Here is a step-by-step explanation how to configure Linux server to be accessible over SSH.
1. Setup public/private keys for your user.
On server:
– Login to server as your user
– Go to home folder: cd ~/
– Generate the keys:
[codesyntax lang=”bash”]
ssh-keygen -t rsa
[/codesyntax]
Accept the file names it wants to use (must be stored at /home/myuser/.ssh/)
Don’t enter a passphrase (just enter). You will want to redo do this with a passphrase later.
– add the pub key to the authorized_keys file:
[codesyntax lang=”bash”]
cat id_rsa.pub > authorized_keys
[/codesyntax]
– Set permissions on your ~/.ssh folder: chmod 700 ~/.ssh
– Set permissions on your ~/.ssh/authorized_keys: chmod 600 ~/.ssh/authorized_keys
Locally (on Windows):
– Copy id_rsa
and id_rsa.pub
files from the server to your local hard drive (use winscp or sftp or some such tool) and save them to c:\users\userName\.ssh directory (for Windows 7)
– convert the keys to the format that putty understands.
To do this run puttygen.exe and load your private key copied from the server.
Save your private key (id_rsa.ppk) to your local hard drive – for example, save to c:\users\username\.ssh\id_rsa.ppk.
1b. Another another way to generate public/private keys: generate keys locally using puttygen.exe and copy public key to the Linux server.
Locally:
- Run puttygen.exe
- Generate a key pair
- Save private and public keys to your local hard drive (usually in folder c:\Users\USERNAME\.ssh\): mykey.ppk, mykey.pub
- Check that your public key does not have comments in text and it has one line of text starting with “ssh-rsa”.
You may need to remove these lines:
at the beginning:”—- BEGIN SSH2 PUBLIC KEY —- Comment:”
and at the end: “—- END SSH2 PUBLIC KEY —- “.
On server:
- Public key should be kept on the server. Copy your public key file (mykey.pub) to the server to ~/.ssh/mykey.pub.
- Run these commands on the server:
[codesyntax lang=”bash”]
chmod 700 ~/.ssh
cd ~/.ssh/
cat mykey.pub > ~/.ssh/authorized_keys
chmod 600 authorized_keys
[/codesyntax]
2. Configure sshd server
– edit /etc/ssh/sshd_config and add the line
[codesyntax lang=”bash”]
PubkeyAuthentication yes
[/codesyntax]
– restart the sshd daemon:
[codesyntax lang=”bash”]
sudo /etc/init.d/ssh restart
[/codesyntax]
3. Access Linux server from Windows using SSH
– run putty and specify your *.ppk
Now you must be able to access Linux server.
Problems with SSH Authentication
If you get errors like ‘Access denied’ while accessing the server then you can view log file to find possible problems:
[codesyntax lang=”bash”]
/var/log/secure
[/codesyntax]
Error: SSH Authentication refused: bad ownership or modes for directory /home/user
If you got this error in your log file “SSH Authentication refused: bad ownership or modes for directory /home/user” then read below about two options to fix this problem.
SSH doesn’t like it if your home or ~/.ssh directories have group write permissions.
Your home directory should be writable only by owner (you), ~/.ssh should be 700, and authorized_keys should be 600:
[codesyntax lang=”bash”]
chmod g-w /home/myuser
chmod 700 /home/myuser/.ssh
chmod 600 /home/myuser/.ssh/authorized_keys
[/codesyntax]
or another solution to fix it is to change this option in ssh config (/etc/ssh/sshd_config):
[codesyntax lang=”bash”]
StrictModes no
[/codesyntax]
One thought on “SSH Authentication on Linux”