How To Create Pem File In Linux

ssh by pem file to Access Server

It is a standard procedure, now how to make this work without using password, using just a .pem file?

PEM

PEM or Privacy Enhanced Mail is a Base64 encoded DER certificate.  PEM certificates are frequently used for web servers as they can easily be translated into readable data using a simple text editor.  Generally when a PEM encoded file is opened in a text editor, it contains very distinct headers and footers.

PEM is a widely used encoding format for security certificates. Syntax and content is defined by X.509 v3 standards for digital certificates, defined in IETF RFC 5280 specifications. The main file extensions are .pem, .crt, .ca-bundle.

A PEM certificate is a base64 (ASCII) encoded block of data encapsulated between

          -----BEGIN CERTIFICATE REQUEST-----                      …….          And          ……          -----END CERTIFICATE REQUEST-----        

Above is the example of a CSR (certificate signing request) in PEM format.  You can see that PEM has the characteristics of containing a header, the body (which consists mainly of code) and footer.

The header and footer is what identifies the type of file, however be aware that not all PEM files necessarily need them.

-----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST-----          show a CSR in PEM format.          -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY-----          show a private key in PEM format.          -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----          show a certificate file in PEM format.        

To ssh using pem file there are few steps you have to follow

1.Generating Key Pairs

To generate an RSA key pair for version 2 of the SSH protocol, follow these steps:

1. Generate an RSA key pair by typing the following at a shell prompt:

$            ssh-keygen   or          $                      ssh-keygen            -t  rsa   -b  2048  -v        

Optional: To increase the security of your key, increase the size with the –b flag. The minimum value is 768 bytes and the default, if you do not use the flag, is 2048 bytes. We recommend a 4096 byte key:

• And when asked to enter file in which to save the key, type linux_point and when asked to enter passphrase, press Enter (empty passphrase) and confirm by

          $            ls            linux_point linux_point.pub                  

• Here we will get two files generated, one will be my-certificate and one will be pub, rename the my-certificate to linux_point.pem, so you will have two files, linux_point.pub and linux_point.pem

                   $            mv                      linux_point                                linux_point.pem                  

• Change the permissions of the~/.ssh/ directory

          $                                chmod          700                      ~/.ssh                  

• Create a file ~/.ssh/authorized_keys if already exist ignore this step

$                      vim                                  ~/.ssh/authorized_keys                  

• Changes are made in file ~/.ssh/authorized_keys such as copy the pub in file ~/.ssh/authorized_keys on the machine to which you want to connect, appending it to its end if the file already exists.
• And Change the permissions of the ~/.ssh/authorized_keys file using the following command:

$                      chmod                    600                                ~/.ssh/authorized_keys                                                  

Now download the pem file (linux_point.pem) in your drive or system from where you want to Access the Server.

Using Key-Based Authentication

To improve the system security even further, you can enforce key-based authentication by disabling the standard password authentication. To do so, open the /etc/ssh/sshd_configconfiguration file in a text editor such asvim, and change or uncomment if exist the option as follows:

          $            sudo    vim  /etc/ssh/sshd_config                                RSAAuthentication           yes                                PubkeyAuthentication              yes                                AuthorizedKeysFile      .ssh/authorized_keys                      PasswordAuthentication            no                    # Change to no to disable s/key passwords                      ChallengeResponseAuthentication            no                    #UsePAM            no                                UsePAM            yes  Save and exit (:wq)                              

After that restart sshd  service

          $            sudo systemctl            restart            sshd            or          $            sudo service            sshd            restart                  

Now access the server by ssh through pem file ( without password ) from local.

          $                                ssh                          –i                                <path to pem file(linux_point.pem)> <user>linux_point@<IP>                      Last login: Mon Jul 17 15:35:38 2017 from XXX.XXX.XXX.XX                                            [linuxpoint@XXX.XXX.XXX.XX              ~]$                    _

Like and share @Thank you

How To Create Pem File In Linux

Source: https://linuxaws.wordpress.com/2017/07/17/how-to-generate-pem-file-to-ssh-the-server-without-password-in-linux/

Posted by: davisthattere.blogspot.com

Share this post