Openssh Private Key
Private keys allow the users to login to SSH without a password. This is considered a safe practice in some cases while also discards the need to remember multiple passwords.
In this tutorial, we would learn how to generate our own SSH Key Pair on our local machine and then configure our Server to use the same for authentication when trying to connect over SSH.
Install putty: sudo apt install putty. Install puttygen: sudo apt install putty-tools. Convert the private key to the intermediate format SSHv2: puttygen yourkey -O private-sshcom -o newkey. Convert it back to RSA/PEM: ssh-keygen -i -f newkey newkeyinrightformat. And you are good to go. To do this, launch PuTTYgen and from the “Conversions” menu, select the “Import key” option. Select your key and follow the prompts to enter your pass phrase. Save your private key. Now run Pageant. In your system tray, you’ll see the Pageant icon appear. Right-click the icon and select “Add Key” and select your private key (PPK. SSH public-key authentication uses asymmetric cryptographic algorithms to generate two key files – one 'private' and the other 'public'. The private key files are the equivalent of a password, and should stay protected under all circumstances. If someone acquires your private key, they can log in as you to any SSH server you have access to. The public key in this analogy is the lock that the private key fits into. If you need more information on public and private keys, check out the article: “ How to generate an SSH key “. The passphrase adds a layer of security by encrypting the private key. You've used ssh-keygen to create a private key file called idrsa.ppk. However this is an OpenSSH-format private key and needs to be converted to Putty's own format to use in Putty.
Steps to Login to SSH Without A Password
Let’s go over the process step-by-step to login to SSH without a password. If you’re new, you can start by reading more about how to connect to a remote host using SSH. If you’re ready, let’s get started.
Step 1: Generate SSH Key Pair
On our local machine, we can generate a SSH Key Pair with the following command :
On execution, we are prompted to specify a file in which to save the private key, the default being /home/user/.ssh/id_rsa ; here id_rsa is the name of our Private Key file. You can always specify a different path and name for the Private Key file. For our demonstration, we shall use the default configuration.
Step 2: Provide A Passphrase (Optional)
Openssh With Key
Next, we are presented with a prompt that asks us for a passphrase that can be used to protect the SSH Private Key from unauthorized access.
However, this field is optional and if left empty, it stores the Private Key file without any protection. In our example, we would leave this field empty. After this, we would have successfully generated our Key Pair. We are also presented with a ‘fingerprint’ and ‘visual fingerprint’ of our key which we need not save.
Step 3: Configure the Server To Use Our Private Key
At this point, we should have the following two files under /home/user/.ssh :
- id_rsa : Our SSH Private Key
- id_rsa.pub : Our SSH Public Key
Take note of the permissions of the private key ( id_rsa ). SSH Private Key files should ALWAYS HAVE 600 PERMISSIONS! If not, change its permission to the said value using the chmod command:
Next, we need to configure our Server to use our private key for login. Now this can be done manually by logging into the Server and configuring stuff manually but there’s a tool ssh-copy-id which does all the hard work for us !
Hence, to configure our Server to use our private key, simply run :
Here,
- USER is the username we want to login as onto the server
- IP is the IP address of our Server
And with that, we can now simply SSH into our Server with :
If you had previously specified a passphrase, you will get a prompt asking for the same :
Begin Openssh Private Key
Note that if you are not using the default path and file names then you need to specify the private key file using the -i flag as follows :
Thus we successfully SSH’d into our machine using our PRIVATE KEY !
Conclusion
Openssh Private Key To Pem
Openssh Private Key To Rsa
And with that, we were able to login to SSH without a password on our Linux machine. It’s an easy and more secure way of logging in as it locks you to log in from specific IP addresses. If you’re interested in learning more on Linux topics, continue to follow LinuxForDevices.