How to generate Openssl .pem file and where we have to place it
Solution 1
First you need to upload public key to the server you are willing to connect to, public key is in .pub file:
Example:
# ssh-copy-id -i ~/my-certificate.pub [email protected]
After this it should be working and you should be able to login using:
$ sudo ssh -i ~/my-certificate.pem [email protected]
Changes are made in file ~/.ssh/authorized_keys on server machine, open with text editor such as nano, you will see lines starting with something like: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAX ...
I personally generate the key file using $ ssh-keygen -t rsa -b 2048 -v, which generates the .pem and pub file. When you get asked:
Enter file in which to save the key (/home/user/.ssh/id_rsa):
enter the name of the .pem file for example: my-certificate.pem
Step by step from generating key to login:
- Generate the key with
$ ssh-keygen -t rsa -b 2048 -vand when asked to enter file in which to save the key, typemy-certificateand when asked to enter passphrase, press Enter (empty passphrase) and confirm by Enter. - You will get two files generated, one will be my-certificate and one will be my-certificate.pub, rename the my-certificate to my-certificate.pem, so you will have two files, my-certificate.pub and my-certificate.pem
- Upload the public certificate to to server:
ssh-copy-id -i ~/my-certificate.pub username@ip - Make .pem file on your computer read-only
sudo chmod 400 my-certificate.pem - Login with
$ sudo ssh -i /path/to/my-certificate.pem user@ip
Solution 2
As a plus of the best answer. Be sure that these optionals are open in this file on server: /etc/ssh/sshd_config
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
Remove these comment marks. And you may need to restart sshd service
service sshd restart
Related videos on Youtube
02 : 03
11 : 04
13 : 23
04 : 11
02 : 21
06 : 00
Farman Ali
Updated on September 18, 2022Comments
-
Farman Ali over 1 year
I want to generate a OpenSSL
.pemfile to allow the remote login via ssh using.pemfile at the place of password.I am able to generate key as well as
.crtand.pemfile using the followingsudo openssl genrsa -des3 -out server.key 2048 openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt openssl x509 -inform DER -outform PEM -in server.crt -out server.crt.pemBut the problem is that where I have to put it at server side or what changes I have to made in
/etc/ssh/sshd_configfile to allow remote login via ssh using.pemfile.I want that client connect my machine in the following manner.
ssh -i server_crt.pem username@my_ipWhat changes exactly I have to make for the implementation.
Thanks
-
Farman Ali almost 9 yearsAfter all i am getting the error 'Permission denied (publickey)' and i am unable to connect
-
Mike almost 9 yearsHi, for security reasons, your .pem file should not be writable, use sudo chmod 400 my-certificate.pem on your machine and try again. -
Farman Ali almost 9 yearsHi, I had changed it to 400. But the problem remaining same. Will you please explain whole working step by step from generating a key to connecting from the client.
-
coolscitist about 6 yearsThe renaming should be done after ssh-copy-id because it looks for my-certificate file
