Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 651
  • Last Modified:

Setup Putty SSH

1. How to configure the Centos such that it always need to check for the private key for user access without inputing any password directly ?

2. How to configure the Centos such that it always need to check for the private key + password before accessing the Centos ?

Thanks
0
AXISHK
Asked:
AXISHK
2 Solutions
 
woolmilkporcCommented:
1) in /etc/ssh/sshd_config:

PasswordAuthentication no
PubkeyAuthentication yes

will allow access only via key pair, not via password.

This is configurable on a per-user basis, by means of the "Match" directive.

2) Forcing checks of both Unix password and key pair is not possible.
A valid key (optionally including a passphrase, see below) is always considered sufficient to log in, an additional prompt for the Unix password is not provided.

You can add a passphrase to the key during key generation, so additionally to the key verification a passphrase prompt will take place, but this passphrase is part of the key and has nothing to do with Unix passwords.

In any case you're required to specify your private key in the local (Windows) PuTTY configuration (see below) and your public key in the ~/.ssh/authorized_keys file of the target user on CentOS.

Attention: Putty cannot directly open OpenSSH keys. If you created your key with ssh-keygen on CentOS you'll need to convert id_rsa to id_rsa.ppk using a program called puttygen.exe.
Specify the converted key in PuTTY under "Connection -> SSH -> Auth -> Private key file ...".
When saving the respective session this path will be saved as well.
0
 
arnoldCommented:
You would need to edit sshd_config and make sure to enable publickey while disabling password authentication.

What exactly are you looking todo.

Usually if both password and publickey based authentication is enable item 1 is the default behavior, the equivalent second option is part of the public key authentication dealing with you setting a passphrase n the key.
The number 2 you seem to want a two factor authentication.
Privatekey/server account password are on the same level I.e. one or the other, not sure there is a way to sequence them.
http://kiteplans.info/2012/04/06/two-factor-ssh-virtualmin-authentication-google-authenticator/
There are other options using rsa keyfab, github, etc.
0
 
AXISHKAuthor Commented:
tks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now