Software >> OS >> Unix >> Linux >> RHEL >> 7 >> RHCE >> Section 9 - SSH

 

Configure key-based authentication

## Setup user at SSH server side (rhel7server1)

[root@rhel7server1 ~]# useradd serveruser1

[root@rhel7server1 ~]# passwd serveruser1
Changing password for user serveruser1.
New password: ********
Retype new password:
********
passwd: all authentication tokens updated successfully.


## Setup user at SSH client side (rhel7client1)


[root@rhel7client1 ~]# useradd clientuser1

[root@rhel7client1 ~]# passwd clientuser1
Changing password for user clientuser1.
New password:
********
Retype new password:
********
passwd: all authentication tokens updated successfully.



## login or su to the client user and then generate SSH key-pair


[root@rhel7client1 ~]# su - clientuser1

[clientuser1@rhel7client1 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/clientuser1/.ssh/id_rsa):
Created directory '/home/clientuser1/.ssh'.
Enter passphrase (empty for no passphrase):
<Enter>
Enter same passphrase again:
<Enter>
Your identification has been saved in /home/clientuser1/.ssh/id_rsa.
Your public key has been saved in /home/clientuser1/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:yeNG3SrLRHYxm9mBmqdW2Xvto92K02wnXxet1sDHpaI clientuser1@rhel7client1
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|           .     |
|          + .   .|
|       . = @ o oo|
|        S X = +.+|
|       = * o o *.|
|        B E .o+ =|
|       = o  .+*o=|
|        o   .+o*=|
+----[SHA256]-----+


## Confirm that the key files were generated - private_key = id_rsa, public_key=id_rsa.pub


[clientuser1@rhel7client1 ~]$ ls -lah ~/.ssh
total 8.0K
drwx------. 2 clientuser1 clientuser1   38 Jun 19 11:29 .
drwx------. 6 clientuser1 clientuser1  119 Jun 19 11:29 ..
-rw-------. 1 clientuser1 clientuser1 1.7K Jun 19 11:29 id_rsa
-rw-r--r--. 1 clientuser1 clientuser1  406 Jun 19 11:29 id_rsa.pub


## From the SSH client use ssh-copy-id to put client user's public key to the server users's ~/.ssh/authorized_keys file


[clientuser1@rhel7client1 ~]$ ssh-copy-id serveruser1@rhel7server1
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/clientuser1/.ssh/id_rsa.pub"
The authenticity of host 'rhel7server1 (192.168.0.10)' can't be established.
ECDSA key fingerprint is SHA256:vNpmvuXbPajqQUZz4J+wzqni3r6SN0oxJE70Uy6iabg.
ECDSA key fingerprint is MD5:6f:05:e9:4e:37:25:b5:99:e0:49:99:14:d4:1c:e5:cc.
Are you sure you want to continue connecting (yes/no)?
yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
serveruser1@rhel7server1's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'serveruser1@rhel7server1'"
and check to make sure that only the key(s) you wanted were added.


## Verify that you are now logged in via key-based (password-less) authentication

[clientuser1@rhel7client1 ~]$ ssh serveruser1@rhel7server1

[serveruser1@rhel7server1 ~]$ id
uid=1001(serveruser1) gid=1001(serveruser1) groups=1001(serveruser1) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

[serveruser1@rhel7server1 ~]$ hostname
rhel7server1




back to Objectives

 

Configure additional options described in documentation


## To configure additional SSH server options, edit /etc/ssh/sshd_config

[root@rhel7server1 ~]# vi /etc/ssh/sshd_config


## check man sshd for help on the available options and how to configure them

[root@rhel7server1 ~]# man sshd


## check the following website for more info on available options

https://man.openbsd.org/sshd_config

 back to Objectives