SSH: Configure key-based authentication.

Share this link

On the server1, create a user user01 with password user01:

# useradd user01
# passwd user01

On the server2, create the same user with password user01:

# useradd user01
# passwd user01

On the server1, connect as this new user:

# su - user01

Generate a private/public pair for key-based authentication (here rsa key with 2048 bits and no passphrase):

[user01@server1 ~]$ ssh-keygen -b 2048 -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user01/.ssh/id_rsa):
Created directory '/home/user01/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user01/.ssh/id_rsa.
Your public key has been saved in /home/user01/.ssh/id_rsa.pub.
The key fingerprint is:
e7:75:b5:b4:01:d6:6d:b4:59:92:65:c9:2d:8c:db:a6 user01@server1.example.com
The key's randomart image is:
+-----[ RSA 2048]-------+
|                   =++O|
|                  o =*B|
|                   o B.|
|                  . +.+|
|              S . .o.o |
|                o .E.  |
|               .       |
|                       |
|                       |
+-----------------------+

Send the key to the server2 machine:

[user01@server1 ~]$ ssh-copy-id -i .ssh/id_rsa.pub user01@server2.example.com
The authenticity of host 'server2.example.com (192.168.1.20)' can't be established.
RSA key fingerprint is 82:62:75:f9:80:06:58:91:ec:71:12:c1:4c:ce:d9:9b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server2.example.com,192.168.1.20' (RSA) to the list of known hosts.
user01@server2.example.com's password:
Now try logging into the machine, with "ssh 'user01@server2.example.com'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

On the server2, edit the /etc/ssh/sshd_config file and set the following options:

PasswordAuthentication no
PubkeyAuthentication yes

Restart the sshd service:

# service sshd restart

On the server1 as user01, connect to the server2:

[user01@server1 ~]$ ssh server2.example.com
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Leave a Reply

Upcoming Events (Local Time)

There are no events.

RHCSA7: Task of the day

Allowed time: 3 minutes.
Check that you've got no SELinux policy violations.

RHCE7: Task of the day

Allowed time: 10 minutes.
Configure a system to forward all email to a central mail server at 192.168.1.1 (change the IP address accordingly).

Follow me on Twitter

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...