Monday, June 8, 2015

SSH - Key-based Authentication

SSH has many way to authenticate user, and commonly, password based authentication is used.

Password based authentication is easy to setup and use, however, it poses a lot of security challenges.

An alternate way to log into SSH enabled system is key-based authentication. Key based authenticate makes use of public key infrastructure where a public and private key pair is used for authentication. While the private key should be held in secret by the user, the public key will be uploaded to the SSH remote server for authentication.

Below are the steps to enable key based authentication for a User A to log into remote server via SSH as User B

1. As User A, use ssh-keygen to generate a pair of authentication key without a pass phase

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/userA/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/userA/.ssh/id_rsa.
Your public key has been saved in /home/userA/.ssh/
The key fingerprint is:

2. Create a .ssh folder for User B (You will be required to log in with User B password)

$ ssh mkdir -p .ssh's password:

3. Append User A new public key to User B .ssh/authorized_keys (You will be required to log in with User B password)

$ cat ~/.ssh/ | ssh 'cat >> .ssh/authorized_keys''s password:

4. Test key based authentication SSH login for user B (if setup successfully, no password is required to be entered)

$ ssh
Last login: Mon Dec 21 12:31:16 2014 from

Windows 7 - STOP 0x0000007B (0xFFFFF880009A97E8 0xFFFFFFFFC0000034 0x0000000000 0x0000000000)

If you encounter STOP 0x0000007B (0xFFFFF880009A97E8 0xFFFFFFFFC0000034 0x0000000000 0x0000000000) blue screen of death. This is very like...