SSH uses encryption key to secure connection. The client creates the Key pair. The public key is then added to the server authorized keys.
ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): <empty> Enter passphrase (empty for no passphrase): <empty> Enter same passphrase again: <empty> Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key pair associated to this user@host is located in ~/.ssh/
Download Putty from:http://www.putty.org/
The full package includes PuTTYgen Key Generator that can be used to generate a key pair on Windows. Private key (.ppk) must be stored securely.
Install OpenSSH server (if not installed by default)
sudo apt-get install openssh-server
Import clients public keys:
Note: The authorized public key file must be write-protected: anybody that can add a key can gain SSH access!
# copy client public key (id_rsa.pub) to server host (ex: via USB key) cat /firstname.lastname@example.org >> ~/.ssh/authorized_keys chmod 644 ~/.ssh/authorized_keys
# To generate server keys sudo dpkg-reconfigure openssh-server # Start the server sudo service ssh start
To start ssh server automatically:
echo "#!/bin/bash" | sudo tee /usr/local/bin/start-ssh-server echo "service ssh start" | sudo tee -a /usr/local/bin/start-ssh-server sudo chmod 744 /usr/local/bin/start-ssh-server
echo "bertrand ALL= NOPASSWD: /usr/local/bin/start-ssh-server" | sudo tee /etc/sudoers.d/50-ssh-server sudo chmod 440 /etc/sudoers.d/50-ssh-server
# add -X to enable X forwarding (allows to run GUI) ssh -X user@server [cmd]
# Invoke Putty from command line: putty.exe -ssh -i C:\Users\user\ssh\email@example.com user@server # To recalled a saved session: putty.exe -load "SSH_Server" # Tera Term Pro can also be used: ttermpro.exe server /ssh /auth=publickey /user=user /keyfile=\Users\user\ssh\firstname.lastname@example.org-Jun-2019