Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Configuring SSH Key-based Authentication

The following uses Windows OS as an example to describe how to complete the authentication.

  1. Open the CMD window on your local PC.
  2. Create a public-private key pair.
    1
    ssh-keygen -m PEM -t rsa -b 3072
    • If the target server runs openEuler 22.03, other secure encryption algorithms, such as ssh-keygen -m PEM -t ecdsa -b 512, must be used to generate public and private key pairs.
    • If the target server runs openEuler 22.03 LTS SP1, other secure encryption algorithms, such as ssh-keygen -m PEM -t ed25519 -b 512, must be used to generate public and private key pairs.
    • If the target server runs openEuler 22.03 LTS SP2, other secure encryption algorithms, such as ssh-keygen -m PEM -t ed25519 -b 512, must be used to generate public and private key pairs.
    • If the target server runs KylinSec OS Linux 3 (Qomolangma), other secure encryption algorithms, such as ssh-keygen -m PEM -t ed25519 -b 512, must be used to generate public and private key pairs.

    During the process:

    • (Optional) Enter the file names. By default, the id_rsa file (private key) and id_rsa.pub file (public key) are saved in the C:\Users\username\.ssh directory.
    • (Optional) Set the password of the key.

    The following information is displayed:

    Generating public/private rsa key pair. 
 Enter file in which to save the key (C:\Users\username\.ssh\id_rsa): 
 Enter passphrase (empty for no passphrase): 
 Enter same passphrase again: 
 Your identification has been saved in C:\Users\username\.ssh\id_rsa. 
 Your public key has been saved in C:\Users\username\.ssh\id_rsa.pub. 
 The key fingerprint is: 
SHA256:rCRpryf6uZU+dQd/S8WN1azvay58zi3gtb53gayhvO8 china\username@HGHY4USERNAME 
 The key's randomart image is: 
+---[RSA 3072]----+
|               ..|
|                +|
|               =.|
|     . .  .   o +|
|    + . S  o. .o |
|   . + o. ..+o+..|
|      =....o+= +.|
|    .=o  o ..o=o=|
|  .o=+.. .+E .OO+|
+----[SHA256]-----+
  3. Log in to the server as a common user and upload the public key file id_rsa.pub.

    Upload it to the /home/OS_user_name/.ssh directory. Rename the public key file from id_rsa.pub to authorized_keys.

    If the authorized_keys file already exists, copy the content of the public key file to the authorized_keys file.

  4. Set the permission on the authorized_keys file to 600.
    chmod 600 /home/OS_user_name/.ssh/authorized_keys
  5. Check the server SSH configuration file.
    1
    cat /etc/ssh/sshd_config

    Check the two settings:

    1
2
    PubkeyAuthentication yes
RSAAuthentication yes

    If the value is not yes, set it to yes. Then save the configuration file and restart the sshd service.

    systemctl restart sshd
  6. Select key-based authentication in the IDE plugin.

    Import the local private key file.

Parent topic: Common Operations