[LINUX] Set public key authentication when connecting with SSH in Teraterm


I didn't know much about the server, so I decided to rent a VPS server with "Sakura's VPS" and try it out. I didn't understand the mechanism and method of "public key authentication" and had a hard time, so I will summarize it here as a record.


・ Sakura's VPS -CentOS Linux release 7.8.2003

What is public key authentication?

If you log in to the server with password authentication, it is dangerous because a third party can log in if the password is broken, but if you use public key authentication, you can log in safely without using a password. Public key authentication is performed by generating and using a pair of public key and private key. The two keys have the following characteristics.

・ You cannot make a signature without a private key ・ The public key can be used to verify whether the signature is correct (with the corresponding private key).

After generating the public key and private key on the client side, the public key is registered in the connection destination server, and the private key is stored only on the client side. At login, if the public key registered on the server matches the private key presented by the client, the login is successful.


Actual procedure

Public / private key generation

From here, we will use "Tera Term". You can download TeraTerm from https://ja.osdn.net/projects/ttssh2/.   (1) Click "SSH key generation" in the setting menu of "TeraTerm". teraterm1copy.png (2) The following screen will be displayed. Click "Create". teraterm2copy.png (3) When "Generate" is executed, the "Passphrase" and "Comment" at the bottom of the screen can be entered. (You will be asked to enter the passphrase when you log in and use the private key. You can generate it even if it is blank.)

(4) Finally, click "Save public key" and "Save private key" at the bottom of the screen to save the key.

Public key registration

(1) Register the public key on the server side. Log in to the server with TeraTerm and drag and drop "id_rsa.pub" onto the TeraTerm window. The following window will be displayed. Set an arbitrary folder and click the "Send" button. teraterm3copy.png (2) I sent the public key to the directory on the server, but I haven't registered it yet. Register the public key in the ~ / .ssh / authorized_keys file with the following command.

$ cat id_rsa.pub >> .ssh/authorized_keys

ʻChange the permissions of authorized_keys`. (Make it inaccessible to anyone other than the owner.)

$ chmod 600 .ssh/authorized_keys

This completes key registration. On the SSH authentication screen, check RSA / DSA / ECDSA / ED25519 and specify the generated private key. If you can log in with that, it's OK. teraterm4copy.png

Disable password authentication

Finally, change the settings so that you cannot log in with a password. Enter the following command to open the edit screen for the / etc / ssh / sshd_config file.

# vim /etc/ssh/sshd_config

Modify the following parts of this file:

PasswordAuthentication yes → PasswordAuthentication no

After saving the modified file, reload the settings.

# systemctl reload sshd.service

Recommended Posts

Set public key authentication when connecting with SSH in Teraterm
How to set up public key authentication in ssh
Use ssh with private key public key authentication. Connect from wan.
Log in to Raspberry PI with ssh without password (key authentication)
SSH public key authentication was set for Sakura VPS Cent OS 7.7
[SSH] About public key authentication and EC2
[Linux setting series] How to set public key authentication / ssh-keygen / ssh key / authorized_keys
Ssh connection using public key
Dealing with key not found error in pacstrap when installing Arch Linux
Until you can borrow VPS with Conoha and authenticate public key with SSH
Ansible role to prevent the initial confirmation message when connecting with SSH
Addictive point when going through http proxy with basic authentication in python
Dictionary key error → Resolve with key in dicionary
Connect with mysql.connector with ssh tunnel in Python 3.7
Behavior when SIGEV_THREAD is set in sigev_notify of sigevent with timer_create (C language)
[Linux] For super beginners Tips when public key authentication settings do not work