Configuration Guide
Configure SSH Key Authentication Linux Server
Subject(s): This document guideline for System Administrator to configure SSH Key Authentication when new installation Linux Server to secure OS system.
Grade/Level: Basic Administration
Tools: Putty, Puttygen
Time Allotment: 10 mins
Learning Context
SSH Key Authentication in Linux system replace password authentication make system more secure. Who has private key can access to server only. No need remember password. It is same method with public cloud providers (AWS, GCE, …) are using to secure your Linux servers.
Procedure
- Install Linux OS
- Connect SSH to Linux OS (default port 22 is opened without stop firewall, iptables).
Using Putty/SSH client to connect to server with root account and password.
- Configure SSH Key from Client.
From client (Desktop, Laptop), Open puttygen to generate private-public SSH key.
- Click to Generate button
- Move mouse on blank region to generate public key.
- Click to Save private key, save file as *.ppk
- Select all public key, right click -> copy
Copy public SSH Key to Server
- In SSH session from root account, create new user: #useradd -m <username>
- Switch to user created, create directory .ssh: mkdir -p /home/<username>.ssh
- Create file: authorized_keys. Paste content public key to this file.
- Save file
- Change permission to file authorized_keys to 600: chmod 600 authorized_keys
- Change permission to directory .ssh: chmod 744 /home/<username>/.ssh
Update SSH configure in Server
- From root account, edit file: /etc/ssh/sshd_config
- Uncomment line: PubkeyAuthentication yes
- Comment line: #PermitRootLogin yes
- Change line: PasswordAuthentication yes to PasswordAuthentication no
- Save file
Restart ssh service:
- Linux 4,5,6: service sshd restart
- Linux 7: systemctl restart sshd
Using putty connect to server with your key
- Using putty, create new session to connect to server with username and private key file.