Using RSA certificate will increase your account/server security. You can configure SSH server to only accept RSA certificate for your root user. Here is how to use certificates for authentications.
On your local system (laptop/workstation/etc)
First we will create the certificate on your local system.
[sourcecode language=”text”]
john@debian7-dev:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/john/.ssh/id_rsa):
/home/john/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/john/.ssh/id_rsa.
Your public key has been saved in /home/john/.ssh/id_rsa.pub.
The key fingerprint is:
df:35:53:7a:63:6c:b6:95:c6:90:4c:ec:54:fd:03:99 john@debian7-dev
The key’s randomart image is:
[/sourcecode]
Now your certificate have been created, and stored in your home folder/.ssh/id_rsa
Now we need to copy/install the certificate on the remote system.
On your local system: (when copying the certificate to the remote account it will ask for your password on the remote system)
[sourcecode language=”text”]
john@debian7-dev:~$ ssh-copy-id john@192.168.1.100
john@192.168.1.100’s password:
Now try logging into the machine, with "ssh ‘john@192.168.1.100’", and check in:
~/.ssh/authorized_keys
to make sure we haven’t added extra keys that you weren’t expecting.
[/sourcecode]
Then you are ready to log on to the remote system as john without using passwords.
Happy sshing!
About Author
