How to Generate PEM Key and Connect to a Linux Machine?

A Private Enhanced Mail (PEM) key is a widely used file format for storing cryptographic keys and certificates. In the context of securing SSH access to a Linux server, a PEM key can be used to authenticate and establish a secure connection. This guide outlines the steps to generate a PEM key and use it to connect to a Linux server from both Linux and Windows operating systems. This approach was already chosen as the default security standard in cloud-offered VMs such as AWS cloud instances. By using a PEM key rather than using old-fashioned passwords, you can get rid of security concerns such as dictionary attacks for passwords.

Alright, let’s get started!!

1. Open your Linux terminal. Once open, you’re ready to generate your RSA key pair with the command:

ssh-keygen -p -m PEM -f ~/.ssh/

When prompted, press Enter to save the key pair in the default location, or feel free to choose a different path.

2. Remember, security is key, so make sure to set the appropriate permissions with:

chmod 600 ~/.ssh/id_rsa

3. Now, you will have 2 new files under the directory /.ssh/, id_rsa and id_rsa.pub where id_rsa is the private key file generated by the ssh-keygen command when you create an RSA key pair. It’s a binary file that should be kept highly secure and never shared with anyone and id_rsa.pub is the public key file that corresponds to the private key. It’s also generated by the ssh-keygen command at the same time as the private key.

4. Copy the contents from the id_rsa file and paste them into a file with the .pem extension on your local machine. This file will be used for logging into the server next time.

5. Copy the contents from the id_rsa.pub file and insert them into the file authorized_keys which is located under the directory location ~/.ssh/ with the command:

cp ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

6. Additionally, remove password-based authentication for SSH by changing the value of PasswordAuthentication yes to PasswordAuthentication no in /etc/ssh/sshd_config file.

sudo vi /etc/ssh/sshd_config

PasswordAuthentication no

7. Restart the SSH service with the command:

service ssh restart

8. Finally, you can now able to log into the server using the pem file we generated now!
For Windows PC users, open PuTTY, input the server’s IP, navigate to ‘Auth’ under ‘SSH’, and provide the path to your .pem file.
And for use the below command after replacing the filename:

ssh -i /path/to/private_key.pem username@server_ip

Congratulations! You’ve now mastered the art of generating and using PEM keys for secure server access. Stay secure and happy computing!