## Setup user at SSH server side (rhel7server1)
[root@rhel7server1 ~]# useradd serveruser1
[root@rhel7server1 ~]# passwd serveruser1 Changing password for user serveruser1. New password:********
Retype new password: ******** passwd: all authentication tokens updated successfully.
## Setup user at SSH client side (rhel7client1)
[root@rhel7client1 ~]# useradd clientuser1
[root@rhel7client1 ~]# passwd clientuser1 Changing password for user clientuser1.
New password:********
Retype new password: ******** passwd: all authentication tokens updated successfully.
## login or su to the client user and then generate SSH key-pair
[root@rhel7client1 ~]# su - clientuser1
[clientuser1@rhel7client1 ~]$ ssh-keygen Generating public/private rsa key pair.
Enter file in which to save the key (/home/clientuser1/.ssh/id_rsa):
Created directory '/home/clientuser1/.ssh'.
Enter passphrase (empty for no passphrase):<Enter>
Enter same passphrase again:<Enter>
Your identification has been saved in /home/clientuser1/.ssh/id_rsa.
Your public key has been saved in /home/clientuser1/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:yeNG3SrLRHYxm9mBmqdW2Xvto92K02wnXxet1sDHpaI clientuser1@rhel7client1
The key's randomart image is:
+---[RSA 2048]----+
| |
| . |
| + . .|
| . = @ o oo|
| S X = +.+|
| = * o o *.|
| B E .o+ =|
| = o .+*o=|
| o .+o*=|
+----[SHA256]-----+
## Confirm that the key files were generated - private_key = id_rsa, public_key=id_rsa.pub
[clientuser1@rhel7client1 ~]$ ls -lah ~/.ssh total 8.0K
drwx------. 2 clientuser1 clientuser1 38 Jun 19 11:29 .
drwx------. 6 clientuser1 clientuser1 119 Jun 19 11:29 ..
-rw-------. 1 clientuser1 clientuser1 1.7K Jun 19 11:29 id_rsa
-rw-r--r--. 1 clientuser1 clientuser1 406 Jun 19 11:29 id_rsa.pub
## From the SSH client use ssh-copy-id to put client user's public key to the server users's ~/.ssh/authorized_keys file
[clientuser1@rhel7client1 ~]$ ssh-copy-id serveruser1@rhel7server1 /bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/clientuser1/.ssh/id_rsa.pub"
The authenticity of host 'rhel7server1 (192.168.0.10)' can't be established.
ECDSA key fingerprint is SHA256:vNpmvuXbPajqQUZz4J+wzqni3r6SN0oxJE70Uy6iabg.
ECDSA key fingerprint is MD5:6f:05:e9:4e:37:25:b5:99:e0:49:99:14:d4:1c:e5:cc.
Are you sure you want to continue connecting (yes/no)?yes /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
serveruser1@rhel7server1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'serveruser1@rhel7server1'"
and check to make sure that only the key(s) you wanted were added.
## Verify that you are now logged in via key-based (password-less) authentication