In order to install the ssh server, you need to run the following command:
1
sudo apt-get install openssh-server
First, let's make the initial configuration of the ssh server for authorization by key. Let's open the /etc/ssh/sshd_config file for editing
1
sudo nano /etc/ssh/sshd_config
Here we are interested in the following lines, there are only three of them (Must be uncommented and have the values ​​I specified):
1
2
3
4
5
..... ......
RSAAuthentication yes
PubkeyAuthentication yes
...........
AuthorizedKeysFile %h/.ssh/authorized_keys
Restart the ssh server:
1
sudo restart ssh
So, we brought the lines of the ssh configuration file to the required form.
Next, you will need to generate keys for authorization. Further actions are performed on the ssh server itself (Not on the computer on which you will work with the ssh client, but exactly where you installed open-ssh):
Enter the following command:
1
ssh-keygen -t rsa
You can use DSA instead of RSA. Unlike RSA, DSA is only used for digital signing and is not used for encryption.
Further, in response, we will receive the following lines:
Enter the name of the key, in principle it is not important, but it is desirable not to get confused in the future if there are several keys.
1
2
Generating public/private rsa key pair.
Enter file in which to save the key (/home/melfis/.ssh/id_rsa):
Hereinafter, we will assume that in this example I entered melfis.ru-rsa
Now the system will ask you to enter a password for the certificate, I enter the password.
1
2
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Certificates generated:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Your identification has been saved in melfis.ru-rsa.
Your public key has been saved in melfis.ru-rsa.pub.
The key fingerprint is:
23:3f:f4:5c:c4:48:6b:37:4c:ca:f5:24:29:63:e7:ae [email protected]
The key's randomart image is:
+--[ RSA 2048]- ---+
| . +.. |
| o+oo+ |
| .*=* . |
| . o.. |
| . S.. |
| + + .. |
| o o. |
| .E |
| |
+-----------------+
Now there are two keys in the folder you were in:
1
2
melfis.ru-rsa
melfis.ru-rsa.pub
One of them is private: melfis.ru-rsa, another public one: melfis.ru-rsa.pub.
Now you need to install the generated key on your server. (Yes, we are still on the server where Spen-SSH is installed). In addition to installing the key, we will immediately set the rights to the keystore.
Let's execute the following commands:
1
2
cat melfis.ru-rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
Now let's go to the computer that should be authorized on the ssh server by key. (Now we are working on your local computer.)
Take the key to your computer with the following command (I assume that you performed the previous steps in the user's home directory on the server):
1
scp [email protected]_ADDRESS:~/melfis-rsa ~/.ssh /melfis-key
Once the key has been received, let's upload it to our local storage:
1
ssh-add ~/.ssh/melfis-key
Enter the password you have set for this key. After the key has been successfully loaded, we try to connect to the server:
1
ssh [email protected]_ADDRESS
As a result, the password will not be requested. If you managed to connect to the SSH server using the key, then it's probably not a bad solution to completely disable password authorization. To do this, open the /etc/ssh/sshd_config file on the server and change the following line:
1
PasswordAuthentication yes
to this one:
1
PasswordAuthentication no
And don't forget to restart the Open-SSH server
That's all. You can "merge" the keys you created to a USB flash drive and use them for authorization via ssh without entering a password.
link to the article melfis.ru/%D0%B0%D0%B2%D1%82%D0%BE%D1%80%D0%B8%D0%...

Does ssh password require or password to unlock key?

so share the solution and close the answer :-)