Remotely Connect to Linux Servers with SSH key-pairs
SSH: Authentication with Key-pairs
On your client machine:
- Create ssh key pair by using the command ssh-keygen
- It will create 2 files (Private key and Public key) in the .ssh folder.
[menit@fedora .ssh]$ ls
id_rsa id_rsa.pub- It is recommended that you will use a passphrase to encrypt your private key
[menit@fedora .ssh]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/menit/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/menit/.ssh/id_rsa
Your public key has been saved in /home/menit/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:E+n8J9Sjbdbi5A7uyu7LVAm2Y8fNBtSawvCyoR7l3Y4 menit@fedora
The key's randomart image is:
+---[RSA 3072]----+
| .. |
| . o . |
| += .o |
| +++=o* |
| + =So* * |
| o o..B.+ o |
| . . .o= B . |
| . +E..X . |
| oB+o.+ |
+----[SHA256]-----+
```How to Deploy your public key to your manage servers.
- To connect to your Linux servers using ssh keys you will need to transfer the public key to your remote servers
There are 2 methods to transfer the public key to your server
The first method is to install the public key from your own host to your remote server using this command:
- This command will create on the remote host .ssh folder and a file named authorized_keys and he will copy-paste the public key to this file.
ssh-copy-id -i /home/menit/.ssh/id_rsa.pub username@192.168.122.235
- The second method is to copy your public key and paste it to your remote server under the .ssh folder to file named authorized_keys (if you can’t find such file you just need to create it.
Now you can connect to your machine using this command
[menit@fedora .ssh]$ ssh swarm@192.168.122.235
Connect to your remote server without the passphrase
To avoid the need to enter a passphrase every time you ssh to a remote host you can use sshagent to Cache your Authentication Credentials into the host memory.
[menit@fedora .ssh]$ ssh-agent bash
[menit@fedora .ssh]$ ssh-add id_rsa
Enter passphrase for id_rsa: ***********
Identity added: id_rsa (menit@fedora)
How to ssh to a remote host using the Root User account.
- On the remote host, you will need first to enable the login as root option: To enable it to remove # from the line “PermitRootLogin prohibit-password”
swarm@swarm3:/etc/ssh$ vim /etc/ssh/sshd_config
#LoginGraceTime 2m
PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
Exit and Save the file by pressing :wq
- Switch to you root account in the remote server and pass the Public ssh key to the authorized_keys file under the .ssh folder.
root@swarm3:~/.ssh# ls
authorized_keys
How to type sudo command with a password
To grant you user sudo permissions you will need to edit this config file:
[menit@fedora .ssh]$ sudo visudo
Under Allow people in group wheel paste this command
#Allow users to run all commands
menit ALL=(ALL) NOPASSWD: ALL
This is how it’s should be looked like in the config file:
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
#Allow users to run all commands
menit ALL=(ALL) NOPASSWD: ALL
It’s important you enter your new line entry at the bottom of the config file because the visudo file is processed from the top to bottom.
Meni Tasa Blog 