Logon To Your Linux Box Using SSH Keys

I’ve been recently working with AWS EC2 instances and have found that the SSH keys that they require for secure login practices actually have some nice benefits. For one thing, once I’ve generated a keyfile that uniquely identifies me on my local PC, I can use that keyfile to quickly and easily login to any server without having to remember passwords and login credentials. Having to get in and out of over a dozen different servers every week, and nearly 100 different servers over the course of a year, the use of key sharing certainly has the potential to save a lot of keystrokes.

In a nutshell, here is the pieces that make it work:

Create a unique fingerprint on your local machine
Initalize the SSH environment for your user login on the remote environment
Store that fingerprint in the SSH environment on the remote system

Once you have completed these steps, you will be able to login by simply typing in your username on the remote system. Your SSH compatible terminal program (I use PuTTY these days) will swap credentials with the server using your digital fingerprint in place of typing in a password.

The more detailed steps listed here assume a Redhat distribution of Linux and use of PuTTY and Puttygen on a Windows box (I’m using Vista at the moment).

Get Puttygen and generate a new key:
1. Run the Puttygen program
2. Click Generate
3. When finished, click Save private key. I like to save the file with a -priv.ppk ending on the file name (Puttygen will not create an extension by default).
4. In case you need one later, it is a good idea to save a public key as well.
5. Highlight the key text in they key box and copy it (Ctrl-C or Right-Click Copy).
Login to the remote system with your login credentials.
Check for a .ssh directory with an id_rsa.pub and id_rsa file within, if they are missing you’ll need to create an RSA fingerprint on the server* for handshaking as noted here:
1. Enter the following command and the command prompt:
  ssh-keygen -t rsa
2. Accept the defaults for the prompts.
  *note: while you don’t necessarily need to generate the key, this will normally create the .ssh directory where you’ll need to put your authorized_keys file later.
Enter the key in the authorized_key file on the remote server:
1. Open the authorized_keys file within the .ssh directory with your favorite editor (I prefer vi, some more skilled professionals will lean toward emacs or even vims). If this is the first key you are putting online you may need to create this file.
2. Paste in the key you copied from Puttygen as a single line within the file and save the file.
3. Make sure the file has limited write access, such as rw-r–r– (chmod 500 authorized_keys).
Now you can start Putty and configure your session.
1. Enter the host name.
2. Under the Category:Connection:SSH:Auth setting you should browse to the Private Key file you saved in step 1.3 above.
3. Go back to the main Category:Session window and Save the session so you don’t have to do this every time.

Now you can connect to the remote server by loading the session, clicking open, and simply typing your username.

Logging Into AWS EC2 Instances With Putty

The process is basically the same as above, however the PEM key that Amazon provides is not PuTTY compatible. Luckily the PuTTY Key Generator, PuTTYGen, will solve the problem for you.

Start PuTTYGen
Click Load
Change to All File (*.*)
Select the PEM key you downloaded from Amazon
Save private key (ignore the no passphrase warning)

You can use the newly converted & saved .ppk key file with PuTTY to access your AWS EC2 Instance.

If you are using the default security group, make sure you open up port 22, preferably for your client IP address with a bitmask of /32. Otherwise every hacker in the world will be trying to brute force your system.

0 Comment | Posted in Cloud Computing,Desktop Apps,SSH,Security,Tips & Tricks,blog by lcleveland on November 12, 2009