Monday, June 8, 2015

SSH - Key-based Authentication

SSH has many way to authenticate user, and commonly, password based authentication is used.

Password based authentication is easy to setup and use, however, it poses a lot of security challenges.

An alternate way to log into SSH enabled system is key-based authentication. Key based authenticate makes use of public key infrastructure where a public and private key pair is used for authentication. While the private key should be held in secret by the user, the public key will be uploaded to the SSH remote server for authentication.

Below are the steps to enable key based authentication for a User A to log into remote server via SSH as User B

1. As User A, use ssh-keygen to generate a pair of authentication key without a pass phase

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/userA/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/userA/.ssh/id_rsa.
Your public key has been saved in /home/userA/.ssh/
The key fingerprint is:

2. Create a .ssh folder for User B (You will be required to log in with User B password)

$ ssh mkdir -p .ssh's password:

3. Append User A new public key to User B .ssh/authorized_keys (You will be required to log in with User B password)

$ cat ~/.ssh/ | ssh 'cat >> .ssh/authorized_keys''s password:

4. Test key based authentication SSH login for user B (if setup successfully, no password is required to be entered)

$ ssh
Last login: Mon Dec 21 12:31:16 2014 from

No comments:

Post a Comment

PuTTY - Keeping session alive

If you have some VPN tunnels that timeout based on activity, you could try the following setting if you are using PuTTY 1) Open PuTTY and...