First, you need to create the key pair on the client machine by issuing the following command. Als admin im ~ Verzeichnis:
ssh-keygen -t rsaThe use of a passphrase is optional. If you elect to use a passphrase, then you will have the extra security of having to enter it each time you use the key. If the passphrase does not match, you, or anyone else using your private key, will not be able to connect.
Once you enter the ssh-keygen command, you will go through a process like the following:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/admin/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/admin/.ssh/id_rsa.
Your public key has been saved in /home/admin/.ssh/id_rsa.pub.
The key fingerprint is:
4a:ee:4a:e5:69:8r:5d:e5:89:25:6d:14:85:6f:55:23 admin@a
The key's randomart image is:
+--[ RSA 2048]----+
| .oo. |
| . o.D |
| + . o |
| . = = . |
| = F = . |
| o + = + |
| . o + o . |
| . o |
| |
+-----------------+Your dedicated or VPS server's public key is now located in /home/admin/.ssh/id_rsa.pub and the private key is located in /home/admin/.ssh/id_rsa
Now that we have generated the key pair, you can place the public key on the virtual or dedicated server that you are going to use.
Copy the public key into the new machine's authorized_keys file with the ssh-copy-id command. Make sure to replace the example username and IP address below.
ssh-copy-id admin@123.123.123.123, also:
ssh-copy-id admin@pehoniBei Fehler:
ssh-copy-id admin@pehoni
Could not open a connection to your authentication agent.
no keys foundLösung:
eval `ssh-agent -c`ssh-copy-id -i ~/.ssh/id_rsa.pub admin@pehoniYou should have an output like this:
The authenticity of host '123.123.123.123 (123.123.123.123)' can't be established.
RSA key fingerprint is 4a:ee:4a:e5:69:8r:5d:e5:89:25:6d:14:85:6f:55:23.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '123.123.123.123' (RSA) to the list of known hosts.
user@123.123.123.123's password: Jetzt die Datei id_rsa herunterladen und vom Server löschen.
Da Putty diese Datei so nicht verwenden kann, die Datei in PuTTYgen öffnen und mit "Save private key" als .ppk-Datei speichern
ToDo: Das hier muss man wohl dem Hostnet support schreiben, da ich die sshd_config nicht ändern darf...
After you have copied your SSH keys into your server and only after you make sure that you can log in with the SSH keys alone, you can restrict the root login to only be permitted via SSH keys. To accomplish this , open the SSH config file with your editor of choice:
sudo vi /etc/ssh/sshd_configBy default PasswordAuthentication is set to yes, so explicitly commenting it in /etc/ssh/sshd_config and restart sshd has no effect. You'll need to explicitly set PasswordAuthentication no to allow only Public Key Authentication:
PasswordAuthentication no
PubkeyAuthentication yes