Find knowledge base article(s) by searching for keywords in the title e.g. type linux in the search box below
Find knowledge base article(s) by browsing the subject categories of articles
Technology quick references, cheatsheets, user manuals etc.
Shop Online through ShopifyLite
Tutorials on various IT applications.
Search Title    (UL:0 |SS:f)

Software >> OS >> Unix >> Linux >> RHEL >> 7 >> RHCE >> Section 9 - SSH

 

Configure key-based authentication

## Setup user at SSH server side (rhel7server1)

[root@rhel7server1 ~]# useradd serveruser1

[root@rhel7server1 ~]# passwd serveruser1
Changing password for user serveruser1.
New password: ********
Retype new password: ********
 passwd: all authentication tokens updated successfully.


## Setup user at SSH client side (rhel7client1)

[root@rhel7client1 ~]# useradd clientuser1

[root@rhel7client1 ~]# passwd clientuser1
Changing password for user clientuser1.
New password: ********
Retype new password: ********
 passwd: all authentication tokens updated successfully.


## login or su to the client user and then generate SSH key-pair

[root@rhel7client1 ~]# su - clientuser1

[clientuser1@rhel7client1 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/clientuser1/.ssh/id_rsa):
Created directory '/home/clientuser1/.ssh'.
Enter passphrase (empty for no passphrase):<Enter>
Enter same passphrase again:<Enter>
Your identification has been saved in /home/clientuser1/.ssh/id_rsa.
Your public key has been saved in /home/clientuser1/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:yeNG3SrLRHYxm9mBmqdW2Xvto92K02wnXxet1sDHpaI clientuser1@rhel7client1
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|           .     |
|          + .   .|
|       . = @ o oo|
|        S X = +.+|
|       = * o o *.|
|        B E .o+ =|
|       = o  .+*o=|
|        o   .+o*=|
+----[SHA256]-----+


## Confirm that the key files were generated - private_key = id_rsa, public_key=id_rsa.pub

[clientuser1@rhel7client1 ~]$ ls -lah ~/.ssh
total 8.0K
drwx------. 2 clientuser1 clientuser1   38 Jun 19 11:29 .
drwx------. 6 clientuser1 clientuser1  119 Jun 19 11:29 ..
-rw-------. 1 clientuser1 clientuser1 1.7K Jun 19 11:29 id_rsa
-rw-r--r--. 1 clientuser1 clientuser1  406 Jun 19 11:29 id_rsa.pub


## From the SSH client use ssh-copy-id to put client user's public key to the server users's ~/.ssh/authorized_keys file

[clientuser1@rhel7client1 ~]$ ssh-copy-id serveruser1@rhel7server1
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/clientuser1/.ssh/id_rsa.pub"
The authenticity of host 'rhel7server1 (192.168.0.10)' can't be established.
ECDSA key fingerprint is SHA256:vNpmvuXbPajqQUZz4J+wzqni3r6SN0oxJE70Uy6iabg.
ECDSA key fingerprint is MD5:6f:05:e9:4e:37:25:b5:99:e0:49:99:14:d4:1c:e5:cc.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
serveruser1@rhel7server1's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'serveruser1@rhel7server1'"
and check to make sure that only the key(s) you wanted were added.


## Verify that you are now logged in via key-based (password-less) authentication

[clientuser1@rhel7client1 ~]$ ssh serveruser1@rhel7server1

[serveruser1@rhel7server1 ~]$ id
uid=1001(serveruser1) gid=1001(serveruser1) groups=1001(serveruser1) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

[serveruser1@rhel7server1 ~]$ hostname
rhel7server1

back to Objectives

 

Configure additional options described in documentation


## To configure additional SSH server options, edit /etc/ssh/sshd_config

[root@rhel7server1 ~]# vi /etc/ssh/sshd_config


## check man sshd for help on the available options and how to configure them

[root@rhel7server1 ~]# man sshd


## check the following website for more info on available options
https://man.openbsd.org/sshd_config

 back to Objectives

 
[ © 2008-2021 myfaqbase.com - A property of WPDC Consulting ]