ssh by pem file to Access Server
It is a standard procedure, now how to make this work without using password, using just a .pem file?
PEM or Privacy Enhanced Mail is a Base64 encoded DER certificate. PEM certificates are frequently used for web servers as they can easily be translated into readable data using a simple text editor. Generally when a PEM encoded file is opened in a text editor, it contains very distinct headers and footers.
PEM is a widely used encoding format for security certificates. Syntax and content is defined by X.509 v3 standards for digital certificates, defined in IETF RFC 5280 specifications. The main file extensions are .pem, .crt, .ca-bundle.
A PEM certificate is a base64 (ASCII) encoded block of data encapsulated between
-----BEGIN CERTIFICATE REQUEST----- ……. And …… -----END CERTIFICATE REQUEST-----
Above is the example of a CSR (certificate signing request) in PEM format. You can see that PEM has the characteristics of containing a header, the body (which consists mainly of code) and footer.
The header and footer is what identifies the type of file, however be aware that not all PEM files necessarily need them.
-----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- show a CSR in PEM format. -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- show a private key in PEM format. -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- show a certificate file in PEM format.
To ssh using pem file there are few steps you have to follow
1.Generating Key Pairs
To generate an RSA key pair for version 2 of the SSH protocol, follow these steps:
- Generate an RSA key pair by typing the following at a shell prompt:
$ ssh-keygen or $ ssh-keygen -t rsa -b 2048 -v
Optional: To increase the security of your key, increase the size with the –b flag. The minimum value is 768 bytes and the default, if you do not use the flag, is 2048 bytes. We recommend a 4096 byte key:
- And when asked to enter file in which to save the key, type linux_point and when asked to enter passphrase, press Enter (empty passphrase) and confirm by
$ ls linux_point linux_point.pub
- Here we will get two files generated, one will be my-certificate and one will be pub, rename the my-certificate to linux_point.pem, so you will have two files, linux_point.pub and linux_point.pem
$ mv linux_point linux_point.pem
- Change the permissions of the ~/.ssh/ directory
$ chmod 700 ~/.ssh
- Create a file ~/.ssh/authorized_keys if already exist ignore this step
$ vim ~/.ssh/authorized_keys
- Changes are made in file ~/.ssh/authorized_keys such as copy the pub in file ~/.ssh/authorized_keys on the machine to which you want to connect, appending it to its end if the file already exists.
- And Change the permissions of the ~/.ssh/authorized_keys file using the following command:
$ chmod 600 ~/.ssh/authorized_keys
Now download the pem file (linux_point.pem) in your drive or system from where you want to Access the Server.
Using Key-Based Authentication
To improve the system security even further, you can enforce key-based authentication by disabling the standard password authentication. To do so, open the /etc/ssh/sshd_config configuration file in a text editor such as vim, and change or uncomment if exist the option as follows:
$ sudo vim /etc/ssh/sshd_config RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no # Change to no to disable s/key passwords ChallengeResponseAuthentication no #UsePAM no UsePAM yes Save and exit (:wq)
After that restart sshd service
$ sudo systemctl restart sshd or $ sudo service sshd restart
Now access the server by ssh through pem file ( without password ) from local.
$ ssh –i <path to pem file(linux_point.pem)> <user>linux_point@<IP> Last login: Mon Jul 17 15:35:38 2017 from XXX.XXX.XXX.XX [linuxpoint@XXX.XXX.XXX.XX ~]$ _
Like and share @Thank you