In the previous article (https://qiita.com/kitarow0309/items/b7c4880bd19d7cce34fe), I introduced the simplest connection using a password. Next, I'll show you how to make it a little more secure. As before, you will be able to connect your company's desktop computer (Main PC) from anywhere in the company with your own laptop (My PC).
Server: Main PC Client: My PC
Install open-ssh and the included packages. See the previous article here.
First, for added security, let's understand the "private key" and "public key" files for Ssh connections. These ~~ "keys" are used to start the SSH connection and encrypt / decrypt the communication contents. For example, if you log in with a password when operating your company's desktop PC (Main PC) from your laptop (My PC) with an SSH connection, there is a possibility that someone other than yourself can operate it. .. Others may also read the contents of the SSH connection. Therefore, when starting a communication connection, two PCs are connected without using a password, and the communication content between the two PCs is encrypted so that it can only be decrypted between the two PCs. These are the above two "keys".
In the actual SSH connection, My PC generates two keys, and the "public key" of them is registered in the Main PC. My PC uses a "private key" to encrypt communications. The Main PC receives this encrypted communication and decrypts it with the public key.
Now let's create a "private key" and a "public key". From here, operate on My PC (your laptop).
MyPC
$ ssh-keygen -b 2048
If you hit the above, you will be asked where to generate the two keys. I think the default ~ / .ssh is fine. You will then be asked for a password to actually use the above key as a key. Don't forget this password. (Simply put, the private key of the two keys is generated in an envelope that can only be opened with a password. When actually connecting, enter this password once and do not remove the private key from the envelope. Cannot be used.)
Next, let's check if the key has been generated
MyPC
$ ls ~/.ssh
id_rsa id_rsa.pub
This time, the key generation location is ~ / .ssh (/home/user/.ssh), so display the file there with ls. Then I think there are two files.
id_rsa = private key id_rsa.pub = public key (pub = publication)
It's done !!!!
Then, you should bring this public key to the Main PC, but where to put it and how to bring it .... If you are troublesome, you can register the public key to the Main PC without permission by executing the following. Will give you.
MyPC
$ cd ~/.ssh #1
$ ssh-copy-id -i id_rsa.pub [email protected] #2
(ssh-copy-id -i public key name(You can also specify the path) Main PC(server)Username@Main PC IP)
Use # 1 to move to the public key storage location. In # 2, id_rsa.pub of ~ / .ssh is specified as the public key and sent to the server (Main PC). Please refer to the Previous article for how to find out the user name and IP address of the server (Main PC). When you execute it, you will be asked for the login password of the Main PC, so enter it.
Your My PC's public key is now registered on your Main PC.
Now, the rest is connection. This is also pretty easy.
$ cd ~/.ssh
$ ssh -I id_rsa(You can also specify the path:~/.ssh/id_rsa) [email protected]
that? You will be asked for your password .... it doesn't make sense, right? That's right. Let's turn off this password authentication. I will write it in the next article! !!