SSH with Pem File === ## Introduction Similar to AWS EC2 login method, clients use SSH login with `.pem` file. ## Steps 1. (Client) Create SSH key pair ```shell ## (Option 1) Use RSA 4096 bits $ ssh-keygen -P "" -t rsa -b 4096 -m PEM -f <KeyName> ## (Option 2) Use Ed25519 $ ssh-keygen -P "" -t ed25519 -m PEM -f <KeyName> $ ls <KeyName> <KeyName>.pub ``` 2. (Client) Rename the private key `<KeyName>` as `.pem` file ```shell $ mv <KeyName> <KeyName>.pem ``` 3. (Client -> Server) Send the public key `<KeyName>.pub` to server ```shell ## (Optional Method) With scp $ scp <KeyName>.pub <User>@<ServerIP>:/<WhereverYouWant> ``` 4. (Server) Append the public key into authorized keys ```shell $ cat <KeyName>.pub >> /<UserHomeDir>/.ssh/authorized_keys ``` 5. (Server) Let sshd authentication method use `.pem` file instead of password ```shell ##　Edit sshd configuration $ sudo vim /etc/ssh/sshd_config ## Specify the path of authorized_keys to AuthorizedKeysFile AuthorizedKeysFile /<UserHomeDir>/.ssh/authorized_keys ## Disable using password PasswordAuthentication no ``` 6. (Server) Restart sshd ```shell ## (Optional Method) In systemd $ sudo systemctl restart sshd ``` ## Login ```shell $ ssh -i <KeyName>.pem <User>@<ServerIP> ``` ## Reference 1. [Create key pairs | Amazon Elastic Compute Cloud](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-key-pairs.html) 2. [RFC4716: The Secure Shell (SSH) Public Key File Format](https://www.rfc-editor.org/rfc/rfc4716) 3. [sshd_config(5) | Man](https://man7.org/linux/man-pages/man5/sshd_config.5.html) 4. [ssh-keygen(1) | Man](https://man7.org/linux/man-pages/man1/ssh-keygen.1.html)