May 22, 2007 Howto Linux / UNIX setup SSH with DSA public key authentication (password less login) last updated May 22, 2007 in Categories BASH Shell, CentOS, Debian / Ubuntu, FreeBSD, HP-UX Unix, Linux, Networking, OpenBSD, RedHat and Friends, Security, Suse, Ubuntu Linux, UNIX.
I am a new RHEL 8 server sysadmin. How do I configure SSH public key-based authentication for RHEL (Red Hat Enterprise Linux) 8 server?
Introduction – SSH is an acronym for secure shell. It is a suite of cryptographic network protocol. It allows users to log in and transfer files securely over the unsecure network such as the Internet. OpenSSH is an implementation of SSH protocol on RHEL 8. You can log in using RHEL 8 user and password account. However, OpenSSH project recommends log in using a combination of a private and public SSH keys.
Advertisements
Sample set up for our RHEL 8 server
How do I set up SSH keys on RHEL 8 server?
The procedure to set up SSH key on Red Hat Enteprise Linux 8 server:
Let us see all commands and steps in details.
How to create the ed25519 or RSA key pair
The syntax is:
ssh-keygen -t ed25519 Where,
I am going type the following command on my Ubuntu desktop to create the key pair:
$ ssh-keygen -t ed25519 I strongly recommend that you set up a passphrase when prompted. How to copy the public key
Now our key paid generated and stored in ~/.ssh/ directory. You must copy a public SSH key file named ~/.ssh/id_ed25519.pub (or ~/.ssh/id_rsa.pub if you created RSA key) to the RHEL 8 server. Try the ssh-copy-id command as follows:
$ ssh-copy-id -i ~/.ssh/fileNameHere.pubuser@remote-RHEL8-server-ip For example: $ ssh-copy-id -i ~/.ssh/id_ed25519.pub [email protected] How to log in using ssh and without a password
Now try logging into the machine, with the ssh command as follows:
$ ssh user@rhel-8-server You should be able to log in without a password. If you set up a passphrase, unlock it as follows for your current session so that you don’t have to enter it every time you run ssh, sftp, scp, rsync and other commands: $ ssh-agent $SHELL
Optional settings for root user
Disable root user log in all together on RHEL 8 via ssh. Log in as root user on RHEL 8 and run following to add a user named vivek to wheel group:
# usermod -aG wheel vivek Allows users in group wheel can use sudo command to run all commands on RHEL 8 server. Next disable root user login by adding the following line to sshd_config: # vi /etc/ssh/sshd_config Disable the password for root login and only allow ssh keys based login:
Save and close the file. Reload the ssh server:
# systemctl reload sshd.service For more info see “Top 20 OpenSSH Server Best Security Practices“. Conclusion
You learned how to set up and use SSH keys to manage your RHEL 8 based server. For more info see OpenSSH man pages here.
ADVERTISEMENTS
Hi Folks,
I administer a RHEL server, which until recently was running RHEL 5.something. I had public keys set up so I could connect to this server from my desktop without a password (using keychain to manage the ssh-agent). The server has just been upgraded to RHEL 6.5, and for the life of me I can't get public key logins working anymore. On my desktop, I have:
desktop:~$ llh ~/.ssh .. -rw------- 1 gredner gredner 751 Feb 21 2011 id_dsa -rw------- 1 gredner gredner 613 Feb 21 2011 id_dsa.pub I pasted the contents of id_dsa.pub into ~/.ssh/authorized_keys2 on the server. There I have:
server:~$ llh ~/.ssh .. -rw-------. 1 gredner gredner 1.3K Dec 5 11:47 authorized_keys2 I've turned up the sshd logging level on the server for illustrative purposes. When I do: Generate Ssh Key Centos 6
desktop:~$ ssh server
gredner@servers password: Rhel 6 Vs Rhel 7it prompts me for a password (not the key password, but the server password). On the server side I see in /var/log/secure:
Dec 5 12:06:22 server sshd[11620]: debug1: temporarily_use_uid: 515/516 (e=0/0)
Dec 5 12:06:22 server sshd[11620]: debug1: trying public key file /home/gredner/.ssh/authorized_keys2 Dec 5 12:06:22 server sshd[11620]: debug1: Could not open authorized keys '/home/gredner/.ssh/authorized_keys2': Permission denied Dec 5 12:06:22 server sshd[11620]: debug1: restore_uid: 0/0 Dec 5 12:06:22 server sshd[11620]: Failed publickey for gredner from ip.addr.of.desktop port 33890 ssh2 Generate Ssh Key RhelGenerate Ssh Key Rhel 6 DownloadPermission denied! But the permissions on the file are 600, it's owned by me, and the uid of 516 mentioned in the sshd log is my uid.What could be the problem? Could it be an SELinux thing? Am I missing something obvious? Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |