Remotely Connect to Linux Servers with SSH key-pairs
SSH: Authentication with Key-pairs
On your client machine:
- Create ssh key pair by using the command ssh-keygen
- It will create 2 files (Private key and Public key) in the .ssh folder.
[menit@fedora .ssh]$ ls id_rsa id_rsa.pub
- It is recommended that you will use a passphrase to encrypt your private key
[menit@fedora .ssh]$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/menit/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/menit/.ssh/id_rsa Your public key has been saved in /home/menit/.ssh/id_rsa.pub The key fingerprint is: SHA256:E+n8J9Sjbdbi5A7uyu7LVAm2Y8fNBtSawvCyoR7l3Y4 menit@fedora The key's randomart image is: +---[RSA 3072]----+ | .. | | . o . | | += .o | | +++=o* | | + =So* * | | o o..B.+ o | | . . .o= B . | | . +E..X . | | oB+o.+ | +----[SHA256]-----+ ```
How to Deploy your public key to your manage servers.
- To connect to your Linux servers using ssh keys you will need to transfer the public key to your remote servers
There are 2 methods to transfer the public key to your server
The first method is to install the public key from your own host to your remote server using this command:
- This command will create on the remote host .ssh folder and a file named authorized_keys and he will copy-paste the public key to this file.
ssh-copy-id -i /home/menit/.ssh/id_rsa.pub firstname.lastname@example.org
- The second method is to copy your public key and paste it to your remote server under the .ssh folder to file named authorized_keys (if you can’t find such file you just need to create it.
Now you can connect to your machine using this command
[menit@fedora .ssh]$ ssh email@example.com
Connect to your remote server without the passphrase
To avoid the need to enter a passphrase every time you ssh to a remote host you can use sshagent to Cache your Authentication Credentials into the host memory.
[menit@fedora .ssh]$ ssh-agent bash [menit@fedora .ssh]$ ssh-add id_rsa Enter passphrase for id_rsa: *********** Identity added: id_rsa (menit@fedora)
How to ssh to a remote host using the Root User account.
- On the remote host, you will need first to enable the login as root option: To enable it to remove # from the line “PermitRootLogin prohibit-password”
swarm@swarm3:/etc/ssh$ vim /etc/ssh/sshd_config #LoginGraceTime 2m PermitRootLogin prohibit-password #StrictModes yes #MaxAuthTries 6 #MaxSessions 10
Exit and Save the file by pressing :wq
- Switch to you root account in the remote server and pass the Public ssh key to the authorized_keys file under the .ssh folder.
root@swarm3:~/.ssh# ls authorized_keys
How to type sudo command with a password
To grant you user sudo permissions you will need to edit this config file:
[menit@fedora .ssh]$ sudo visudo
Under Allow people in group wheel paste this command
#Allow users to run all commands menit ALL=(ALL) NOPASSWD: ALL
This is how it’s should be looked like in the config file:
## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL #Allow users to run all commands menit ALL=(ALL) NOPASSWD: ALL
It’s important you enter your new line entry at the bottom of the config file because the visudo file is processed from the top to bottom.