Setting Up SSH Keys on Windows 10 & Configuring Linux Access Permissions

This one is how to generate ssh keys from Windows, and set everything up to conveniently access the Linux boxes from your local machine.

Generate SSH Keys Locally
On your local windows machine, open up a PowerShell and run the following command:

TIP: we use the same name that you’ll use to remotely login.

Generate SSH Keys
ssh-keygen.exe -t rsa -C “stuart”
Press enter twice when asked for keyphrase.

Done.

To confirm your keys were generated correctly, list the contents of your .ssh directory:

List Contents of ~/.ssh
ls ~/.ssh

Copy Keys to Remote Server
In a powershell, we will use secure copy to transfer the key to the remote box(es):

Copying Keys to Remote Server
scp ~\.ssh\id_rsa.pub stuart@123.123.123.123:

Create Directories on Remote Server
Log into the remote box (SOLR1 for this example)

In your home directory, create the following directories:

NOTE: I use the explicit `~` here for good examples sake – users cannot mistakenly create these files or directories anywhere else when using a tilde

Create Directory & File
$ mkdir ~/.ssh
$ touch ~/.ssh/authorized_keys

Copy the SSH Key to Authorized Keys File
On our SOLR1 instance, now we will copy the contents of our id_rsa key to our authorized_keys file:

Copy Key to AuthorizedKeys File
$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
TIP: Using `>>` will append this (as oppposed to overwriting using `>`)

Once copied, confirm it as correct:

Verify Copy
cat ~/.ssh/authorized_keys

Clean Up
You can safely delete the original id_rsa.pub file now.

Clean Up. Remove id_rsa
$ rm ~/id_rsa.pub

Set Permissions on Home Directories & File
Before we can log in using our ssh keys, we need to make sure that the correct permissions are set on our home dir, .ssh dir, and our authorized_keys file.

Let’s change permissions, ensure that the following permissions are set (very likely your home dir will be 700 already)

Change Owenership
chmod 700 /home/stuart
chmod 700 /home/stuart/.ssh
chmod 644 /home/stuart/.ssh/authorized_keys
NOTE: Please make sure you type these commands, and not copy paste them (you are possibly not name stuart!)

TIP: For good measure and to keep windows happy, close all your powershell windows and open a new one before continuing.

Enable SSH Public Key Authentication
We need to tweak a few ssh config settings to allow public key logins:

First we will allow public key logins via the `PubKeyAuthentication` setting.

Let’s edit the SSHd config file.

TIP: You will need to be root to edit this file

Edit SSHd Config
vi /etc/ssh/sshd_config
Uncomment the line:

`#PubkeyAuthentication yes`

Now let us make sure that the `AuthorizedKeysFile` setting is pointing to our home based authorized_keys file:

We will change `.ssh/authorized_keys`, to become: `%h/.ssh/authorized_keys`

AuthorizedKeysFile
%h/.ssh/authorized_keys
And save the file.

Restart SSH Daemon
We can restart the ssh like so:

Restart SSH Daemon
service sshd restart
To log Straight in, you can now do:

Login Via SSH
ssh stuart@123.123.123.123
and you will be logged straight into SOLR1.

Why stop there?

Set up local Alisases
This part is optional, but why not complete the package and give yourself some tasty aliases?

If you are not familar with your PowerShell Profile, then go read my other tutorial on how to make yourself a profile ****TODO LINK!!!!!****

Windows Security
We need to secure our public key so no other users can read it:

Right click on the .pub file, choose properties.
Select “security” tab and then “advanced”.
Change the Owner to your user (if its not already).
Disable inheritance (if its set).
Remove all permissions for every one but your user.
Give your user “Full Control”.

PowerShell Aliases
In your PowerShell Profile, add the following aliases (let’s all stay on the same page here and use the same aliases as each other eh?)

PowerShell Aliases
# SOLR1
function ssh-solr1 {
ssh -i ~/.ssh/id_rsa stuart@123.123.123.123
}

Source Your Profile
The very last step here is to source our profile file so that we can use our new aliases:

. ~\Path\To\Your\PowerShell_Profile.ps1
No0b TIP: You can simply close all your powershells, and open a new one if you want.

You can now log straight in with your helpful alias:

ssh-solr1

Enjoy Life.

Leave a Reply

Your email address will not be published. Required fields are marked *