Software >> OS >> Unix >> Linux >> RHEL >> 7 >> RHCE >> Section 9 - SSH


Configure key-based authentication

## Setup user at SSH server side (rhel7server1)

[root@rhel7server1 ~]# useradd serveruser1

[root@rhel7server1 ~]# passwd serveruser1
Changing password for user serveruser1.
New password: ********
Retype new password:
passwd: all authentication tokens updated successfully.

## Setup user at SSH client side (rhel7client1)

[root@rhel7client1 ~]# useradd clientuser1

[root@rhel7client1 ~]# passwd clientuser1
Changing password for user clientuser1.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

## login or su to the client user and then generate SSH key-pair

[root@rhel7client1 ~]# su - clientuser1

[clientuser1@rhel7client1 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/clientuser1/.ssh/id_rsa):
Created directory '/home/clientuser1/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/clientuser1/.ssh/id_rsa.
Your public key has been saved in /home/clientuser1/.ssh/
The key fingerprint is:
SHA256:yeNG3SrLRHYxm9mBmqdW2Xvto92K02wnXxet1sDHpaI clientuser1@rhel7client1
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|           .     |
|          + .   .|
|       . = @ o oo|
|        S X = +.+|
|       = * o o *.|
|        B E .o+ =|
|       = o  .+*o=|
|        o   .+o*=|

## Confirm that the key files were generated - private_key = id_rsa,

[clientuser1@rhel7client1 ~]$ ls -lah ~/.ssh
total 8.0K
drwx------. 2 clientuser1 clientuser1   38 Jun 19 11:29 .
drwx------. 6 clientuser1 clientuser1  119 Jun 19 11:29 ..
-rw-------. 1 clientuser1 clientuser1 1.7K Jun 19 11:29 id_rsa
-rw-r--r--. 1 clientuser1 clientuser1  406 Jun 19 11:29

## From the SSH client use ssh-copy-id to put client user's public key to the server users's ~/.ssh/authorized_keys file

[clientuser1@rhel7client1 ~]$ ssh-copy-id serveruser1@rhel7server1
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/clientuser1/.ssh/"
The authenticity of host 'rhel7server1 (' can't be established.
ECDSA key fingerprint is SHA256:vNpmvuXbPajqQUZz4J+wzqni3r6SN0oxJE70Uy6iabg.
ECDSA key fingerprint is MD5:6f:05:e9:4e:37:25:b5:99:e0:49:99:14:d4:1c:e5:cc.
Are you sure you want to continue connecting (yes/no)?
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
serveruser1@rhel7server1's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'serveruser1@rhel7server1'"
and check to make sure that only the key(s) you wanted were added.

## Verify that you are now logged in via key-based (password-less) authentication

[clientuser1@rhel7client1 ~]$ ssh serveruser1@rhel7server1

[serveruser1@rhel7server1 ~]$ id
uid=1001(serveruser1) gid=1001(serveruser1) groups=1001(serveruser1) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

[serveruser1@rhel7server1 ~]$ hostname

back to Objectives


Configure additional options described in documentation

## To configure additional SSH server options, edit /etc/ssh/sshd_config

[root@rhel7server1 ~]# vi /etc/ssh/sshd_config

## check man sshd for help on the available options and how to configure them

[root@rhel7server1 ~]# man sshd

## check the following website for more info on available options

 back to Objectives