How to make root authorisation by Private Key in Ubuntu 17.0
I made all of this tutorial for clean install of Ubuntu 17.0.
To authorise as root by private/public key pair follow next steps:
- Change password for root:
passwd root
- Login as root in the current session:
su root
- Generate key pair:
ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:26YpcKBv83fFREC43gmwORB93G9BgclMNn8hI29pVxI [email protected] The key's randomart image is: +---[RSA 2048]----+ | .o . BB==.E..| | . o +.*=o+ + | | . = . o*.o | | . + o o+o | | . . oSo = | | . . . .oo o | | . o . o. | | + . .+. | | . o.oo. | +----[SHA256]-----+
- Check, is your root have bash to login:
cat /etc/passwd root:x:0:0:root:/root:/bin/bash
- Enable root authentication by password - it needed temporarily:
mcedit /etc/ssh/sshd_config
# Authentication: #LoginGraceTime 2m #PermitRootLogin without-password PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10
sudo service ssh restart
- Next, run
ssh-copy-id [email protected] /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 'localhost (::1)' can't be established. ECDSA key fingerprint is SHA256:r4EbeeZlwIEfVIrEhXUVya/ag8wZjXJmfwoMx6ZABaA. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]'s password:
- Disable root authentication by password - it is not needed now, because wa are setting up authorisation by key. For that check, that in the /etc/ssh/sshd_config parameter PermitRootLogin is equal to without-password:
mcedit /etc/ssh/sshd_config
# Authentication: #LoginGraceTime 2m PermitRootLogin without-password #StrictModes yes #MaxAuthTries 6 #MaxSessions 10
- Restart sshd:
sudo service ssh restart
- Copy .ssh folder to the folder of current user to download with WinSCP:
cp -r /root/.ssh /home/art chown -R art /home/art/.ssh
- Authorise by your user (in my case, it's user art ) with WinSCP and download .ssh folder to local PC.
- Rename id_rsa by adding .ppk extension to it - in my case it will be to forum_id_rsa2.ppk.
- Run WinSCP and add new site like this:
- Don't set password - leave that field empty.
- Press Advanced button and select SSH - Authentication:
- Select your private key and confirm key convertation:
- Press OK in Settings Window:
- And save connection settings:
- Test the connection.
- After all of these steps you can use your key, converted by WinSCP, with Putty.