Really busy for these days. Haven’t posted for a long time~~.
Yo! I am back.

近來試一試 openSUSE 去SETUP 一台 WEB SERVER. 因為要放上data center, 所以要set SSH connect 去server.

1. Generate SSH Key
$ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/chowky/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/chowky/.ssh/id_rsa.
Your public key has been saved in /home/chowky/.ssh/id_rsa.pub.
The key fingerprint is:
XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX chowky@linux

2. check the files generated
$ ls /home/chowky/.ssh
id_rsa id_rsa.pub

Note: id_rsa is private key. 你要keep 這個file. copy to USB drive
id_rsa.pub is public key

3. import the key to the .ssh folder. 找不到的話就自己 create 一個.
$ cd /home/chowky/.ssh
$ cat id_rsa.pub >> /home/chowky/.ssh/authorized_keys

4. Modify “/etc/ssh/sshd_config” …(只識用nano…vi 不太熟…). 修改以下value.
RSAAuthentication yes
PubkeyAuthentication yes

disable password security，因為改用了RSA Keypair Authentication.
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM yes

Reload the server configuration:
$ sudo /etc/init.d/sshd force-reload

如果你用 ssh connect 的話 (linux or install cygwin in windows only)
copy private key “id_rsa” file to the client machine.
$ mkdir /home/user/.ssh
$ cp /YOUR_ID_RSA_PATH/id_rsa /home/user/.ssh
$ chmod 0600 -R /home/user/.ssh

你可以用以下的command connect to the server
$ ssh chowky@YOUR_IP_ADDRESS
Enter passphrase for key ‘/home/chowky/.ssh/id_rsa’:

如果又不想 install cygwin 的話都可以用PUTTY…

1. downlaod putty
2. download puttygen
3. Puttygen. Click Load. 之後打passphrase of the key.

4. Save private key.
5. Putty 之後就可以用這個.ppk 的private key connect.

大家可以試下 記得是 openSUSE 10 以下才會成功….

openSUSE 11 就會失…失敗了 (permission denied)..搞了 chowky 很多時間…

其實是有點CONFIG 改了…..
大家改一改server 之前改過的 /etc/ssh/sshd_config

AuthorizedKeysFile .ssh/authorized_keys
-to-
AuthorizedKeysFile %h/.ssh/authorized_keys

之後再 Reload the server configuration:
$ sudo /etc/init.d/sshd force-reload

完成!~

Public key authentication is not working anymore

Version: 11.3+The following applies starting from openSUSE 11.3.
Since openSSH 5.4, relative paths in configuration are no longer allowed. When pointing to the authorized _keys file make sure you use %h/ in front of the path to your authorized_keys file. Older versions still can do without. In /etc/ssh/sshd_config change:

AuthorizedKeysFile .ssh/authorized_keys
-to-
AuthorizedKeysFile %h/.ssh/authorized_keys

這對SET server 的朋友應該會有用~
Reference: http://en.opensuse.org/SDB:OpenSSH_public_key_authentication#Security