Posted July 4, 20231 yr SSH keys provide a more secure way of logging in compared to using a password alone. While a password can eventually be cracked with a brute-force attack, SSH keys are nearly impossible to decipher by brute force alone. With public key authentication, every computer has (i) a public and (ii) a private “key” (two mathematically-linked algorithms that are effectively impossible to crack). Setup SSH Keys on your Windows computer/laptop using PuttyGEN Step 1 Download PuttyGEN from the Homepage website. Scroll down until you find puttygen.exe and download either 32 or 64bit version. Step 2 Start PuttyGEN by double clicking on its icon Step 3 From top menu, click on “Key” and select “SSH-2 RSA” and in the bottom right box change the number 2048 to 4096 Step 4 Click “Generate” button Step 5 Move your mouse pointer around in the blank area of the Key section, below the progress bar (to generate some randomness) until the progress bar is full Step 6 Click the “Save public key” button & choose whatever filename you’d like (some users create a folder in their computer named my_keys) Step 7 Click the “Save private key” button & choose whatever filename you’d like Quote NOTE! Both public and private files will have to stay on your computer, do not delete them. Step 8 Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and choose Select All, right-click again and choose Copy Step 9 Login to your VPS or Dedicated server Step 10 Run the following commands: mkdir ~/.ssh chmod 0700 ~/.ssh touch ~/.ssh/authorized_keys chmod 0644 ~/.ssh/authorized_keys Step 11 Paste the SSH public key which you copied in step 8 into your ~/.ssh/authorized_keys file Lets setup Putty on your Windows OS Step 1 Start PuTTY by double-clicking its executable file Step 2 PuTTY’s initial window is the Session Category (navigate PuTTY’s various categories, along the left-hand side of the window) Step 3 In the Host Name field, enter the IP address of your VPS or its fully qualified domain name (FQDN) Step 4 Enter the port number in the Port field (for added security, consider changing your server’s SSH port to a non-standard port. Step 5 Along the left-hand side of the window, select the Data sub-category, under Connection Step 6 Specify the username that you plan on using, when logging in to the SSH server, and whose profile you’re saving, in the Auto-login username field Step 7 Expand the SSH sub-category, under Connection Step 8 Highlight the Auth sub-category and click the Browse button, on the right-hand side of the PuTTY window Step 9 Browse your file system and select your previously-created private key Step 10 Return to the Session Category and enter a name for this profile in the Saved Sessions field, e.g. user@123.456.78.9 or user@host.yourdomain.tld Step 11 Click the Save button Now you can go ahead and log in to your server and you will not be prompted for a password. Finally let’s disable username/password login on your vps/dedicated server Step 1 Open /etc/ssh/sshd_config nano /etc/ssh/sshd_config Step 1 Lets change both “PasswordAuthentication” and “UsePAM” options to “no” [...] PasswordAuthentication no [...] UsePAM no [...] Step 2 Restart your SSH server service sshd restart
October 11, 20231 yr Hello Sandeep, work fine for SSH connection via PuTTY but i have some problems with rsync connection from my Synology NAS device. With SSH key generated with PuTTYgen (without passphrase) don't pass verifying, but with server default key (from "id_rsa") pass verifying process, but after that on rsync connection return me this error: Quote Authentication failed. Please make sure the username and SSH key are both correct and the corresponding file protocol has been enabled on the source server. (root@xxx.xxx.xxx.xxx: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive).[rsync code 255]) Why happened this and how to fix it? And why UsePAM must to be "no"? It's can to be from this? Thank you in advance and i expect your reply!
October 15, 20231 yr Author did you tried with pam yes ? you need to change the private key to pem format and try
October 16, 20231 yr Hello Sandeep, after the changes from this link: https://phoenixnap.com/kb/ssh-permission-denied-publickey the error message it's changed to: Authentication failed. Please make sure the username and SSH key are both correct and the corresponding file protocol has been enabled on the source server. (root@xxx.xxx.xxx.xxx: Permission denied (publickey,password). [rsync code 255]) I convert the "id_rsa" to *.pem but without results and still don't connected via SSH, any other idea? Thank you in advance! Edited October 16, 20231 yr by torettos
October 19, 20231 yr Author i've tested the upper steps and its still working fine for me. You can DM me with server details for the checks
February 9, 20241 yr Pleased to observe this! Great facts and the clarity of detail revealed is excellent! Thanks and good day!
Create an account or sign in to comment