Authorize a user to authenticate with SSH key
NOTE: I am assuming that
sshd
is already up and running on your Skynet server. If not, runsystemctl status sshd
, if down you can runsystemctl start sshd
andsystemctl enable sshd
to start the service and allow it to run at system startup.
For the purposes of this example the we'll say that the username is jconnor and his key pair is the following:
Private Key:
PuTTY-User-Key-File-2: ssh-ed25519
Encryption: aes256-cbc
Comment: John-Connors-Keys
Public-Lines: 2
AAAAC3NzaC1lZDI1NTE5AAAAIK1J3fGJeohGB5XvdfeQ3xlTSq5FfXAfUwS9FFSe
4Orv
Private-Lines: 1
Xpx0vb2B9/2Y9KCO1avZ1b8rCDvvhfp0ManS+u7AdDetOd7/vlfqAwgbqYMPqoZF
Private-MAC: 9135a8f0b42954f5b2d5fd6de10800551f867ac0
Public Key:
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "John-Connors-Keys"
AAAAC3NzaC1lZDI1NTE5AAAAIK1J3fGJeohGB5XvdfeQ3xlTSq5FfXAfUwS9FFSe
4Orv
---- END SSH2 PUBLIC KEY ----
Let's say that we want good ol' Johny Connor to be able to authenticate to the Skynet server with an SSH key.
For that, the following commands will have to be executed as root on the Skynet server:
- Go to John Connor's home folder:
root@skynet:~$ cd /home/jconnor
- Create a directory named .ssh and grant it rights and ownership as follows:
root@skynet:/home/jconnor$ mkdir .ssh
root@skynet:/home/jconnor$ chown jconnor:jconnor .ssh
root@skynet:/home/jconnor$ chmod 700 .ssh
- Go inside .ssh and create a file named authorized_keys:
root@skynet:/home/jconnor$ cd .ssh
root@skynet:/home/jconnor/.ssh$ touch authorized_keys
- Open authorized_keys with any editor you want and add the following line, save and exit:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK1J3fGJeohGB5XvdfeQ3xlTSq5FfXAfUwS9FFSe4Orv John-Connors-Keys
The information needed to create this line is all in the private key, it's basically the concatenation of PuTTY-User-Key-File-2 + (blank space) + Public-Lines + (blank space) + Comment
5. Grant the file rights and ownership as follows:
root@skynet:/home/jconnor/.ssh$ chmod 600 authorized_keys
root@skynet:/home/jconnor/.ssh$ chown jconnor:jconnor authorized_keys
That's it, now good ole Johny C. can connect to Skynet server from any machine using Putty and his private key.
ssh -i /path/to/private_key.whatever jconnor@1.2.3.4