How to generate Openssl .pem file and where we have to place it

ssh authentication openssl openssh

I want to generate a OpenSSL .pem file to allow the remote login via ssh using .pem file at the place of password.

I am able to generate key as well as .crt and .pem file using the following

sudo openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
openssl x509 -inform DER -outform PEM -in server.crt -out server.crt.pem

But the problem is that where I have to put it at server side or what changes I have to made in /etc/ssh/sshd_config file to allow remote login via ssh using .pem file.

I want that client connect my machine in the following manner.

ssh -i server_crt.pem username@my_ip

What changes exactly I have to make for the implementation.

Thanks


First you need to upload public key to the server you are willing to connect to, public key is in .pub file:

Example:

# ssh-copy-id -i ~/my-certificate.pub [email protected]

After this it should be working and you should be able to login using:

$ sudo ssh -i ~/my-certificate.pem [email protected]

Changes are made in file ~/.ssh/authorized_keys on server machine, open with text editor such as nano, you will see lines starting with something like: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAX ...

I personally generate the key file using $ ssh-keygen -t rsa -b 2048 -v, which generates the .pem and pub file. When you get asked:

Enter file in which to save the key (/home/user/.ssh/id_rsa):

enter the name of the .pem file for example: my-certificate.pem

Step by step from generating key to login:

  1. Generate the key with $ ssh-keygen -t rsa -b 2048 -v and when asked to enter file in which to save the key, type my-certificate and when asked to enter passphrase, press Enter (empty passphrase) and confirm by Enter.
  2. You will get two files generated, one will be my-certificate and one will be my-certificate.pub, rename the my-certificate to my-certificate.pem, so you will have two files, my-certificate.pub and my-certificate.pem
  3. Upload the public certificate to to server: ssh-copy-id -i ~/my-certificate.pub username@ip
  4. Make .pem file on your computer read-only sudo chmod 400 my-certificate.pem
  5. Login with $ sudo ssh -i /path/to/my-certificate.pem user@ip

As a plus of the best answer. Be sure that these optionals are open in this file on server: /etc/ssh/sshd_config

RSAAuthentication yes

PubkeyAuthentication yes

AuthorizedKeysFile .ssh/authorized_keys

Remove these comment marks. And you may need to restart sshd service

service sshd restart

Related

Unable to locate package docker-engine
How can I share my screen with Skype for Linux 5.3?
How do I go back to KDE splash / login after installing XFCE?
Is there a way to turn gvim into fullscreen mode?
Does 'Ubuntu One Mobile' support Ogg Vorbis?
Is there a way to enable commenting adobe PDF?
How to programmatically swap the caps lock and esc keys?
Script for opening tabs in Guake terminal
How to access "Applications" menu in Ubuntu Unity Desktop
How can I configure alpine to read my gmail in Ubuntu?
Intel processor can use the 64-bit AMD version? [duplicate]
Lync Attendee meetings on ubuntu?