Menggunakan Public Key untuk Login ke Server via SSH (Debian Lenny)

Posted On 20 October 2009

Filed under Linux

Comments Dropped leave a response

HUfh, baru selesai install server virtual. Aplikasi yang gak dipake udah di disable dengan sysv-rc-conf. Sekarang ingin install openssh-server nih, tapi gak mau yang pake login biasa, alasan pertama karena pegel harus ngetik password terus :p, selain itu supaya yang tidak berkepentingan nggak bisa login, walaupun tau passwd yang gw gunakan.

Langkah awal yang kita lakukan adalah mengecek konfigurasi sshd di servernya dulu (/etc/ssh/sshd_config), agar bisa login dengan PubKey (By default sih udah bisa/aktif)

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys

Nah, saatnya kita buat gembok (public Key) dan Kuncinya (Private Key). Lakukan ini di PC user.

ts@ts04-desktop:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ts/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ts/.ssh/id_rsa. > Private Key
Your public key has been saved in /home/ts/.ssh/id_rsa.pub. > Public Key
The key fingerprint is:
68:a0:13:8d:f4:f4:22:4d:c0:b5:c7:99:82:67:c0:2c ts@ts04-desktop
The key’s randomart image is:
+–[ RSA 2048]—-+
| ++o+ |
|E.+X + o |
| .= @ * |
| * = . |
| o o S |
| . . |
| |
| |
| |
+—————–+

Copy public key yang telah mateng ke server.
ts@ts04-desktop:~$ scp /home/ts/.ssh/id_rsa.pub rahman@202.47.75.253:/home/rahman

Wookeh, selanjutnya kita masuk ke servernya.
rahman@debDev:~$ ls /home/rahman
id_rsa.pub
rahman@debDev:~$ mkdir .ssh/
rahman@debDev:~$ cat id_rsa.pub >> .ssh/authorized_keys

Silahkan dicuba (Kripiiikk kalee….😀
ts@ts04-desktop:~$ ls .ssh/
id_rsa id_rsa.pub known_hosts
ts@ts04-desktop:~$ ssh rahman@202.47.75.253
Linux debDev 2.6.26-2-686 #1 SMP Wed Aug 19 06:06:52 UTC 2009 i686

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Oct 20 18:11:17 2009 from 202.47.74.253

Now, udeh bisa login tanpa harus memasukkan password. file id_rsa sebagai Private Key-nya harus disimpan sepenuh jiwa dan raga walau harus korbankan nyawa (Lebayyyy…

Kalau tujuannya adl untuk menghindari ngetik password, sampai sini selesai.
Tapi karena kita ingin agar metode login ssh pakai password juga ditutup, sehingga hanya ada satu cara untuk remote ke server ini, yaitu melalui Private key yang kita punya. Kita perlu mengedit line config sshd di server.

debDev:/home/rahman# vim /etc/ssh/sshd_config

Before
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication yes


After
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

debDev:/home/rahman# /etc/init.d/ssh reload

Sekarang, Mape mouddar juga kagak bisa login, meski tau passwd yang sebenarnya apa. Jangan Lupa pesannya yah, jaga kuncinya kecuali anda ingin mendobrak rumah anda sendiri.

NyuupZ, Selesai

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s