Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Configuring SSH Key–based Authentication

The following uses Windows OS as an example to describe how to complete the authentication.

  1. Open the CMD window on your local PC.
  2. Create a public-private key pair.
    1
    ssh-keygen -m PEM -t rsa -b 3072
    • If the target server runs openEuler 22.03, other secure encryption algorithms, such as ssh-keygen -m PEM -t ecdsa -b 521, must be used to generate public and private key pairs.
    • If the target server runs openEuler 22.03 LTS SP1, other secure encryption algorithms, such as ssh-keygen -m PEM -t ed25519 -b 521, must be used to generate public and private key pairs.
    • If the target server runs openEuler 22.03 LTS SP2, other secure encryption algorithms, such as ssh-keygen -m PEM -t ed25519 -b 521, must be used to generate public and private key pairs.
    • If the target server runs KylinSec OS Linux 3 (Qomolangma), other secure encryption algorithms, such as ssh-keygen -m PEM -t ed25519 -b 521, must be used to generate public and private key pairs.

    During the process:

    • (Optional) Enter the file names. By default, the id_rsa file (private key) and id_rsa.pub file (public key) are saved in the C:\Users\username\.ssh directory.
    • (Optional) Set the password of the key.

    The following information is displayed:

    Generating public/private rsa key pair. 
 Enter file in which to save the key (C:\Users\username\.ssh\id_rsa): 
 Enter passphrase (empty for no passphrase): 
 Enter same passphrase again: 
 Your identification has been saved in C:\Users\username\.ssh\id_rsa. 
 Your public key has been saved in C:\Users\username\.ssh\id_rsa.pub. 
 The key fingerprint is: 
SHA256:rCRpryf6uZU+dQd/S8WN1azvay58zi3gtb53gayhvO8 china\username@HGHY4USERNAME 
 The key's randomart image is: 
+---[RSA 3072]----+
|               ..|
|                +|
|               =.|
|     . .  .   o +|
|    + . S  o. .o |
|   . + o. ..+o+..|
|      =....o+= +.|
|    .=o  o ..o=o=|
|  .o=+.. .+E .OO+|
+----[SHA256]-----+
  3. Log in to the server as a common user and upload the public key file id_rsa.pub.

    Upload it to the /home/OS_user_name/.ssh directory. Rename the public key file from id_rsa.pub to authorized_keys.

    If the authorized_keys file already exists, copy the content of the public key file to the authorized_keys file.

  4. Set the permission on the authorized_keys file to 600.
    chmod 600 /home/OS_user_name/.ssh/authorized_keys
  5. Check the server SSH configuration file.
    1
    cat /etc/ssh/sshd_config
  6. Check the two settings:
    1
2
    PubkeyAuthentication yes
RSAAuthentication yes

    If the value is not yes, set it to yes. Then save the configuration file and restart the sshd service.

    systemctl restart sshd
  7. Select key-based authentication in the IDE plugin.

    Import the local private key file.

Parent topic: Common Operations