Public and Private Key Setup for SSH

From TomSchaefer.org Wiki

Jump to: navigation, search

Use your own Public and Private Keys on your SSH server


Everyone knows that using SSH is pretty secure. Its easy to set up the server to allow user and password logins. But this leaves you open for a very hard to do attack, the man in the middle attack. Using your own public and private keys will eliminate this problem.


Before we begin we need to know what version of SSH you are using. hopefully you are using SSH-2 protocol. If you are using version 1 then you can only create a RSA key. Version 2 can have either a RSA or DSA key. I do not suggest using a DSA key.


"The PuTTY developers strongly recommend you use RSA. DSA has an intrinsic weakness which makes it very easy to create a signature which contains enough information to give away the private key! This would allow an attacker to pretend to be you for any number of future sessions. PuTTY's implementation has taken very careful precautions to avoid this weakness, but we cannot be 100% certain we have managed it, and if you have the choice we strongly recommend using RSA keys instead." - www.tartarus.org


Now download putty key gen. We are not going to cover any extra settings in this walkthrough. for more information go to http://www.tartarus.org/~simon/putty-snapshots/htmldoc/Chapter8.html

Download: http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe

once you run the Puttygen.exe you will see something like this...
File:Public1.jpg

At the bottom is where you select which type of key you want to generate. Now press Generate. Move you mouse around! once you are done generating you should see something like this.... File:Public2.jpg

This is where you will copy the selected text in the area called "Public key for pasting into OpenSSH authorized_keys file" We are going to do just that.

SSH into your existing SSH server or log into it some how. We need to find out where are authoized_keys file is. You should look in your SSH config file to find the location. Look in /etc/ssh/sshd_config for the location. For me, it is located in my home directory under the .ssh directory.


So once you find your authorized_keys file, edit the file.

For Ubuntu 

 cd $HOME

 cd .ssh

 sudo nano authorized_keys


Paste the line in the authorized_keys file and save it. It should be just one line. If it is not one line, then it will not work.

If the file does not exists 

 cd $HOME

 mkdir .ssh

 cd .ssh

 sudo nano authorized_keys


Now that the public key is saved to the authorized_keys file we are able to SSH into our server without user and pass authentication. Don't forget to save your Private key
File:Public3.jpg

Just enter a key pass phrase that you will remember. This will encrypt the private key. You will be prompted for this password when you SSH in your server. Now all that is left is for you to disable password logins.

You can do this by editing your SSH config file located in /etc/ssh

Retrieved from "http://www.tomschaefer.org/wiki/index.php/Public_and_Private_Key_Setup_for_SSH"
Personal tools