[LINUX] Ssh connection using public key

Introduction

I don't understand the theory properly, so I often forget it and check it many times. Ssh connection without password.

This post is just a reorganization of the contents of the easy-to-understand site that my seniors have uploaded in the past so that I can easily understand it. Thank you to all my seniors.

Thing you want to do

ssh.png

When sshing from one machine to multiple machines / various OS, I want to access without typing the password. The connection procedure using the public key is summarized with the idea of executing a remote command instead of simplifying a simple login.

The configuration assumed this time is as follows. [Connection source]

Machine IP address
Linux(CentOS) 192.168.10.100

【access point】

Machine IP address
Linux(CentOS) 192.168.10.101
VMware ESXi 192.168.10.200
Windows 10 Pro 192.168.10.201

1. Generate private key and public key at connection source

On the connection source server, create a private key / public key pair and pass the public key to the connection destination. This is the only basic.

So, first log in to the connection source server and make a key pair. Log in to the connecting Linux as the root user. Then generate the key with the following command. If you want to make a key with rsa, you don't need to specify it.

# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx root@hostname

You will be prompted to set a key storage file and passphrase. The default location for the key is /root/.ssh/id_rsa, so simply press Enter. The passphrase is empty because I want to use it for automation later. Simply press Enter.

Confirm that the key has been generated.

# cd .ssh
# ls
id_rsa  id_rsa.pub  known_hosts

You have a private key: id_rsa and a public key: id_rsa.pub.

2. Connection destination setting: Linux edition

First, the procedure for Linux (CentOS 7). It is assumed that sshd of the connection destination Linux server is enabled.

Public key distribution

Pass the public key created at the connection source to the connection destination Linux. key-scp.png

I used scp to hand over the keys. Of course, at this stage, the public key is not used, so enter the password.

Run at the connection source


# scp /root/.ssh/id_rsa.pub [email protected]:/root/

Log in to the destination Linux as root and add the passed public key to .ssh / authorized_keys.

Run at the connection destination


# mkdir .ssh
# chmod 700 .ssh
# cat id_rsa.pub >> .ssh/authorized_keys
# rm id_rsa.pub

Change sshd settings and restart service

Modify a part of sshd_config of the connection destination.

Run at the connection destination


# vi /etc/ssh/sshd_config

Change only one place regarding public key authentication. Actually, just remove the # at the beginning.

Run at the connection destination


PubkeyAuthentication yes

After rewriting, restart the service.

# systemctl restart sshd

Now you can ssh access from the source Linux to the destination Linux without asking for a password.

3. Connection destination setting: VMware ESXi

Next, the settings for VMware ESXi 6.7 update 3.

Enable ESXi sshd service

The ESXi sshd service is disabled by default, so enable it.

--Open a browser and access the target ESXi. --Open Host> Administration> Services. --Select TSM-SSH and click Action. --Select a policy and select Start and stop in conjunction with the host. --Keep TSM-SSH selected and click the Start button.

This will start the sshd service, and the sshd service will come up the next time you restart ESXi.

Public key distribution

Pass the public key created at the connection source to the connection destination ESXi. Again, pass it as scp.

sh:Run at the connection source
# scp /root/.ssh/id_rsa.pub [email protected]:/

Log in to the connection destination ESXi as root with ssh, and add the passed public key to / etc / ssh / keys-root / authorized_keys.

access point(ESXi)Run on


~] cat id_rsa.pub >> /etc/ssh/keys-root/authorized_keys

ESXi does not require a service restart. This is the end.

4. Connection destination setting: Windows 10 Pro

Addition of functions

If you are using Windows 10 version 1803 or later, you can add the sshd service. The addition method is as follows.

--Right-click on the Start menu> click Settings. --Click Windows Settings> Apps. --Click Optional Features in Apps and Features. --Click Add Function``. --Select ʻOpenSSH Server and click theInstallbutton that appears. --Close with the x button at the top right of the screen.

Enable sshd service for Windows 10 Pro

Since the service is not activated just by installing it, enable it by the following method.

--Enter "service" in the search box to search. Open the Service screen. --Service name: ʻOpenSSH Find SSH Serverand open its properties. --Startup type: SelectAuto` and click the Apply button and OK button.

Public key distribution

Pass the public key created at the connection source to Windows 10 at the connection destination using scp again. The user name on Windows 10 is Tech.

Run at the connection source


# scp /root/.ssh/id_rsa.pub [email protected]:/

Now that the public key has been copied to Windows 10, we will operate it on the Windows 10 side. Open PowerShell and write the received public key to .ssh/authorized_keys below where the user's home is.

access point(Windows10)Run on


> mkdir .ssh
> cat C:\id_rsa.pub >> .ssh/authorized_keys

Change sshd service settings and restart service

The configuration file is C: \ ProgramData \ ssh \ sshd_conf. At first, I searched for where it was. .. .. In this file, uncomment one place and comment two places. Specifically, the setting to enable public key authentication and the setting to use only the Authorized Key files under the local control.

original


#PubkeyAuthentication yes
(abridgement)
Match Group administrators
       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

After change


PubkeyAuthentication yes
(abridgement)
#Match Group administrators
#       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

After this, restart the sshd service.

Now you can ssh to Windows without a password.

Referenced site

https://qiita.com/Tanaaaaan/items/50c3f0ddc15c40b750d2 https://sig9.hatenablog.com/entry/2015/05/27/185218 http://ttm.jimba.ddo.jp/adiary.cgi/teraterm/0147 https://www.atmarkit.co.jp/ait/articles/1903/28/news005.html

Recommended Posts

Ssh connection using public key
Ssh connection using public key
[SSH] About public key authentication and EC2
Ssh connection using public key
How to set up public key authentication in ssh
Ssh connection memo using ProxyCommand of ssh_config in Python
How to generate a public key from an SSH private key
Remove ssh private key passphrase
SQL connection method using pyodbc
Use ssh with private key public key authentication. Connect from wan.
SSH public key authentication was set for Sakura VPS Cent OS 7.7
[Linux setting series] How to set public key authentication / ssh-keygen / ssh key / authorized_keys
Until you can borrow VPS with Conoha and authenticate public key with SSH