Putty/SSH/public keys - am i on the right track

So 2 days later after googling and compiling a number of different articles together until I can make any sense of it all I have managed to generate a key and copy it to the .ssh/authorized keys file.

So I logged out of putty, that's the console/client I am using and it asks for a login. Do I still log in as root with my new passphrase? or have a missed a step ?

8 Replies

When you generated the key using PuttyGen you have to save the private key somewhere and then specify the filename in the connection setup of putty under SSH -> Auth (don't forget to save the connection details). Then it should work. You said you already copied the public key to the server.

The only thing you'll be asked for at login is the password you specified for the private key if you set one. You'll be logged in as the user that has the public key in their .ssh/authorized_keys file.

Under windows you can also use pagent to cache keys and that has to be allowed in that sessions configuration. Very handy though.

@The Other Air Force:

When you generated the key using PuttyGen you have to save the private key somewhere and then specify the filename in the connection setup of putty under SSH -> Auth (don't forget to save the connection details). Then it should work. You said you already copied the public key to the server.

The only thing you'll be asked for at login is the password you specified for the private key if you set one. You'll be logged in as the user that has the public key in their .ssh/authorized_keys file.

That's what I did, only when I go into Putty, I have to put in a login. I go in as root and then I am asked for the passphrase which I put in. i do get connected but I thought the whole point was not to log in as root

You can disable root log ins completely by editing your '/etc/ssh/ssd_config' and finding the "PermitRootLogin" option and set it to "no":

PermitRootLogin no

Or, you could set root logins to only work if you connect via SSH using an SSH pubkey:

PermitRootLogin without-password

After making this change restart SSH:

/etc/init.d/ssh restart

-Tim

Thanks theckman. i will a do little more research into disable root logins and decide upon which is better

That avatar looks like some kind of creepy inflatable sex toy.

James

I don't know how, but I distinctly heard the sound of a needle skidding off of a record when I read that.

@hoopycat:

I don't know how, but I distinctly heard the sound of a needle skidding off of a record when I read that.

Oh, don't pretend you weren't thinking the same thing…

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct