2013年10月26日

ubuntu setup user ssh login without password by public key

http://lani78.wordpress.com/2012/07/21/generate-a-ssh-key-and-disable-password-authentication-on-ubuntu-server-12-0/

This is an updated guide for Ubuntu 12.04. You might want to check out the old guide if you are using an older version of Ubuntu. The old guide was written for Ubuntu 8.04.

This new version is updated with the command “service ssh reload” instead of “/etc/init.d/ssh reload”. And I have also learned of better way to test connecting via ssh without using the key file (-o PubkeyAuthentication=no, for testing purposes).

Ubuntu ssh step by step guide

1. Generate the ssh key pair on your client computer:
ssh-keygen

2. Copy the public key to the server:
scp ~/.ssh/id_rsa.pub user@10.10.10.1:

3. Connect to the server:
ssh user@10.10.10.1

4. Append the public key to authorized_keys and remove the uploaded copy:
cat id_rsa.pub >> ~/.ssh/authorized_keys
rm id_rsa.pub

5. Edit the ssh server configuration to make sure that public key authentication is enabled (it should be enabled by default):
sudo nano /etc/ssh/sshd_config

5.1 These entries must be set to yes:
RSAAuthentication yes
PubkeyAuthentication yes

6. Reload the configuration:
sudo service ssh reload

7. Disconnect from the server:
exit

8. Try connecting without the need to give the password to the ssh-client:
ssh user@10.10.10.1

You might need to give a password now to access your private key file, but you should not need to give the password to the ssh program.

9. Disable password authentication:
sudo nano /etc/ssh/sshd_config

9.1 The following settings should be set to no:
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

9.2. Reload the configuration:
sudo service ssh reload

10. Test that password authentication really is disabled:
10.1 Disconnect from the server:
exit

10.2 Try to reconnect to the server with key file authentication disabled:

ssh user@10.10.10.1 -o PubkeyAuthentication=no

This should produce a permission denied message: “Permission denied (publickey).”

Done :)

Troubleshooting

If you ran into any problems it might help to check out the pointers in the comments of the old guide. I highly value the constructive comments that I have received, as I often learn something new from them.

沒有留言:

張貼留言