How to generate Openssl .pem file and where we have to place it
First you need to upload public key to the server you are willing to connect to, public key is in .pub file:
Example:
# ssh-copy-id -i ~/my-certificate.pub [email protected]
After this it should be working and you should be able to login using:
$ sudo ssh -i ~/my-certificate.pem [email protected]
Changes are made in file ~/.ssh/authorized_keys on server machine, open with text editor such as nano, you will see lines starting with something like: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAX ...
I personally generate the key file using $ ssh-keygen -t rsa -b 2048 -v, which generates the .pem and pub file. When you get asked:
Enter file in which to save the key (/home/user/.ssh/id_rsa):
enter the name of the .pem file for example: my-certificate.pem
Step by step from generating key to login:
- Generate the key with
$ ssh-keygen -t rsa -b 2048 -vand when asked to enter file in which to save the key, typemy-certificateand when asked to enter passphrase, press Enter (empty passphrase) and confirm by Enter. - You will get two files generated, one will be my-certificate and one will be my-certificate.pub, rename the my-certificate to my-certificate.pem, so you will have two files, my-certificate.pub and my-certificate.pem
- Upload the public certificate to to server:
ssh-copy-id -i ~/my-certificate.pub username@ip - Make .pem file on your computer read-only
sudo chmod 400 my-certificate.pem - Login with
$ sudo ssh -i /path/to/my-certificate.pem user@ip