A convenient way to resolve remote access to servers can be to authenticate using cryptographic keys. This option is convenient, but perhaps not recommended to manage remote access by SSH to servers exposed to traffic. Automatic authentication is preferable in controlled environments, test environments without sensitive data or simply, environments without potential attackers close :)
In a test environment, having to constantly enter user and key can become tiresome. The most convenient thing is to use public key cryptography to automate authentication. Regarding clients, we will exemplify for PuTTY, since it is probably the most widespread Windows client for SSH. The steps to follow are as follows:
Step 1
Using the PuTTY key generator, which is called PuTTY Key Generator (PuTTYgen), we create a pair of keys using, for example, SSH-2 RSA-2048. It is important not to use SSH-1 keys, as they are exploitable. 1024 is an acceptable length in controlled environments, although it also costs nothing to generate keys of 2048 bits in length.
IMPORTANT: The PuTTY key format is not the native OpenSSH key format, so the key we are interested in is the converted one, which appears in the box "Public key for pasting into OpenSSH authorized_keys file". If we use the non-converted public key on the SSH server, authentication will not work. In 99.9% of cases, a message "Server refused our key" when logging in is because we have used in authorized_keys the native Key of PuTTY and not the converted key, which we remember, appears in the box "Public key for pasting into OpenSSH authorized_keys file".
NOT LEAST: In order to reuse the keys, you have to save them. In addition, as we will see in the next step, PuTTY needs to have access to the generated private key, so it is imperative to save it. We can do without passphrase for the private key, so the authentication process will be transparent and we will not be asked about the protection passphrase. In a real environment, you have to protect the private key always. Needless to say, the final security of our platform will depend on the proper conservation of the keys (especially the private one, the public one can be distributed).
Step 2
The next thing is to incorporate the public keys of the users to whom we want to provide autologin in the file of authorized keys of our SSH server. This file where the authorized keys are located is usually called authorized_keys, and it is normal to find these files in the .ssh directories of the different home of the users.
We paste there our public key (in native OpenSSH format, I will not tire of saying it) created with PuTTYgen.
Step 3
In the PuTTY client, we go to "Connection --> data", and write the user with whom we want to autologin. In "connection --> SSH --> Key", we specify the private key that we have generated with PuTTYgen. We go back to the main screen, "Session" and save that configuration.
Step 4
We restart the SSH daemon (FreeBSD /etc/rc.d/sshd restart, consult Google for other systems). From now on, we will automatically authenticate against SSH, without having to use a key and password.
Using username "root".
Authenticating with public key "user-root"
Last login: Sat Oct 6 15:09:05 2007 from 192.168.1.3
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 6.2-RELEASE-p4 (SMP) #0: Thu Apr 26 17:55:55 UTC 2007
Welcome to FreeBSD!
$
NOTES
NOTE: For regular users, who are not the root, we will create, logged in like that user, the .ssh folder and provide it with read permissions for only that user:
$ mkdir /home/shernando/.ssh
$ chmod -R og= /home/shernando/.ssh
Inside that folder we will place the file authorized_keys with the user's public key.
NOTE 2: It is important that the SSH daemon supports authentication based on a public key, so in the configuration file (/etc/ssh/sshd_config in FreeBSD, see Google for other platforms) you have to have the following fields in "yes":
RSAAuthentication yes
PubkeyAuthentication yes
Source: SergioHernando
