Tạo SSH Private-key bằng PuTTY

How To Create SSH Keys with PuTTYTạo SSH Private-key bằng PuTTY | How to create SSH Private-key with PuTTY
Mới đây mà đã gần 2 năm rồi mình xa blogit, hnay mình trở lại chia sẻ cách để tạo một private-key để chứng thực cho một connect session ssh đến VPS
(máy chủ), mình đã tổng hợp từ nhiều bài viết khác nhưng do không có time
nên mh sẽ copy-paste mà thui :)

#bl2Software

- Ở đây mh dùng SSH client là PuTTY và PuTTYGen để tạo private-key, các bạn có thể download cả 2 tại đây

#bl2Generating OpenSSH-compatible Keys for Use with PuTTY


To generate a set of RSA keys with PuTTYgen:

  1. Start the PuTTYgen utility, by double-clicking on its .exe file;
  2. For Type of key to generate, select SSH-2 RSA;
  3. In the Number of bits in a generated key field, specify either 2048 or 4096 (increasing the bits makes it harder to
    crack the key by brute-force methods);
  4. Click the Generate button;
  5. Move your mouse pointer around in the blank area of the Key section, below the progress bar (to generate some randomness) until the progress bar
    is full;
  6. A private/ public key pair has now been generated;
  7. In the Key comment field, enter any comment you'd like, to help you identify this key pair, later (e.g. your e-mail address; home; office; etc.)
    -- the key comment is particularly useful in the event you end up creating more than one key pair;
  8. Optional: Type a passphrase in the Key passphrase field & re-type the same passphrase in the Confirm passphrase field (if
    you would like to use your keys for automated processes, however, you should not create a passphrase);
  9. Click the Save public key button & choose whatever filename you'd like (some users create a folder in their computer named my_keys);
  10. Click the Save private key button & choose whatever filename you'd like (you can save it in the same location as the public key, but it should be a
    location that only you can access and that you will NOT lose! If you lose your keys and have disabled username/password logins, you will no longer be able log in!);
  11. Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and choose Select All;
  12. Right-click again in the same text field and choose Copy.


NOTE: PuTTY and OpenSSH use different formats for public SSH keys. If the SSH Key you copied starts with "---- BEGIN SSH2 PUBLIC
KEY ...", it is in the wrong format. Be sure to follow the instructions carefully. Your key should start with "ssh-rsa AAAA ...."

#bl2Save The Public Key On The Server


Now, you need to paste the copied public key in the file ~/.ssh/authorized_keys on your server.

  1. Log in to your destination server; see How to Log Into Your Droplet with PuTTY (for windows users)
  2. If your SSH folder does not yet exist, create it manually:
  3. #code
    mkdir ~/.ssh
    chmod 0700 ~/.ssh
    touch ~/.ssh/authorized_keys
    chmod 0644 ~/.ssh/authorized_keys 
    #/code
  4. Paste the SSH public key into your ~/.ssh/authorized_keys file (see Installing and Using the Vim Text Editor on an Cloud Server):
  5. #code sudo vim ~/.ssh/authorized_keys #/code
  6. Tap the i key on your keyboard & right-click your mouse to paste.
  7. To save, tap the following keys on your keyboard (in this order): Esc, :, w, q, Enter.
  8. Change config in /etc/ssh/sshd_config file. Uncomment or add two following line
    #code
    PubKeyAuthentication yes
    AuthorizedkeysFile ~/.ssh/authorized_keys
    #/code
  9. Restart SSH
    #code
    service sshd restart
    or
    service ssh restart
    #/code

#bl2Create a PuTTY Profile to Save Your Server's Settings


In PuTTY, you can create (and save) profiles for connections to your various SSH servers, so you don't have to remember, and continually re-type, redundant information.

  1. Start PuTTY by double-clicking its executable file;
  2. PuTTY's initial window is the Session Category (navigate PuTTY's various categories, along the left-hand side of the window);
  3. In the Host Name field, enter the IP address of your VPS or its fully qualified domain name (FQDN); see How to Set Up a Host Name with DigitalOcean
  4. Enter the port number in the Port field (for added security, consider changing your server's SSH port to a non-standard port. See Step Five of Initial Server Setup with Ubuntu 12.04
  5. Select SSH under Protocol;
  6. Along the left-hand side of the window, select the Data sub-category, under Connection;
  7. Specify the username that you plan on using, when logging in to the SSH server, and whose profile you're saving, in the Auto-login username field;
  8. Expand the SSH sub-category, under Connection;
  9. Highlight the Auth sub-category and click the Browse button, on the right-hand side of the PuTTY window;
  10. Browse your file system and select your previously-created private key;
  11. Return to the Session Category and enter a name for this profile in the Saved Sessions field, e.g. [email protected]
  12. Click the Save button for the Load, Save or Delete a stored session area.


Now you can go ahead and log in to user@1.2.3.4 and you will not be prompted for a password. However, if you had set a passphrase on your
public key, you will be asked to enter the passphrase at that time (and every time you log in, in the future).

#bl2Disable Username/Password Logins

- Chức năng này sẽ vô hiệu hóa việc login bằng password thông thường, nó nhằm tăng cao tính security Nhưng lưu ý bạn hãy làm điều này khi chắc rằng bạn đã login thành công với private-key. Khuyến cáo nếu test thì không nên thực hiện bước này :)
#code
vim /etc/ssh/sshd_config
#/code
Tìm đến và thay đổi các dòng bên dưới
#code
[...]
PasswordAuthentication no
[...]
UsePAM no
#/code

#bl2Fix SSH error “Server refused our key”


I was getting this error for awhile when trying to use an authentication key in Putty to connect to an Ubuntu Server machine:

Server refused our key.
Long story short, the problem lies within my home directory being encrypted when I’m not logged in. Read below for further explanation.
The solution is to move the authorized_keys file location outside the home folder so the SSH daemon can access it even when you’re not logged in:
  1. sudo mkdir /etc/ssh/publicSSHkeys # Create a folder for public SSH keys
  2. sudo mv ~/.ssh/authorized_keys /etc/ssh/publicSSHkeys/ # Move the authorized_keys file there
  3. sudo nano  /etc/ssh/sshd_config # Modify sshd_config to the new location

    change this… “AuthorizedKeysFile    %h/.ssh/authorized_keys

    to this… “AuthorizedKeysFile    /etc/ssh/publicSSHkeys/authorized_keys

    NOTE: Sometimes the “AuthorizedKeysFile” variable is commented out, so remove the number sign if it is (Thanks to Frank for the tip!).
  4. sudo service sshd reload # Then you just need to reload the server
  5. You’ll still need to make sure your public key is in /etc/ssh/publicSSHkeys/authorized_keys, and your SSH client (in my case Putty) is loading your private key. There are numerous SSH key tutorials on the webernets.

Thanks https://www.digitalocean.com/ and http://adamwright.wordpress.com/

Cùng wWw.blogit.info chia sẻ Thế giới công nghệ 4 sao
SHARE
    Blogger Comment
    Facebook Comment

1 comments :