SSH Key Authentication (Linux)

Step By Step Instructions

In order to authenticate using public and private keys, perform the following steps:

1. Create a key-pair on the client workstation.
2. Add the public-key of the key-pair on the server.
3. Test logging on to the server from the client.

Create a key-pair on the client workstation

From the client workstation, create a key-pair using the ssh-keygen command. This command will compute a key-pair and deposit the key-pair into the ~/.ssh directory. To do this, enter the following command.

It is very important to use a passphrase when creating the key-pair!

-bash-4.2$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/test/.ssh/id_rsa): <return>
Enter passphrase (empty for no passphrase): passphrase
Enter same passphrase again: passphrase
Your identification has been saved in /home/test/.ssh/id_rsa.
Your public key has been saved in /home/test/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:OXvMnRK6aFjRfWZ7ShXSUzgKrmdjpzTOknoqbDMVqSk test@pier.ecn.purdue.edu
The key's randomart image is:
+---[RSA 2048]----+
|             . o.|
|          . . *  |
|       o o . o + |
|      + ..o = .  |
|     o oS..+ o   |
|  E o o .*Bo+..  |
|   o +  oO=*oo   |
|    B ..+o+..    |
|   . =++..       |
+----[SHA256]-----+
-bash-4.2$ 

Add the public-key of the key-pair on the server

From the server, add the public key to the list of keys authorized to use the account. Each line in the ~/.ssh/authorized_keys lists the public-keys that are authorized to log on to the server account. Then only those users have a copy of the key-pair will be authorized to use the server account. There can be multiple public keys listed in the file.

-bash-4.2$ ssh-copy-id pier.ecn.purdue.edu
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/test/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
test@pier.ecn.purdue.edu's password: password
 
Number of key(s) added: 1
 
Now try logging into the machine, with:   "ssh 'pier.ecn.purdue.edu'"
and check to make sure that only the key(s) you wanted were added.
 
-bash-4.2$ 

Test logging on to the server from the client

Test to see that key-pair authentication is working. This time when logging on to the server, instead of prompting for the UNIX password, ssh will prompt for the passphrase used to encrypt the private key of the key-pair. If the right passphrase is entered, the server ought to authorize the log-on because (1) it knows that the public-key is allowed access by being listed in the ~/.ssh/authorized_keys file, and (2) that the client ssh program knew the private key.

-bash-4.2$ slogin pier.ecn.purdue.edu
Enter passphrase for key '/home/test/.ssh/id_rsa': passphrase
Last login: Thu Oct 15 13:11:57 2020 from pier.ecn.purdue.edu
Linux pier.ecn.purdue.edu 3.10.0-1127.13.1.el7.x86_64 #1 SMP Tue Jun 23 15:46:38 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
- No news at this time.
-bash-4.2$ logout
Connection to pier.ecn.purdue.edu closed.
-bash-4.2$