- Unix User Generate Public Key Using Puttygen
- Unix User Command
- Add User Unix
- Unix User Generate Public Key Ssh
The SSH protocol recommended a method for remote login and remote file transfer which provides confidentiality and security for data exchanged between two server systems. The SSH depends upon the use of public key cryptography. The OpenSSH server offers this kind of setup under Linux or Unix-like system. This how-to covers generating and using ssh public keys for automated usage such as:
Being a Sudo user, is it possible to create a SSH key for an user in the same Linux server? This Sudo user doesn't have a Switch user privilege. I have a server where I Login as sudo user say 'admin'(doesn't have switch user privilege) and I have another user say 'user1'. Users must generate a public/private key pair when their site implements host-based authentication or user public-key authentication. For additional options, see the ssh-keygen(1) man page.
Advertisements
- Apr 02, 2019 Users can, thus, place the public key on any server, and subsequently, unlock the same by connecting to it with a client that already possesses the private key. Upon matching up of the two keys, the system unlocks without any irksome dependence on a password.
- Jun 13, 2019.
- Using SSH public-key authentication to connect to a remote system is a robust, more secure alternative to logging in with an account password or passphrase. SSH public-key authentication relies on asymmetric cryptographic algorithms that generate a pair of separate keys (a key pair), one 'private' and the other 'public'.
- Automated Login using the shell scripts
- Making backups
- Run commands from the shell prompt and more
- Login without password
How to configure SSH Public key-based authentication for a Linux/Unix
The reason behind is that the set of public-private keys are unique for each host and in order that the 'server' communicates to the 'client' on ssh we need to generate this unique public key which when copied onto the 'clients' would able to authenticate the 'server'.
The steps and commands are as follows:
- On your local system type: ssh-keygen
- Install public key into remote server: ssh-copy-id user@remote-server-ip-name
- Use ssh for password less login: ssh user@remote-server-ip-name
Let us see all commands in details.
Generating SSH Keys
First, log on to your workstation. For example, log on to workstation called admin.fbsd.nixcraft.org as vivek user. Please refer the following sample setup. You will be logged in, on your local system, AS THE USER you wish to make passwordless ssh connections.
To create the cryptographic keys on your local system powered by FreeBSD/Linux/macOS/ UNIX workstation, enter:
Assign the pass phrase (press [enter] key twice if you don’t want a passphrase). It will create 2 files in ~/.ssh directory as follows:
To create the cryptographic keys on your local system powered by FreeBSD/Linux/macOS/ UNIX workstation, enter:
ssh-keygen -t rsa
Assign the pass phrase (press [enter] key twice if you don’t want a passphrase). It will create 2 files in ~/.ssh directory as follows:
- ~/.ssh/id_rsa : identification (private) key
- ~/.ssh/id_rsa.pub : public key
How to copy a public ley (~/.ssh/id_rsa.pub) to your server
Use the scp command to copy the id_rsa.pub (public key) from your local system to rh9linux.nixcraft.org remote server as authorized_keys file, this is know as, “installing the public key to server”:
Another option is to use the ssh-copy-id command as follows from your local workstation:
scp ~/.ssh/id_rsa.pub [email protected]:~/.ssh/authorized_keys
Another option is to use the ssh-copy-id command as follows from your local workstation:
ssh-copy-id user@remote-box
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
How to login to your remote server using SSH keys
From your local system (e.g. FreeBSD/macOS/Linux/Unix workstation) type the following command:
ssh user@remote-box
ssh [email protected]
Changing the pass-phrase on workstation
To change a passphrase for your ssh keys, use the ssh-keygen command as follows:
OR
ssh-keygen -p
OR
cd ~/.ssh/
ssh-keygen -f id_rsa -p
How to use ssh-agen command
You can use the ssh-agent command to avoid continues passphrase typing at the CLI:
Now ssh server will not use prompt for the password. Above two commands can be added to your ~/.bash_profile file so that as soon as you login into workstation you can set the agent.
ssh-agent $SHELL
ssh-add
Now ssh server will not use prompt for the password. Above two commands can be added to your ~/.bash_profile file so that as soon as you login into workstation you can set the agent.
Deleting the keys hold by ssh-agent
To list keys, enter:
To delete all keys, enter:
To remove specific key, enter:
ssh-add -l
To delete all keys, enter:
ssh-add -D
To remove specific key, enter:
ssh-add -d key
![Public Public](/uploads/1/2/6/0/126011842/682394181.jpg)
See also:
- Man pages: sshd(8),ssh(1),ssh-add(1),ssh-agent(1)
ADVERTISEMENTS
I want to add new user accounts that can connect to my Amazon Elastic Compute Cloud (Amazon EC2) Linux instance using SSH. How do I do that?
Short Description
Every Amazon EC2 Linux instance launches with a default system user account with administrative access to the instance. If multiple users require access to the instance, it's a security best practice to use separate accounts for each user.
You can expedite these steps by using cloud-init and user data. For more information, see How can I give a user permissions to connect to my EC2 Linux instance using SSH?
Resolution
Create a key pair for the new user account
- Create a key pair, or use an existing one, for the new user.
- If you create your own key pair using the command line, follow the recommendations at create-key-pair or New-EC2KeyPair Cmdlet for key type and bit length.
- If you create your own key pair using a third-party tool, be sure that your key matches the guidelines at Importing Your Own Public Key to Amazon EC2.
Add a new user to the EC2 Linux instance
1. Connect to your Linux instance using SSH.
2. Use the adduser command to add a new user account to an EC2 instance (replace new_user with the new account name). The following example creates an associated group, home directory, and an entry in the /etc/passwd file of the instance:
Note: If you add the new_user to an Ubuntu instance, include the --disabled-password option to avoid adding a password to the new account:
3. Change the security context to the new_user account so that folders and files you create have the correct permissions:
Note: When you run the sudo su - new_user command, the name at the top of the command shell prompt changes to reflect the new user account context of your shell session.
4. Create a .ssh directory in the new_user home directory:
5. Use the chmod command to change the .ssh directory's permissions to 700. Changing the permissions restricts access so that only the new_user can read, write, or open the .ssh directory.
6. Use the touch command to create the authorized_keys file in the .ssh directory:
7. Use the chmod command to change the .ssh/authorized_keys file permissions to 600. Changing the file permissions restricts read or write access to the new_user.
Retrieve the public key for your key pair
Retrieve the public key for your key pair using the method that applies to your configuration:
Verify your key pair's fingerprint
After you import your own public key or retrieve the public key for your key pair, follow the steps at Verifying Your Key Pair's Fingerprint.
Update and verify the new user account credentials
After you retrieve the public key, use the command shell session that is running under the context of the new user account to confirm that you have permission to add the public key to the .ssh/authorized_keys file for this account:
1. Run the Linux cat command in append mode:
2. Paste the public key into the .ssh/authorized_keys file and then press Enter.
Note: For most Linux command line interfaces, the Ctrl+Shift+V key combination pastes the contents of the clipboard into the command line window. For the PuTTY command line interface, right-click to paste the contents of the clipboard into the PuTTY command line window.
Unix User Generate Public Key Using Puttygen
3. Press and hold Ctrl+d to exit cat and return to the command line session prompt.
![Unix Unix](/uploads/1/2/6/0/126011842/381424019.jpg)
(Optional) Allow the new user to use sudo
Note: If you don't want to allow the new user to use sudo, proceed to Verify that the new user can use SSH to connect to the EC2 instance.
1. Use the passwd command to create a password for the new user:
Note: You're prompted to reenter the password. Enter the password a second time to confirm it.
2. Add the new user to the correct group.
For Amazon Linux, Amazon Linux 2, RHEL, and CentOS:
Use the usermod command to add the user to the wheel group.
For Ubuntu:
Use the usermod command to add the user to the sudo group.
Verify that the new user can use SSH to connect to the EC2 instance
1. Verify that you can connect to your EC2 instance when using ssh as the new_user by running the following command from a command line prompt on your local computer:
To connect to your EC2 Linux instance using SSH from Windows, follow the steps at Connecting to Your Linux Instance from Windows Using PuTTY.
2. After you connect to your instance as the new_user by using SSH, run the id command from the EC2 instance command line to view the user and group information created for the new_user account:
The id command returns information similar to the following:
3. Distribute the private key file to your new user.
Related Information
Anything we could improve?
Unix User Command
Need more help?
Add User Unix
Related Videos
Unix User Generate Public Key Ssh
Joel shows you how to manage user accounts on your Amazon EC2 Linux instance (5:47)