How to generate Openssl .pem file and where we have to place it
Solution 1
First you need to upload public key to the server you are willing to connect to, public key is in .pub file:
Example:
# ssh-copy-id -i ~/my-certificate.pub [email protected]
After this it should be working and you should be able to login using:
$ sudo ssh -i ~/my-certificate.pem [email protected]
Changes are made in file ~/.ssh/authorized_keys on server machine, open with text editor such as nano, you will see lines starting with something like: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAX ...
I personally generate the key file using $ ssh-keygen -t rsa -b 2048 -v, which generates the .pem and pub file. When you get asked:
Enter file in which to save the key (/home/user/.ssh/id_rsa):
enter the name of the .pem file for example: my-certificate.pem
Step by step from generating key to login:
- Generate the key with
$ ssh-keygen -t rsa -b 2048 -v
and when asked to enter file in which to save the key, typemy-certificate
and when asked to enter passphrase, press Enter (empty passphrase) and confirm by Enter. - You will get two files generated, one will be my-certificate and one will be my-certificate.pub, rename the my-certificate to my-certificate.pem, so you will have two files, my-certificate.pub and my-certificate.pem
- Upload the public certificate to to server:
ssh-copy-id -i ~/my-certificate.pub username@ip
- Make .pem file on your computer read-only
sudo chmod 400 my-certificate.pem
- Login with
$ sudo ssh -i /path/to/my-certificate.pem user@ip
Solution 2
As a plus of the best answer. Be sure that these optionals are open in this file on server: /etc/ssh/sshd_config
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
Remove these comment marks. And you may need to restart sshd service
service sshd restart
Related videos on Youtube
Farman Ali
Updated on September 18, 2022Comments
-
Farman Ali over 1 year
I want to generate a OpenSSL
.pem
file to allow the remote login via ssh using.pem
file at the place of password.I am able to generate key as well as
.crt
and.pem
file using the followingsudo openssl genrsa -des3 -out server.key 2048 openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt openssl x509 -inform DER -outform PEM -in server.crt -out server.crt.pem
But the problem is that where I have to put it at server side or what changes I have to made in
/etc/ssh/sshd_config
file to allow remote login via ssh using.pem
file.I want that client connect my machine in the following manner.
ssh -i server_crt.pem username@my_ip
What changes exactly I have to make for the implementation.
Thanks
-
Farman Ali almost 9 yearsAfter all i am getting the error 'Permission denied (publickey)' and i am unable to connect
-
Mike almost 9 yearsHi, for security reasons, your .pem file should not be writable, use sudo chmod 400 my-certificate.pem on your machine and try again.
-
Farman Ali almost 9 yearsHi, I had changed it to 400. But the problem remaining same. Will you please explain whole working step by step from generating a key to connecting from the client.
-
coolscitist about 6 yearsThe renaming should be done after ssh-copy-id because it looks for my-certificate file