Instructions on restricting ssh login to key-based (ie not by password) and generating the keys necessary for the log-in. This was done with putty running in Windows, and OpenSSH running on Debian.
Generate Keys with Putty
- Run puttygen.exe
- Choose either ssh2-rsa or ssh2-dsa
- Increase key size to 2048 (because we can)
- Click “Generate”
- Add a comment such “Desktop”
- Add a passphrase
- Save the private key
- Save the public key
Configure Putty to use private key
- Modify the profile that you would liek to use key authentication
- Go to SSH->Auth
- Under “Private key file . . .”, select the private key generated above
Configure sshd to accept private key
- Login to the target machine with the target username
- go to ~/.ssh
- Modify / create authorized_keys
- Copy and paste the public key saved above into the authorized_keys file.
- Make sure that you do not introduce any extra characters (like line returns) in the key
- Test the set-up by logging in with putty.
- When you connect with putty, putty should ask you the passphrase to the private key, but you should not have to type in the password for the user on the target machine
- If it doesn’t work, figure it out!
- Make sure you did the test, and you can log-in with the key based authentication.
- Modify /etc/ssh/sshd_config:
PermitRootLogin no PasswordAuthentication no
- Restart sshd