Computer Documentation Wiki

User Tools

Site Tools

Trace: linux
services:2fa:ssh:linux

This is an old revision of the document!

Setup Linux ssh for key based login

We need to create a private/public key set to allow passwordless login via ssh. To do this run the sshkey-ge command: 

$ ssh-keygen -t ecdsa
Generating public/private ecdsa key pair.
Enter file in which to save the key (/home/testuser1/.ssh/id_ecdsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/testuser1/.ssh/id_ecdsa
Your public key has been saved in /home/testuser1/.ssh/id_ecdsa.pub
The key fingerprint is:
SHA256:xb4Rs37UbXt3Wn5cHkdKWy2ZDBbor9F83IYNLhjsfIU testuser1@bree.strw.leidenuniv.nl
The key's randomart image is:
+---[ECDSA 256]---+
|           ...   |
|         .. o    |
|         o=. + o.|
|         o++E.O.+|
|        So+*.=.@o|
|         .=+* BoB|
|          o+.o =O|
|          ..   +B|
|              . o|
+----[SHA256]-----+

For both question about passphrase, just hit enter (we will not be using passphrases). This will also have generated two files in your personal .ssh directory: 

$ ls -ltr id_ecdsa*
-rw------- 1 testuser1 users 537 Mar 22 12:13 id_ecdsa
-rw-r--r-- 1 testuser1 users 195 Mar 22 12:13 id_ecdsa.pub

The file id_rsa.pub must be transferred to the remote host. For this we can use ssh-copy-id: 

$ ssh-copy-id -i ~/.ssh/id_edcsa.pub username@remote-host

This may produce the following message: 

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/username/.ssh/id_edcsa.pub"
The authenticity of host 'remote-host (123.123.123.123)' can't be established.
ECDSA key fingerprint is SHA256:tygMarTe3SOjTcY9HzldKThxQzsTeiYHg5JmjB2bxeg.
Are you sure you want to continue connecting (yes/no)? yes

Having confirmed the access key to remote-host, the copy operation will commence: 

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
username@remote-host's password:

Type your password to actually start the file copy. 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'username@remote-host'"
and check to make sure that only the key(s) you wanted were added.
services/2fa/ssh/linux.1616411887.txt.gz · Last modified: 2021/03/22 11:18 by deul

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki