Public/Private keys for authentication

Written by employee #33. Posted in just going through the motions

This txt is about using encrypted keys for authentication on a CentOS box using putty. Tested on CentOS 6.6. I use PuTTY Key Generator for Windows (as I connect from Windows). If that not a option, please have a look at "ssh-keygen -t rsa". You can use public/private keys authentication for WinSCP also if you like.

It is basically just two steps: Generate the public/private key pair, and copy the public to a special file on the CentOS box. The privat key need to stay where it is - it is private.

Open PuTTY Key Generator and click the 'Generate' button. Move the mouse about for a bit.
Putty - Generate

You will have the option to add a password for the private key also. If you think this is a good idea, enter a password in the 'Key passphase'. If you use a pass-phrase, you will need to enter this password each time you use this key.

Use whatever you like for the 'Key comment' This is only to identify your keys. Don't close PuTTYGen.

Save both private and public key. For this I use 'id_rsa' for the private key, and 'id_rsa.pub' for the public key. Use anything you like. The content of the public key need to be on the remote computer, the private stay on the computer you connect from. If you need different computers to connect from, you can copy the private key to any box you like.
PuTTY - Save

Now - you will have to move the contents of the public key to the remote computer. You can do this any number of ways. I will connect to CentOS, create a new empty file and paste the public key directly from Putty Key Generator.

Make (hidden) directory and set access rights for this directory. Most likely the directory already exists.

$ mkdir ~/.ssh
$ chmod 700 ~/.ssh

Copy the public key directly from PuTTY Key Generator.

Create a new file (authorized_keys)

$ nano ~/.ssh/authorized_keys

paste the public key into this file. Just one single line. No "", no [end][start], just the keys. Set access rights and reset the security context.

$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys

Make sure ownership is correct (chown owner-user:owner-group file) Recursively change ownership of directories and their contents (-R). Not sure if this is really necessary.

$ sudo chown $USER:$USER ~/.ssh -R

Last thing is to uncomment "#AuthorizedKeysFile %h/.ssh/authorized_keys" from /etc/ssh/sshd_config, and restart ssh.

$ sudo nano /etc/ssh/sshd_config
$ sudo service ssh restart

Open PuTTY and load the profile for the CentOS box. Now add the private key to this profile. Connection -> SSH. After adding the private key to this PuTTY profile, go back to 'Session' node in PuTTY and save the profile. Connect.

Login in with putty. If you have save your private key with a password, use this.

For debugging, you find the log her: /var/log/auth.log ($ tail -f /var/log/auth.log)