A Private Enhanced Mail (PEM) key is a widely used file format for storing cryptographic keys and certificates. In the context of securing SSH access to a Linux server, a PEM key can be used to authenticate and establish a secure connection. This guide outlines the steps to generate a PEM key and use it to connect to a Linux server from both Linux and Windows operating systems. This approach was already chosen as the default security standard in cloud-offered VMs such as AWS cloud instances. By using a PEM key rather than using old-fashioned passwords, you can get rid of security concerns such as dictionary attacks for passwords.
Alright, let’s get started!!
- Open your Linux terminal. Once open, you’re ready to generate your RSA key pair with the command:
ssh-keygen -p -m PEM -f ~/.ssh/
When prompted, press Enter
to save the key pair in the default location, or feel free to choose a different path.
- Remember, security is key, so make sure to set the appropriate permissions with:
chmod 600 ~/.ssh/id_rsa
- Now, you will have 2 new files under the directory /.ssh/,
id_rsa
andid_rsa.pub
where id_rsa is the private key file generated by thessh-keygen
command when you create an RSA key pair. It’s a binary file that should be kept highly secure and never shared with anyone and id_rsa.pub is the public key file that corresponds to the private key. It’s also generated by thessh-keygen
command at the same time as the private key.
- Copy the contents from the
id_rsa
file and paste them into a file with the.pem
extension on your local machine. This file will be used for logging into the server next time.
- Copy the contents from the
id_rsa.pub
file and insert them into the fileauthorized_keys
which is located under the directory location~/.ssh/
with the command:
cp ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
- Additionally, remove password-based authentication for SSH by changing the value of
PasswordAuthentication yes
toPasswordAuthentication no
in/etc/ssh/sshd_config
file.
sudo vi /etc/ssh/sshd_config
PasswordAuthentication no
- Restart the SSH service with the command:
service ssh restart
8. Finally, you can now able to log into the server using the pem file we generated now!
For Windows PC users, open PuTTY, input the server’s IP, navigate to ‘Auth’ under ‘SSH’, and provide the path to your .pem
file.
And for use the below command after replacing the filename:
ssh -i /path/to/private_key.pem username@server_ip
Congratulations! You’ve now mastered the art of generating and using PEM keys for secure server access. Stay secure and happy computing!