[LINUX] Ssh login with public key authentication quickly

Introduction

SSH login, are you still entering your password? You can omit it by using the public key authentication method!

The environment is

Client side: Linux (including WSL / 2 environment) Server side: Linux

Is assumed.

Below, work on the client side quickly.

Crisp key generation

You'll be asked a lot, but all you can do is enter.

$ ssh-keygen -t ed25519

Quickly register the key on the server

Register the public key generated above in the server you want to log in to.

$ cat ~/.ssh/id_ed25519.pub | ssh <User name>@<host> 'cat >> ~/.ssh/authorized_keys'

that's all! Operation check!

$ ssh <User name>@<host>

You can log in without a password! Yatter!

Details / memo writing

If you cannot log in

It wasn't swaying, but it wouldn't be quick if the server wasn't ready. If it doesn't work, check the following on the server side of the connection destination.

The ~ / .ssh / authorized_keys file exists correctly

Make sure the permissions on the .ssh directory and the  Ľauthorized_keys` file are correct.

$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ touch ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys

Public key authentication is enabled

Open the sshd configuration file.

$ sudo vim /etc/ssh/sshd_config

If PubkeyAuthentication is commented out or no, the public key authentication method is disabled, so set it with yes as follows.

PubkeyAuthentication yes

Restart the sshd service to reflect

$ sudo systemctl restart sshd

Types and choices of key signing algorithms

RSA

There is no reason to make a positive choice in terms of security and speed. As for security, it seems that 4096bit is still okay. If not specified, it will be generated in 2048bit.

$ ssh-keygen -t rsa 4096

ECDSA

It uses a more secure and faster signing algorithm than RSA. The key length is 256, 368, 521 bits. 521 is correct instead of 512. Even 521bit is faster than RSA and is a safe choice now.

$ ssh-keygen -t ecdsa -b 521

Ed25519

Since it is new, you may come across an SSH server that does not support it. It uses a more secure and faster signing algorithm than ECDSA. The key length is fixed at 256 bits.

$ ssh-keygen -t ed25519

Recommended Posts

Ssh login with public key authentication quickly
Set public key authentication when connecting with SSH in Teraterm
Use ssh with private key public key authentication. Connect from wan.
[SSH] About public key authentication and EC2
How to set up public key authentication in ssh
Ubuntu (18.04.3) SSH edition Key authentication
Ssh connection using public key
Log in to Raspberry PI with ssh without password (key authentication)
SSH public key authentication was set for Sakura VPS Cent OS 7.7
Easily implement login authentication function with Laravel
[Linux setting series] How to set public key authentication / ssh-keygen / ssh key / authorized_keys
Until you can borrow VPS with Conoha and authenticate public key with SSH
Skip Line on successful SSH login with ifttt
Stop SSH password authentication and switch to key authentication completely
[Amazon Linux 2] Change from public key authentication to password authentication
Quickly visualize with Pandas
screen and split screen with python and ssh login to remote server
How to generate a public key from an SSH private key
Verify JWT signature with PyJWT using PKCS # 1 format public key