PubkeyAuthentication on SSH

1_generate_keypair.sh

# LOCAL MACHINE
ssh-keygen -t rsa -b 4096 -f /home/ivanleoncz/.ssh/mykey
# Generating public/private rsa key pair.
# Enter passphrase (empty for no passphrase): 
# Enter same passphrase again: 
# Your identification has been saved in /home/ivanleoncz/.ssh/mykey
# Your public key has been saved in /home/ivanleoncz/.ssh/mykey.pub
# The key fingerprint is:
# SHA256:1ATgW9Ly+FZU+gkX44mHKSYFp+/JAwHQHDpPkKoQRzg ivanleoncz@ilex-an5
# The key's randomart image is:
# +---[RSA 4096]----+
# | o+=o.oo+.. +    |
# |E oooo = o B +   |
# | =o . B * O =    |
# |o  +   & o = .   |
# |o   . + S . o    |
# |.      = o       |
# |        B        |
# |       . .       |
# |                 |
# +----[SHA256]-----+

2_pubkeyauthentication.sh

# REMOTE MACHINE
grep PubkeyAuthentication /etc/ssh/sshd_config
# PubkeyAuthentication yes
sudo systemctl status ssh
# ● ssh.service - OpenBSD Secure Shell server
#     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
#     Active: active (running) since Wed 2022-01-12 19:37:40 CST; 24s ago
#       Docs: man:sshd(8)
#             man:sshd_config(5)
#    Process: 325439 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
#   Main PID: 325440 (sshd)
#      Tasks: 1 (limit: 18365)
#     Memory: 1.0M
#     CGroup: /system.slice/ssh.service
#             └─325440 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
#
# ene 12 19:37:40 ilex-an5 systemd[1]: Starting OpenBSD Secure Shell server...
# ene 12 19:37:40 ilex-an5 sshd[325440]: Server listening on 0.0.0.0 port 22.
# ene 12 19:37:40 ilex-an5 sshd[325440]: Server listening on :: port 22.
# ene 12 19:37:40 ilex-an5 systemd[1]: Started OpenBSD Secure Shell server.

3_access_failed.sh

# LOCAL MACHINE
ssh -i /home/ivanleoncz/.ssh/mykey 192.168.1.67
# ivanleoncz@192.168.1.67's password: 
# Permission denied, please try again.
# ivanleoncz@192.168.1.67's password: 

# Here's what was being recorded on /var/log/auth.log (REMOTE MACHINE)
# Jan 12 19:25:51 ilex-an5 sshd[324664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.67  user=ivanleoncz
# Jan 12 19:25:53 ilex-an5 sshd[324664]: Failed password for ivanleoncz from 192.168.1.67 port 59794 ssh2

4_add_pubkey_to_authorized_keys_file.sh

# REMOTE MACHINE
echo "ssh-rsa some_random_str_asiodjaausdaiusgdiaupsgdipaugs== ivanleoncz@myhost" > /home/ivanleoncz/.ssh/authorized_keys 
chmod 600 /home/ivanleoncz/.ssh/authorized_keys
cat authorized_keys
# ssh-rsa some_random_str_asiodjaausdaiusgdiaupsgdipaugs== ivanleoncz@myhost

5_pubkey_access_allowed.sh

# LOCAL MACHINE
ssh -i /home/ivanleoncz/.ssh/mykey 192.168.1.67
# Enter passphrase for key '/home/ivanleoncz/.ssh/mykey': 
# Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.11.0-43-generic x86_64)
# 
#  * Documentation:  https://help.ubuntu.com
#  * Management:     https://landscape.canonical.com
#  * Support:        https://ubuntu.com/advantage
# 
# 67 updates can be applied immediately.
# To see these additional updates run: apt list --upgradable
# 
# 
# 22 updates could not be installed automatically. For more details,
# see /var/log/unattended-upgrades/unattended-upgrades.log
# Your Hardware Enablement Stack (HWE) is supported until April 2025.
# *** System restart required ***
# Last login: Wed Jan 12 19:23:45 2022 from 192.168.1.67
ivanleoncz@myhost:~ $