Generating public-private key pairs with ssh-keygen
If you are into enterprise application development, you must have come across the requirement of “generating public-private key pairs”. The purpose can be multiple. Mostly you need this in order to authenticate a desired client.
Usually, for this task you always tend to fall back on tools like keytool or OpenSSL. However, they have the capability not only to create “public-private key pairs”. They have the capability to handle generated keys and certificates in production systems.
However, if you have a simple authentication requirement, using above tools may not be ideal choices. Mainly because there are some other tools, which has the capability to just generate “public-private key pairs” without much hassle. One of the popular choices is the ssh-keygen tool, which is available on Unix/Linux distributions.
For example, If you want to authenticate yourself to a remote server, other than the username-password authentication, you are required to create a “public-private key pair” to authenticate between two entities. (i.e. Authenticating an AWS user to a EC2 instance is a good example) In these scenarios, ssh-keygen can be very handy. After creating the key pair, just send out the public key to any party who is willing to authenticate your machine. That party may add your public key to the server instance. (In Unix like systems, it may be to your .ssh directory of the home folder. Just append the public key to the “authorized_keys” file) Thereafter, just do a “ssh” to the particular remote server/instance specifying the private key as the argument. Thats it!
However, in Windows systems, puttygen is the tool widely being used. However, the public keys, which are extracted from this tool will not work properly while user authentication. The workaround would be to change the format of the public key in the authorized_keys.
For example, the initial public key generated by puttygen can be in the following format,
---- BEGIN SSH2 PUBLIC KEY ---- Comment: "rsa-key-20110829" AAAAB3NzaFDFDFDGEEABJQAAAIEAknX1EwDVO826fSyAxVOkruwwG8AWNjsw4FXz XrN6FClXU7BegOziTlDFDFDGDGGDFGD9ciJkE7LN55CEr9eOcNh16jSd/6a9J38R MQwWUn3UvsrHKMu6qetf1kbP0b77Md4DFDFDFGDFGDyVYZrt7Nw/Q0MtObYdqFVS /4kdfdffS= ---- END SSH2 PUBLIC KEY ----
In this example, just remove the comment lines and EOL characters and add a “ssh-rsa” string to the beginning.
ssh-rsa AB3NzaC1yc2EAAAABJQAAAIEAknX1EwDVO826fSyAxVOkruwwG8AWNjsw4FXzXrN6FClXU7BegOziTlL1jG0oPOHMrxx9ciJ38RMQwWUn3UvsrHKMu6qetf1kbP0b77Md4fJvxgPnxAM6yVYZrt7Nw/Q0MtObYdqFVS/4kx+JM= <user-name>
This will eliminate the authentication issue that you probably had.
Comments are closed.