LAB :: Public Key based SSH

# super user command.

$ normal user command.
Username apnic and password training .

VM Details

[group01.apnictraining.net] [192.168.30.1]
[group02.apnictraining.net] [192.168.30.2]
......
[group10.apnictraining.net] [192.168.30.10]
[group11.apnictraining.net] [192.168.30.11]
......
[group20.apnictraining.net] [192.168.30.20]
[group21.apnictraining.net] [192.168.30.21]
......
[group30.apnictraining.net] [192.168.30.30]

Software Required:

PuTTY (the Telnet and SSH client itself)

PuTTYgen (an RSA and DSA key generation utility)

Step 1: Generating SSH key-pair

1. Start the PuTTYgen utility (double-click) its .exe file.

2. For Type of key to generate , select SSH-2 RSA

3. In the Number of bits in a generated key field, specify either 204 or 4096 . Increasing the
bits makes it harder to crack the key by brute-force methods.

4. Click the Generate button.

5. Move your mouse pointer randomly in the blank area of the Key section, below the progress bar (to
generate some randomness) until the progress bar is full.

6. A private/public key pair has now been generated. Note they key fingerprint.

7. In the Key comment field, enter your email address.

 8. Enter the Key passphrase field & re-type the same passphrase in the Confirm passphrase
field. This protects your private key!

9. Click the Save private key button and save as private_key .

10. Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys
file and choose Select All .

11. Right-click again in the same text field and choose Copy .
12. Open a notepad, paste the public key, and save it as .txt file.

Step 2: Save your public key on the server

1. Log in to your server

2. Check if the .ssh folder exists

ls -lah

3. If .ssh folder does not exist, create it manually:

mkdir .ssh
chmod 0700 .ssh
touch .ssh/authorized_keys
chmod 0644 .ssh/authorized_keys

4. Paste your SSH public key into ~/.ssh/authorized_keys file:

sudo vi .ssh/authorized_keys

5. Tap the i key on your keyboard to insert & right-click your mouse to paste.

6. To save and quit: First press Esc key and then type :wq

Step 3: Create a PuTTY profile to save your server's settings

In PuTTY, you can create (and save) profiles for connections to various ervers, so you don't have to
remember, aor continually re-type redundant information.

1. Start PuTTY by double-clicking its executable file.

2. PuTTY's initial window is the Session Category (navigate PuTTY's various categories, along the
left-hand side of the window).

3. In the Host Name field, enter the IP address/Hostname of the server

( groupX.apnictraining.net or 192.168.30.X )

4. Enter the port number in the Port field as 22 .

5. Along the left-hand side of the window, select Connection > SSH > Auth

6. Browse your file system and select your saved private key.
 7. Return to the Session Category and enter a name for this profile in the Saved Sessions
field (Ex: [email protected] )

8. Click the Save button for the Load, Save or Delete a stored session area.

Step 4: Login to the server using your public key

1. Login to your server

ssh [email protected]

2. You will NOT be prompted for a password anymore. However, if you had set a passphrase, you will be
asked to enter the passphrase which protects your private key (will prompt you every time you log in),
as shown below:

***END OF EXERCISE***