SSH Authentication on Linux

Here is a step-by-step explanation how to configure Linux server to be accessible over SSH.


1. Setup public/private keys for your user.

On server:

– Login to server as your user

– Go to home folder: cd ~/

– Generate the keys:

ssh-keygen -t rsa

Accept the file names it wants to use (must be stored at /home/myuser/.ssh/)

Don’t enter a passphrase (just enter). You will want to redo do this with a passphrase later.

– add the pub key to the authorized_keys file:

cat id_rsa.pub > authorized_keys

– Set permissions on your ~/.ssh folder: chmod 700 ~/.ssh
– Set permissions on your ~/.ssh/authorized_keys: chmod 600 ~/.ssh/authorized_keys

 

Locally (on Windows):

– Copy id_rsa and id_rsa.pub files from the server to your local hard drive (use winscp or sftp or some such tool) and save them to c:\users\userName\.ssh directory (for Windows 7)

– convert the keys to the format that putty understands.

To do this run puttygen.exe and load your private key copied from the server.

Save your private key (id_rsa.ppk) to your local hard drive  – for example, save to c:\users\username\.ssh\id_rsa.ppk.

 

1b. Another another way to generate public/private keys: generate keys locally using puttygen.exe and copy public key to the Linux server.

Locally:

  1. Run puttygen.exe
  2. Generate a key pair
  3. Save private and public keys to your local hard drive (usually in folder c:\Users\USERNAME\.ssh\): mykey.ppk, mykey.pub
  4. Check that your public key does not have comments in text and it has one line of text starting with “ssh-rsa”.

You may need to remove these lines:

at the beginning:”—- BEGIN SSH2 PUBLIC KEY —- Comment:”

and at the end: “—- END SSH2 PUBLIC KEY —- “.

 

On server:

  1. Public key should be kept on the server.  Copy your public key file (mykey.pub) to the server to ~/.ssh/mykey.pub.
  2. Run these commands on the server:
chmod 700 ~/.ssh
cd ~/.ssh/
cat mykey.pub > ~/.ssh/authorized_keys
chmod 600 authorized_keys

 

2. Configure sshd server

– edit /etc/ssh/sshd_config and add the line

PubkeyAuthentication yes

– restart the sshd daemon:

sudo /etc/init.d/ssh restart

 

3. Access Linux server from Windows using SSH

– run putty and specify your *.ppk

Now you must be able to access Linux server.

 

Problems with SSH Authentication

If you get errors like ‘Access denied’ while accessing the server then you can view log file to find possible problems:

/var/log/secure

 

Error: SSH Authentication refused: bad ownership or modes for directory /home/user

If you got this error in your log file “SSH Authentication refused: bad ownership or modes for directory /home/user” then read below about two options to fix this problem.

 

SSH doesn’t like it if your home or ~/.ssh directories have group write permissions.

Your home directory should be writable only by owner (you), ~/.ssh should be 700, and authorized_keys should be 600:

chmod g-w /home/myuser
chmod 700 /home/myuser/.ssh
chmod 600 /home/myuser/.ssh/authorized_keys

or another solution to fix it is to change this option in ssh config (/etc/ssh/sshd_config):

StrictModes no