Creating an SSH connection using public/private authentication
SSH is a secure shell command line technology allowing a user to connect to a second computer and perform many tasks securely. I have written a post which is found here which tells out all about the SSH technology. In this post I am showing you how to connect to a SSH server in Windows and Linux operating systems using public and private key authentication, you can find my password authentication guide here. I am assuming you have already created the public and private key files and the SSH server you are attempting to connect to is setup to use key authentication.
SSH using windows
To allow us to perform SSH communications we need to download a SSH client which allows us to transmit and understand responses, the software we are going to be using is called PuTTy which can be found here, a direct link to the download required is here. Please download the file to an easy to find location such as the desktop. You will also need to download a program called PuTTyGen which is found here. If the key was generated on a Linux system then the private key you will be using will need to be converted from an OpenSSH format to format putty can understand, this is achieved using PuTTyGen. If you are not sure if your private key has already been converted then just continue with the converting stage anyways it won’t hurt your key in anyway.
Once both the applications have downloaded you simply double click PuTTyGen and it will launch, there is no need for any installation of this program. Your first step is to load the private key which is done by clicking File located at the top of the application and selecting Load Private Key.
You will then be presented with a window like below, you have to browse to your private key and select it, then click load.
Now the key is loaded into PuTTy gen and you will see a window which looks just like the one bellow, if you have a password set on the private key you may receive a password popup and need to provide a valid password before the software can load the key.
All we have to do now is save the private key in the format PuTTy will understand which is achieved by clicking on the Save private key button, you will then have to select the location to save your key. If you are not using a password with your key then PuTTyGen will warn you about not using a password just click yes.
Conversion of your key is now complete and you can close the PuTTyGen application and start the PuTTy software. You will begin with a screen which looks like this it may be slightly different if you have used PuTTy before.
There are two fields on this page which we are interested in and that is the textboxes located at the top of the application labelled “Host name (or IP address” and “Port”, we need to provide the IP address (can also provide a hostname if it resolves to the correct IP address) and the port number which the remote SSH server (located on the second computer) is running on by default this is 22 but can be changed.
As you can see from the image above I have provided the IP address of the second computer and a port number of 22, the computer I am connecting to has a IP address of 10.0.2.15 and the SSH server is listening on port 22 for connections. Please enter the IP address or hostname of your second computer and the port number (most probably 22).
We now need to tell putty where are private key file is located so that when the SSH server ask PuTTy knows which key to send. On the left side of the application there is a group of categories, you need to click the plus item located next to SSH and then on Auth. Your screen should now look like above.
Now click on the Browse button and locate the private key file. You must make sure you select your converted version or PuTTy won’t show the file in the file browser.
All we have to do now is click on the Open button and the connection will begin.
You may receive an error message like the one above, this means it failed to gain a connection to the second computer and there are many causes of this error. First thing would to make sure the SSH server is running on the second computer and the port is allowed on the firewall, next step would be to check that you have entered the correct IP address or hostname and port number and retry.
On a successful connection to the second computer through SSH you will receive an alert similar to the one above. This key is a way to identify that the second computer is who it says it is, you don’t really have to pay any attention to this and so I normally just click the yes or no option. If you click Yes this key will be saved for further usage stopping this alert from appearing every time you try to connect to this computer, clicking No will allow you to connect but will not save for further usage meaning it will appear again on the next login and cancel will stop the connection to the second machine. Now we are beginning the login progress where we need to enter the username of the user we want to login and then the password for that user. Simply type the username and press the enter key.
SSH using Linux
Unlike windows operating systems Linux has the ability to communicate with a SSH server straight after installation of the operating system (no third party software is required). I am going to be using Ubuntu operating system but this will work on all distributions of Linux. First we need to launch the terminal which is a command line interface which will allow us to perform the SSH login. On Ubuntu this can be found by going to Applications then accessories. You will be presented with a black window with some white text.
Before we do anything with the terminal we need to place are private key into the correct directory, the private key needs to be placed into ~/.ssh/ and needs to be called id_dsa or id_rsa. You can either use the desktop to move this file to the location (you will need to enable hidden folders) or the terminal which is achieved by typing this command. You will have to replace /home/Shane/Desktop/id_dsa with the location of your private key.
Cp /home/Shane/Desktop/id_dsa ~/.ssh/
Now that we have the file in the correct place all we now have to do is simply type ssh-add and you will receive a reply similar to the one below. Now all we have to do is begin the SSH connection.
Identity added: /home/username/.ssh/id_dsa (/home/username/.ssh/id_dsa)
To start an SSH connection we have to type a command to begin the SSH software, we also have to specify the port which the SSH server we are trying to connect to is listening on (normally 22), we also have to specify the IP address or hostname and the user we wish to login with (if not user is specified it will try to login with the user we are logged in with on are client), the command to do this looks like this.
ssh –p 22 firstname.lastname@example.org
What this command will do is start a SSH connection to the SSH server running on the computer using the IP address 192.168.0.12 and listening on port 22, it will attempt to login with the user root. We can change the port we are connecting to by changing –p 22 to –p 2290, the SSH server must be listening on the port for it to be successful. We specify the user we want to login by placing the username then an @ symbol before the IP or hostname of the computer we wish to connect to.
ssh –p 2290 email@example.com
The command above is another example where we are connecting to the computer which is used IP address 192.168.0.12 with the user bob. The SSH server is listening on 2290 instead of 22 so we specify the port number. If you are connecting to a SSH server which is using the default port (22) then you do not need to provide the –p argument, you can use the following command and it will automatically try connecting to port 22.
On connection you may be presented with a message like this and you are asked if you want to continue connecting. This is normal and allows you to determine if you are connecting to the correct computer or if someone is tricking you into connecting to them so they can intercept your data, every SSH server has a RSA key which you should write down on installation of the SSH server. You can then compare this key to the key which you are being shown on the SSH client, if they match you are connecting to the correct computer, if not then it’s possible someone has tricked you into connecting to them allowing them to view any data you transmit. You should enter yes if you are sure you are connecting to the correct computer, if you enter no it will cancel all communication.
On entering yes the RSA key will be saved permanently on your computer stopping this message appearing the next time you connect using SSH to this computer. If the key changes at all another message will appear alerting you to a key change, if you haven’t reinstalled the SSH server then the key shouldn’t have changed meaning there’s a high possibility someone has tricked your SSH client into connecting to them instead of your desired computer. You should halt all communication in the event of this message unless you are sure it is safe.
If your key doesn’t require a password it will login in now, but if it does require a password you will be asked to enter the valid password, when you type your password nothing will appear but it is typing, this is a secure feature so that people can’t see how many characters are in your password.