Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Configuring SSH Key-based Authentication

Configuring Public and Private Keys on Windows

  1. Open the CMD window on your local PC.
  2. Create a public-private key pair:
    ssh-keygen -m PEM -t rsa -b 3072
    • If the target server runs openEuler 22.03, other secure encryption algorithms, such as ssh-keygen -m PEM -t ecdsa -b 521, must be used to generate public and private key pairs.
    • If the target server runs openEuler 22.03 LTS SP1, other secure encryption algorithms, such as ssh-keygen -m PEM -t ed25519 -b 521, must be used to generate public and private key pairs.
    • If the target server runs openEuler 22.03 LTS SP2, other secure encryption algorithms, such as ssh-keygen -m PEM -t ed25519 -b 521, must be used to generate public and private key pairs.

    During the process, perform the following operations:

    • (Optional) Enter the file names. By default, the id_rsa file (private key) and id_rsa.pub file (public key) are saved in the C:\Users\username\.ssh directory.
    • (Optional) Set the password of the key.

    The following information is displayed:

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
    Generating public/private rsa key pair. 
 Enter file in which to save the key (C:\Users\username\.ssh\id_rsa): 
 Enter passphrase (empty for no passphrase): 
 Enter same passphrase again: 
 Your identification has been saved in C:\Users\username\.ssh\id_rsa. 
 Your public key has been saved in C:\Users\username\.ssh\id_rsa.pub. 
 The key fingerprint is: 
SHA256:rCRpryf6uZU+dQd/S8WN1azvay58zi3gtb53gayhvO8 china\username@HGHY4USERNAME 
 The key's randomart image is: 
+---[RSA 3072]----+
|               ..|
|                +|
|               =.|
|     . .  .   o +|
|    + . S  o. .o |
|   . + o. ..+o+..|
|      =....o+= +.|
|    .=o  o ..o=o=|
|  .o=+.. .+E .OO+|
+----[SHA256]-----+
  3. Log in to the server as a common user and upload the public key file id_rsa.pub.

    Upload it to the /home/OS_user_name/.ssh directory. Rename the public key file from id_rsa.pub to authorized_keys.

    If the authorized_keys file already exists, copy the content of the public key file to the authorized_keys file.

  4. Set the permission on the authorized_keys file to 600.
    chmod 600 /home/OS_user_name/.ssh/authorized_keys
  5. View the server SSH configuration file.
    cat /etc/ssh/sshd_config
  6. Check the two settings:
    PubkeyAuthentication yes
RSAAuthentication yes

    If the value is not yes, set it to yes. Then save the configuration file and restart the sshd service.

    systemctl restart sshd
  7. Select Key authentication in the IDE plugin page and import the local private key file on the operation page.

Configuring Public and Private Keys on Linux

  1. Use an SSH tool to remotely log in to the Linux CLI as the OS user.
  2. Create a public-private key pair.
    1
    ssh-keygen -t rsa -b 4096

    During the process, perform the following operations:

    • (Optional) Enter the key file names. By default, the id_rsa file (private key file) and id_rsa.pub file (public key file) are saved in the /userhome/.ssh directory.
    • (Optional) Set the password of the key.

    The following information is displayed:

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
    Generating public/private rsa key pair.
Enter file in which to save the key (/userhome/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /userhome/.ssh/id_rsa.
Your public key has been saved in /userhome/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:g8T/XaRUqANpuIjxnI34In89+R68QckZPw7eyEaCU+o root@host11
The key's randomart image is:
+---[RSA 4096]----+
|       . .   ..  |
|  .  .. +   ..   |
|   * =+o.. .. .  |
|  o *=o+ =o. o   |
|   .+ o S o.. .  |
|. .... B B o .   |
| o .E. .O + .    |
|  . . +. +       |
|   .   ++        |
+----[SHA256]-----+
  3. Upload the public key file to the node server.
    1
    ssh-copy-id -i /userhome/.ssh/id_rsa.pub root@Server IP
    • /userhome/.ssh/id_rsa.pub is the generated public key file. Replace /userhome/ (/root/ for the root user and /home/Common_user_name/ for a common user) with the actual file name.
    • Server IP indicates the node server IP address. Replace it with the actual IP address.

    During the process, enter the password of the node server user.

Parent topic: Common Operations