How to Connect to SSH with a Self-Made Certificate – old way


In today’s blog post, we’ll cover how to create and use a self-made certificate to connect to SSH, primarily focusing on the process using Windows. We will also discuss where to store these certificates in an Ubuntu system, making sure your setup is secure and efficient.

Why Use Self-Made Certificates?

Using self-made certificates for SSH connections offers a higher level of security compared to traditional password authentication. Certificates ensure that only machines with the correct private key can connect, reducing the risk of unauthorized access.

Creating a Self-Made Certificate on Windows

  • OpenSSL installed on your Windows machine.
  • Access to the terminal or command prompt.
  • Administrative privileges.
Step-by-Step Guide
1. Install OpenSSL

Download and install OpenSSL from the official website. Follow the installation instructions provided on the site. You can use also WSL on windows – wsl -d Ubuntu

2. Generate the RSA Key Pair

Open the command prompt and run the following commands to generate a private key and a public key:

openssl genpkey -algorithm RSA -out private_key.pem -aes256
openssl rsa -pubout -in private_key.pem -out public_key.pem
3. Create the Certificate

Next, create a certificate signing request (CSR) and sign it to create your certificate:

openssl req -new -key private_key.pem -out request.csr
openssl x509 -req -days 365 -in request.csr -signkey private_key.pem -out certificate.crt
4. Convert Certificate to PEM Format
openssl x509 -outform pem -in certificate.crt -out certificate.pem
Storing Certificates on an Ubuntu System
Directory Structure

On your Ubuntu system, you should store your SSH certificates in a secure directory. The typical directory for SSH keys and certificates is ~/.ssh/.

Transfer the Certificate

Use a secure method to transfer your certificate and key to the Ubuntu system. You can use SCP (Secure Copy Protocol) to transfer the files:

scp private_key.pem user@ubuntu_server:~/.ssh/
scp public_key.pem user@ubuntu_server:~/.ssh/
scp certificate.pem user@ubuntu_server:~/.ssh/
Set Permissions

Ensure the permissions are correctly set for the private key to maintain security:

chmod 600 ~/.ssh/private_key.pem
chmod 644 ~/.ssh/public_key.pem
chmod 644 ~/.ssh/certificate.pem
Configuring SSH to Use the Certificate

Edit the SSH configuration file on your Ubuntu server to use your new certificate for authentication:

sudo nano /etc/ssh/sshd_config

Add the following lines to specify the use of the certificate:

AuthorizedKeysFile  ~/.ssh/authorized_keys
TrustedUserCAKeys  ~/.ssh/certificate.pem

Restart the SSH service to apply the changes:

sudo systemctl restart sshd
Connecting to SSH with the Certificate

On your Windows machine, use an SSH client like PuTTY or the command prompt to connect to the Ubuntu server using your private key:

Using PuTTY
  1. Open PuTTY and navigate to Connection > SSH > Auth.
  2. Browse and select your private key file (private_key.pem).
  3. Return to the Session tab, enter your Ubuntu server’s IP address, and click Open.
Using Command Prompt
ssh -i path_to_private_key.pem user@ubuntu_server

Using self-made certificates for SSH connections enhances security and is a robust alternative to password-based authentication. While we focused on creating certificates in Windows, the principles apply across various operating systems, including Linux and macOS. By following the steps outlined, you’ll be able to securely connect to your SSH servers with your custom certificate.

Additional Resources

Feel free to leave your comments or questions below. Happy secure connecting!

Leave a Reply

Your email address will not be published. Required fields are marked *