Ssh Authorized Key

  1. Ssh Authorized_keys Location
  2. Ssh Authorized Keys Chmod
  3. Ssh Authorized_keys Not Working

This one is how to generate ssh keys from Windows, and set everything up to conveniently access the Linux boxes from your local machine.

Generate SSH Keys Locally
On your local windows machine, open up a PowerShell and run the following command:

TIP: we use the same name that you’ll use to remotely login.

Ssh Authorized_keys Location

Generate SSH Keys
ssh-keygen.exe -t rsa -C “stuart”
Press enter twice when asked for keyphrase.

By default, these keys will be in the C: Users.ssh folder. Uploading the Public Key to the SSH Host and Associating your SSH user. You’ll next need to transfer the public key (idrsa.pub) to the remote SSH user’s authorized keys location. By using VSCode, you can use its built-in explorer to upload the key. Create a key pair on the source server. When we give ssh-keygen command, it will by default create a 2048 -bit RSA Key pair and if you need more stronger encryption you can use 4096 bit as well. For that you need to use “-b 4096” in the ssh-keygen command end. I am using default one here. AuthorizedKeysFile Specifies the file that contains the public keys that can be used for user authentication. AuthorizedKeysFile may contain tokens of the form%T which are substituted during connection setup. The authorizedkeys file in SSH specifies the SSH keys that can be used for logging into the user account for which the file is configured. It is a highly important configuration file, as it configures.

Done.

Authorized_keys

To confirm your keys were generated correctly, list the contents of your .ssh directory:

List Contents of ~/.ssh
ls ~/.ssh

Copy Keys to Remote Server
In a powershell, we will use secure copy to transfer the key to the remote box(es):

Copying Keys to Remote Server
scp ~.sshid_rsa.pub [email protected]:

Create Directories on Remote Server
Log into the remote box (SOLR1 for this example)

In your home directory, create the following directories:

NOTE: I use the explicit `~` here for good examples sake – users cannot mistakenly create these files or directories anywhere else when using a tilde

Create Directory & File
$ mkdir ~/.ssh
$ touch ~/.ssh/authorized_keys

Copy the SSH Key to Authorized Keys File
On our SOLR1 instance, now we will copy the contents of our id_rsa key to our authorized_keys file:

Copy Key to AuthorizedKeys File
$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
TIP: Using `>>` will append this (as oppposed to overwriting using `>`)

Ssh Authorized KeyKey

Once copied, confirm it as correct:

Verify Copy
cat ~/.ssh/authorized_keys

Clean Up
You can safely delete the original id_rsa.pub file now.

Clean Up. Remove id_rsa
$ rm ~/id_rsa.pub

Set Permissions on Home Directories & File
Before we can log in using our ssh keys, we need to make sure that the correct permissions are set on our home dir, .ssh dir, and our authorized_keys file.

Let’s change permissions, ensure that the following permissions are set (very likely your home dir will be 700 already)

Change Owenership
chmod 700 /home/stuart
chmod 700 /home/stuart/.ssh
chmod 644 /home/stuart/.ssh/authorized_keys
NOTE: Please make sure you type these commands, and not copy paste them (you are possibly not name stuart!)

TIP: For good measure and to keep windows happy, close all your powershell windows and open a new one before continuing.

Enable SSH Public Key Authentication
We need to tweak a few ssh config settings to allow public key logins:

First we will allow public key logins via the `PubKeyAuthentication` setting.

Let’s edit the SSHd config file.

TIP: You will need to be root to edit this file

Edit SSHd Config
vi /etc/ssh/sshd_config
Uncomment the line:

`#PubkeyAuthentication yes`

Now let us make sure that the `AuthorizedKeysFile` setting is pointing to our home based authorized_keys file:

We will change `.ssh/authorized_keys`, to become: `%h/.ssh/authorized_keys`

AuthorizedKeysFile
%h/.ssh/authorized_keys
And save the file.

Restart SSH Daemon
We can restart the ssh like so:

Restart SSH Daemon
service sshd restart
To log Straight in, you can now do:

Login Via SSH
ssh [email protected]
and you will be logged straight into SOLR1.

Why stop there?

Set up local Alisases
This part is optional, but why not complete the package and give yourself some tasty aliases?

If you are not familar with your PowerShell Profile, then go read my other tutorial on how to make yourself a profile ****TODO LINK!!!!!****

Windows Security
We need to secure our public key so no other users can read it:

Right click on the .pub file, choose properties.
Select “security” tab and then “advanced”.
Change the Owner to your user (if its not already).
Disable inheritance (if its set).
Remove all permissions for every one but your user.
Give your user “Full Control”.

PowerShell Aliases
In your PowerShell Profile, add the following aliases (let’s all stay on the same page here and use the same aliases as each other eh?)

Ssh Authorized Key

PowerShell Aliases
# SOLR1
function ssh-solr1 {
ssh -i ~/.ssh/id_rsa [email protected]
}

Ssh authorized_keys file

Source Your Profile
The very last step here is to source our profile file so that we can use our new aliases:

. ~PathToYourPowerShell_Profile.ps1
No0b TIP: You can simply close all your powershells, and open a new one if you want.

Ssh Authorized Keys Chmod

You can now log straight in with your helpful alias:

Ssh Authorized_keys Not Working

ssh-solr1

Enjoy Life.