We can use pem file to login into remote server from our local machines. Infact if you use AWS, the only way to SSH into the server is using pem file.
cd ~
ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in example
Your public key has been saved in example.pub
The key fingerprint is:
SHA256:3IJlrYwRCxzGkaZwoXG0OSaJi8bHTLtzXLyC6GMZHLI mahmud@3xp1r3
The key's randomart image is:
+---[RSA 2048]----+
|..++=+. |
|o=.+=. o . |
|=o=+ o o . |
|+==.. .O o |
|=+.= ooS . |
|Eoo + . .. |
| .o+ + . |
|.+ o . |
|... |
+----[SHA256]-----+
In this case i have used example as a file name. so there will be two files example and example.pub
example : is your private key
example.pub : is your public key
rsa -in example -outform pem > example.pem
writing RSA key
cp -p example example.pem
Now the pem file is created. Next step to copy public key(example.pub) to remote server
ssh-copy-id -i example.pub [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "example.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
chmod 400 example.pem
ssh -i example.pem [email protected]
On the remote server with root access
nano /etc/ssh/sshd_config
Change parameter PasswordAuthentication yes to PasswordAuthentication no Restart SSH Daemon
systemctl restart sshd
or
service sshd restart