There is a lot of suspicious information about the public key authentication method, so I organized it myself. If you make a mistake, I would appreciate it if you could comment.
All of the following operations are performed by ** general users (logged-in users) **. No administrator privileges required.
<** Working with ssh client **>
If you don't have a public key and a private key, create one with ssh-keygen.
If you have made it in the past, you will reuse it.
(The private key is the user's own proof, so even if a user logs in to multiple servers
You will be logged in to multiple servers with the same key)
When you execute the command, you will be asked for the file name, but basically the default is fine.
If you enter a password (like something), two files will be created in'.ssh /'in your home directory.
ʻId_rsa.pub is a public key that you can tell others. ʻId_rsa is a private key and should not be told to anyone.
When I check the read permission with ls -l, ʻid_rsa` can only be read by myself.
<** Working on ssh server **>
Create a file called ʻauthorized_keys in .ssh / (create if not) directly under the home directory of the user who logs in. If there is, add it. For the contents of the file (or the contents to be added), copy the line of public key information = ʻid_rsa.pub as it is.
If you create a new directory .ssh and file ʻauthorized_keys, change the permissions with chmod`.
chmod 700 .ssh
cd .ssh
chmod 600 authorized_keys
You should be able to log in to the server with the steps up to this point.
You don't have to copy both the public and private keys to the server, you can log in if the client has a key pair and the server has authorized_keys. However, if you use multi-stage ssh to log in to another location from there, you will think that the bastion server will be the ssh client, and put the public key and private key there as well. Understand this and don't unnecessarily scatter copies of your keys.