How to Generate pem file to ssh the server without Password in Linux

ssh by pem file to Access Server

It is a standard procedure, now how to make this work without using password, using just a .pem file?

PEM

PEM or Privacy Enhanced Mail is a Base64 encoded DER certificate.  PEM certificates are frequently used for web servers as they can easily be translated into readable data using a simple text editor.  Generally when a PEM encoded file is opened in a text editor, it contains very distinct headers and footers.

PEM is a widely used encoding format for security certificates. Syntax and content is defined by X.509 v3 standards for digital certificates, defined in IETF RFC 5280 specifications. The main file extensions are .pem, .crt, .ca-bundle.

A PEM certificate is a base64 (ASCII) encoded block of data encapsulated between

-----BEGIN CERTIFICATE REQUEST-----
 …….
And
……
-----END CERTIFICATE REQUEST-----

Above is the example of a CSR (certificate signing request) in PEM format.  You can see that PEM has the characteristics of containing a header, the body (which consists mainly of code) and footer.

The header and footer is what identifies the type of file, however be aware that not all PEM files necessarily need them.

-----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- show a CSR in PEM format.
 -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- show a private key in PEM format.
 -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- show a certificate file in PEM format.

To ssh using pem file there are few steps you have to follow

1.Generating Key Pairs

To generate an RSA key pair for version 2 of the SSH protocol, follow these steps:

  1. Generate an RSA key pair by typing the following at a shell prompt:
 $ ssh-keygen   or

 $ ssh-keygen   -t  rsa   -b  2048  -v

Optional: To increase the security of your key, increase the size with the –b flag. The minimum value is 768 bytes and the default, if you do not use the flag, is 2048 bytes. We recommend a 4096 byte key:

  • And when asked to enter file in which to save the key, type linux_point and when asked to enter passphrase, press Enter (empty passphrase) and confirm by
$ ls 

      linux_point       linux_point.pub 

 

  • Here we will get two files generated, one will be my-certificate and one will be pub, rename the my-certificate to linux_point.pem, so you will have two files, linux_point.pub and linux_point.pem
         $ mv    linux_point      linux_point.pem
  • Change the permissions of the ~/.ssh/  directory

 

$ chmod    700   ~/.ssh
  • Create a file ~/.ssh/authorized_keys  if already exist ignore this step

 

$ vim     ~/.ssh/authorized_keys

 

  • Changes are made in file ~/.ssh/authorized_keys such as copy the pub in file ~/.ssh/authorized_keys on the machine to which you want to connect, appending it to its end if the file already exists.
  • And Change the permissions of the ~/.ssh/authorized_keys file using the following command:
chmod   600  ~/.ssh/authorized_keys  

 

Now  download the pem file (linux_point.pem) in your drive or system from where you want to Access the Server.

Using Key-Based Authentication

To improve the system security even further, you can enforce key-based authentication by disabling the standard password authentication. To do so, open the /etc/ssh/sshd_config configuration file in a text editor such as vim, and change or uncomment if exist the option as follows:

$ sudo    vim     /etc/ssh/sshd_config

RSAAuthentication             yes

PubkeyAuthentication      yes

AuthorizedKeysFile      .ssh/authorized_keys

PasswordAuthentication    no

# Change to no to disable s/key passwords

ChallengeResponseAuthentication    no



#UsePAM no

UsePAM        yes

Save and exit (:wq)

After that restart   sshd  service

$ sudo systemctl  restart sshd

or

$ sudo service sshd restart 

Now access the server by ssh through pem file ( without password ) from local.

$ ssh –i <path to pem file(linux_point.pem)> <user>linux_point@<IP> 

Last login: Mon Jul 17 15:35:38 2017 from XXX.XXX.XXX.XX

[linuxpoint@XXX.XXX.XXX.XX ~]$ _

 

Like and share @Thank you

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s