Symas OpenLDAP Knowledge Base

SSH

ssh (the Secure Shell command) on Linux lets you open a terminal (command-line) session on a remote server. The session is encrypted using Public Key Encryption so it is secure.

Before you can use ssh, you need a key-pair. One, the public key, is put onto remote machines you are going to connect to. The private key remains on your system so that the ssh encryption service can verify that it is really you trying to connect.

Create keys on personal machine:

    ssh-keygen -t rsa 

Just hit enter and don’t change the ssh keys location, if you don’t want ssh with password or passpharse, leave it empty. Passwords and/or passphrases are only necessary if your computer might be accessed by others. For personal laptops, many of us don’t bother.

Set permissions on .ssh folder and keys

    chmod 700 ~/.ssh/ 
  • Owner has Read, Write and Execute

  • Group has no rights

  • Other has no rights

      chmod 600 ~/.ssh/id_rsa 
  • Owner has Read and Write

  • Group has no rights

  • Other has no rights

Set public key to remote SSH server:

    ssh-copy-id -i user@remote-host 

You will be asked to type your password of the user at the remote-host once to copy/import id_rsa.pub file from your localhost to remote-host.

Or cat ~/.ssh/id_rsa.pub | ssh user@remote-host ‘cat >> .ssh/authorized_keys’ Or

Log into remote SSH server normally using username and password

Create /home/username/.ssh/authorized_keys file 
Copy content of local machine's /.ssh/id_rsa.pub file to authorized_keys file on remote server 

Configure remote SSH server to access SSH key authorization

    sudo vi /etc/ssh/sshd_config 

enable (remove comment) AuthorizedKeysFile .ssh/authorized_keys Restart the ssh service

    sudo service ssh restart 

or sudo /etc/init.d/ssh restart

Change Passkey of Private Key:

    ssh-keygen -p 

Create a public SSH key from a private key:

    ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub 

-y reads a private OpenSSH format file and prints an OpenSSH public key to stdout

If password still being prompted on remote SSH server

    get enforce 
    or 
    sestatus 

Checks to see if SELinux (Security-Enhanced Linux is enabled)

Fix “Agent admitted failure to sign using the key” error:

Start the ssh-agent in the background with the following command:

    eval "$(ssh-agent -s)" 

Returns Agent PID number

Load your keys into the SSH Agent using the following command:

    ssh-add 

Enter passphrase if requested (or if passphrase exists)

Add path to id_rsa location if other than default (home/user/.ssh)

Returned “Identify added…”

Re-attempt ssh to remote host