oke, jadi biasanya saya kalau ssh ke server remote memang sudah pakai ssh key aja, males bolak-balik ngetikin password kalau mau nge-remote ke server dan memang cara ini lebih aman daripada pakai password tapi dengan catatan jangan sampai private key nya hilang, karena kalau kita lupa password dan private key hilang maka kita gak bisa masuk lagi ke server tersebut.
nah ini buat yang masih belum bisa login ke server remote dengan ssh key saya bagikan langkah-langkahnya yang simple banget dibandingkan jika dengan kita copas manual keynya ke server remote.
Bikin dulu sepasang ssh key di host lokal.
user01@raspi4:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.3 LTS
Release: 22.04
Codename: jammy
cara bikin sepasang ssh key (private dan public) sbb:
user01@raspi4:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user01/.ssh/id_rsa):
Created directory '/home/user01/.ssh'.
Enter passphrase (empty for no passphrase): (enter aja)
Enter same passphrase again: (enter aja)
Your identification has been saved in /home/user01/.ssh/id_rsa
Your public key has been saved in /home/user01/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:BOwKkbgyTn4CLNPSLuEpQf4V2/u+otEjKpknJlaFOrk user01@raspi4
The key's randomart image is:
+---[RSA 3072]----+
| . . .. |
|..o ... |
|++ ...+ . |
|@++. +.o |
|OB=.o. S |
|oX.+. .. |
|..O o o. |
|.E .. o... |
|+ +. .. oo. |
+----[SHA256]-----+
user01@raspi4:~$
proses selesai, kita cek dulu apakah key nya sudah ada di direktory .ssh:
user01@raspi4:~$ cd
user01@raspi4:~$ pwd
/home/user01
user01@raspi4:~$ ls -l .ssh/
total 16
-rw------- 1 user01 user01 2602 Jan 14 17:17 id_rsa
-rw-r--r-- 1 user01 user01 567 Jan 14 17:17 id_rsa.pub
-rw------- 1 user01 user01 364 Jan 14 17:22 known_hosts
-rw-r--r-- 1 user01 user01 142 Jan 14 17:22 known_hosts.old
user01@raspi4:~$
oke jadi sudah kelihatan ada sepasang ssh key di dalam direktory .ssh, yaitu file id_rsa (private key) dan id_rsa.pub (public key).
selanjutnya kita mesti transfer kan key public tadi ke server remote, ini bisa dengan cara manual copas biasa namun prosedurnya mungkin tidak sesimple kalau dibandingkan menggunakan perintah ssh-copy-id yaitu dengan cara sbb:
user01@raspi4:~$ ssh-copy-id rizahnst@172.16.100.37
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user01/.ssh/id_rsa.pub"
The authenticity of host '172.16.100.37 (172.16.100.37)' can't be established.
ED25519 key fingerprint is SHA256:2AYiVmYI7TmQtMjUgJzdynsMLH6tf8Wt0XmhzGQEv+w.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
rizahnst@172.16.100.37's password: (masukin password user rizahnst)
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'rizahnst@172.16.100.37'"
and check to make sure that only the key(s) you wanted were added.
user01@raspi4:~$
sedikit penjelasan disini: rizahnst@172.16.100.37 sbb:
rizahnst adalah username yang ada di server remote
172.16.100.37 adalah alamat ip server remote
pastikan bahwa service ssh sudah nyala di server remote.
kemudian kita coba login ke server remote menggunakan ssh
user01@raspi4:~$ ssh rizahnst@172.16.100.37
Welcome to Ubuntu 20.04.6 LTS (GNU/Linux 5.4.0-169-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Sun 14 Jan 2024 10:23:47 AM UTC
System load: 0.0 Processes: 112
Usage of /: 46.9% of 9.74GB Users logged in: 1
Memory usage: 22% IPv4 address for enp0s3: 172.16.100.37
Swap usage: 0%
Expanded Security Maintenance for Applications is not enabled.
0 updates can be applied immediately.
Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status
New release '22.04.3 LTS' available.
Run 'do-release-upgrade' to upgrade to it.
Last login: Sun Jan 14 10:10:24 2024 from 172.16.100.12
rizahnst@ubuntu-20-04:~$
kita berhasil login menggunakan ssh ke server remote tanpa harus masukin password lagi.
rizahnst@ubuntu-20-04:~$ lsb_release -a~$
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.6 LTS
Release: 20.04
Codename: focal
rizahnst@ubuntu-20-04:
kita bisa iseng cek ke .ssh/authorized_keys isi dari public key yang di copas tadi;
rizahnst@ubuntu-20-04:~$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4WZhnT7CuyG9SKQcCIf9Tfei3A5YYEqEMK9uIerBHigccMSwyToGnNtAEsXVG9dPtUSlHYvmvUqZjH/4k6ZBtL6vXtosTWICjIWr/3yBRN/AMD5ltVawxJofvc1jZfpVOFZmo5gKEcySfKZ5GE8B99MPBJtWvX7ra4KhG792j5QLL/LcgDFKrc7WrdmRRTnwfOhSjDdMkayiPAMqPGqjDvAeEOFcDYZynWGbzYzmiE8j5flk46r1gMeIex7l5s0TXrmU7HvRyP6WhLzJjx+YDZ8mhFHkW0atvJPa8qaLl7S8frlbkrm3gwFE6mkx2KIF7AmAnh/N8sOINQ+qYs64mjhmQa2e/347Ayf1E4nN0FY/edEXmHRru5FB4xlUp72aCn1W3EiKAJSKIPaSeYSXb56bz6OMq4hQjYKQ3mPeN0vWjRr135+C0Bd4gDWoYlGSJayex2Si+mCFsPuhKnc1yUzj6pO2rQUmhMU+ljTe9oH5PRTAyt6PY5ZyfWo2xrec= user01@raspi4
rizahnst@ubuntu-20-04:~$
public key yang ada di sini (@ubuntu-20-04) sama dengan public key yang ada di server lokal (@raspi4):
user01@raspi4:~$ cd
user01@raspi4:~$ pwd
/home/user01
user01@raspi4:~$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4WZhnT7CuyG9SKQcCIf9Tfei3A5YYEqEMK9uIerBHigccMSwyToGnNtAEsXVG9dPtUSlHYvmvUqZjH/4k6ZBtL6vXtosTWICjIWr/3yBRN/AMD5ltVawxJofvc1jZfpVOFZmo5gKEcySfKZ5GE8B99MPBJtWvX7ra4KhG792j5QLL/LcgDFKrc7WrdmRRTnwfOhSjDdMkayiPAMqPGqjDvAeEOFcDYZynWGbzYzmiE8j5flk46r1gMeIex7l5s0TXrmU7HvRyP6WhLzJjx+YDZ8mhFHkW0atvJPa8qaLl7S8frlbkrm3gwFE6mkx2KIF7AmAnh/N8sOINQ+qYs64mjhmQa2e/347Ayf1E4nN0FY/edEXmHRru5FB4xlUp72aCn1W3EiKAJSKIPaSeYSXb56bz6OMq4hQjYKQ3mPeN0vWjRr135+C0Bd4gDWoYlGSJayex2Si+mCFsPuhKnc1yUzj6pO2rQUmhMU+ljTe9oH5PRTAyt6PY5ZyfWo2xrec= user01@raspi4