Unix-like terminal on Windows.

https://git-scm.com/download/win

• *PuTTY: A free SSH client for Windows, useful for logging into the Linux server.
• *Pageant: An SSH authentication agent for PuTTY, helps load and manage SSH keys.

https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

• By following these steps, you can successfully set up SSH key-based authentication from a Windows machine (Server B) to a Linux server (Server A

To load a private key using Pageant for PuTTY, follow these steps:

Download putty, putty gen, pageant from below link
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Step 1: Install PuTTY and Pageant
• Ensure that you have PuTTY and Pageant installed on your Windows machine. Both are available from the PuTTY download page.

Step 2: Convert Private Key to PuTTY Format (if needed)
• If your private key is in OpenSSH format (e.g., id_rsa), you need to convert it to PuTTY’s .ppk format using PuTTYgen.

1. 1.Open PuTTYgen:
   Launch PuTTYgen from the Start menu.

2.Load your existing private key:
Click on “Load”.
Browse to the location of your private key (id_rsa).
Select the file type as “All Files” to see your key.
Load the key.

3.Save the private key in .ppk format:
Click “Save private key”.
Choose a location to save the .ppk file.

Step 3: Load the Private Key in Pageant

1. 1.Start Pageant:
   Launch Pageant from the Start menu. An icon will appear in the system tray (usually at the bottom-right corner of the screen).

2.Load the private key:
Right-click on the Pageant icon in the system tray.
Select “Add Key”.
Browse to the .ppk file you saved earlier.
Select the file and click “Open”.
If your key is protected with a passphrase, you’ll be prompted to enter it.

1. 3.Confirm the key is loaded:
   You can confirm the key is loaded by right clicking the Pageant icon and selecting “View Keys”. Your key should be listed there.

Step 4: Use PuTTY with the Loaded Key

1. 1.Open PuTTY:
   Launch PuTTY.

2.Configure your session:
In the “Session” section, enter the hostname or IP address of the server you want to connect to.
In the “Connection -> SSH -> Auth” section, ensure “Attempt authentication using Pageant” is checked. This is the default behavior.

1. 3.Save your session:
   Go back to the “Session” section.
   Enter a name under “Saved Sessions” and click “Save” to save the session configuration for future use.

1. 4.connect to the server:
2. Click “Open” to initiate the connection.
   If everything is set up correctly, PuTTY will use the key loaded in Pageant for authentication.

Read More Tutorials; Resize Disk Partition in Ubuntu Without LVM

-Written By Vishwanath

Related