How to configure ssh to allow certificate authentication to FreeBSD?
So supposedly you can configure SSH so that you can connect without having to type in a user name and password, but instead authenticate with a certificate. Lets see if we can set this up..
- Do I need to modify the /etc/sshd_config?
Here is what I had to do…
- Install FreeBSD and when prompted to enable SSH choose yes.
How do I install FreeBSD?
Ok, now you have a FreeBSD server.
I had problems creating the key using PuTTYgen, (see this post) so I am going to create the keys on the server.
- Log in as a non-root user.
- Create the RSA keys with this command: (You can use dsa keys by replacing any instance of rsa with dsa.)
Accept the default file locations and hit enter.
In your home folder you now have two files:
- Add the public key to the .ssh/authorized_keys file.
You can delete the public key, .ssh/id_rsa.pub, now if you want from the FreeBSD server as it is stored in the .ssh/authorized_keys file.
- From the workstation that you want to connect to this machine with, use an sftp tool to copy the private key, the .ssh/id_rsa file, to the local workstation.
Example 1 -If you are on windows, you could use WinSCP to connect to the FreeBSD server. Then you can use the key to connect. If you are using PuTTY, then also use PuTTYgen to load the key and save it in PuTTY’s format.
Example 2 – If you are on another FreeBSD server or workstation, then copy the private key to the .ssh directory (with the same name id_rsa) for the user you want to automatically connect.
Now you are done.
If you have questions, this blog helped me a lot: How to set up SSH keys: Frustration with “Server refused our key”
Just SSH in and you will not be prompted.
Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.