It is not totally correct saying:SSH login with certificate as actually a public/private keypair is used for this type of authentication.
Let’s see how it works.
This explains how to login to your remote linux machine ssh instance with a public keys pair authentication and (more) optionally, how to not use any password, just the private and public keys pair.
You should be able to generate a key pair on your client machine with following command:
ssh-keygen -t rsa -b 2048
Windows users can read this guide about how to use putty to generate a keypair and then how to convert to openssh
When asked for a password, just hit Enter leaving it blank (don’t worry about that as this i a password for adding security, but this is the compromise).
At this point you need to copy the content of your id_rsa.pub into the remote machine file named “authorized_keys” normally under the .ssh directory into the actual user home.
from my machine i just type
cat .ssh/id_rsa.pub | ssh firstname.lastname@example.org -p 5002 'cat >> .ssh/authorized_keys'
As you can see i use a non standard port for ssh server, so i can avoid bruteforce attacks on my ssh server, also i don’t tell scanners that i have an ssh server listening.
If you want you can login on the remote machine and paste the copied (into clipboard) key using nano, but pay attention during copy because you don’t have to end with more than one line, so no wrap.
Now you have done! in order to test your configuration just type on your client
ssh -l remoteuser remoteserver.com
and you can login to your ssh without being requested for a password!
If you have any problem i suggest you to look into the right log files.
Sometimes it can happen that you confuse this with that
- The keypair has to be generated by the local user so ssh will automatically read your key during connection and you don’t need to specify where keys are stored, otherwise this is how to specify wich private key has to be used during connection:
ssh -i /home/some_folder/some_key
- You need to copy on the remote machine only the public key
- the username of the local user does not matter during authentication. Well it doesn’t matter at all.
- The username wich matters is the one you pass right after the “-l” switch. This username must match the username for the remote user wich you copied the key into the remote machine authorized_keys for.
This is all about how to SSH login with certificate. Hope you liked it.
Any comment is appreciated