OpenSUSE 11 SSH Keypair generation + window connect with Putty 教學…..失敗以及解決方法

Really busy for these days. Haven’t posted for a long time~~.
Yo! I am back.

近來試一試 openSUSE 去SETUP 一台 WEB SERVER. 因為要放上data center, 所以要set SSH connect 去server.

1. Generate SSH Key
$ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/chowky/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/chowky/.ssh/id_rsa.
Your public key has been saved in /home/chowky/.ssh/id_rsa.pub.
The key fingerprint is:
XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX chowky@linux

2. check the files generated
$ ls /home/chowky/.ssh
id_rsa id_rsa.pub

Note: id_rsa is private key. 你要keep 這個file. copy to USB drive
id_rsa.pub is public key

3. import the key to the .ssh folder. 找不到的話就自己 create 一個.
$ cd /home/chowky/.ssh
$ cat id_rsa.pub >> /home/chowky/.ssh/authorized_keys

4. Modify “/etc/ssh/sshd_config” …(只識用nano…vi 不太熟…). 修改以下value.
RSAAuthentication yes
PubkeyAuthentication yes

disable password security,因為改用了RSA Keypair Authentication.
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM yes

Reload the server configuration:
$ sudo /etc/init.d/sshd force-reload


如果你用 ssh connect 的話 (linux or install cygwin in windows only)
copy private key “id_rsa” file to the client machine.
$ mkdir /home/user/.ssh
$ cp /YOUR_ID_RSA_PATH/id_rsa /home/user/.ssh
$ chmod 0600 -R /home/user/.ssh

你可以用以下的command connect to the server
$ ssh chowky@YOUR_IP_ADDRESS
Enter passphrase for key ‘/home/chowky/.ssh/id_rsa’:

如果又不想 install cygwin 的話都可以用PUTTY…

1. downlaod putty
2. download puttygen
3. Puttygen. Click Load. 之後打passphrase of the key.

4. Save private key.
5. Putty 之後就可以用這個.ppk 的private key connect.

大家可以試下 記得是 openSUSE 10 以下才會成功….

openSUSE 11 就會失…失敗了 (permission denied)..搞了 chowky 很多時間…

其實是有點CONFIG 改了…..
大家改一改server 之前改過的 /etc/ssh/sshd_config

AuthorizedKeysFile .ssh/authorized_keys
-to-
AuthorizedKeysFile %h/.ssh/authorized_keys

之後再 Reload the server configuration:
$ sudo /etc/init.d/sshd force-reload

完成!~

Public key authentication is not working anymore

Version: 11.3+The following applies starting from openSUSE 11.3.
Since openSSH 5.4, relative paths in configuration are no longer allowed. When pointing to the authorized _keys file make sure you use %h/ in front of the path to your authorized_keys file. Older versions still can do without. In /etc/ssh/sshd_config change:

AuthorizedKeysFile .ssh/authorized_keys
-to-
AuthorizedKeysFile %h/.ssh/authorized_keys

這對SET server 的朋友應該會有用~
Reference: http://en.opensuse.org/SDB:OpenSSH_public_key_authentication#Security

Share
About Chowky
Chowky 希望可以透過這個blog 來分享自己學到的知識。亦希望可以分享最新的資訊。 IT 轉變得很快,要常常留意市場的變化,面對大陸的競爭,香港的 IT 方面的人才要更有市場觸覺,緊貼市塲走勢。因為其他地方的IT技術已經走得比以往更快。不進則退,就讓大家一起來交流、提昇IT的心得! Chowky 因為工作關係,所以一開始接觸的是visual basic, foxpro ( 這不代表我老 ) 之後是 .NET, MSSQL 和 Crystal Report. 由工作學到的project management, system analysis and design 以及 system testing, user acceptance tests and different documentations. 另外,由不同的freelance 方面學到dreamweaver, javascript, php, mysql. 後來興起CMS wave, Chowky 亦學會了Joomla! 以及常用的javascript framwork: jquery and mootool. 連deisgn 都要自己包辦,所以接觸了photoshop, illustrator, firework. 新的工作方面,要利用RIA -- Flex and AIR 方面的技術。所以緊接下來應該會多一點分享ria 方面的技術 Chowky 所說的未必是對的,但我深信我所說的是未來 IT Trend. 大家亦應抱著懷疑的態度去分析每一件事,未經思考不要輕易相信。

No Comments, Be The First!

Leave a Reply