08PassPhraseSSH - amagerard/TemplateVM GitHub Wiki
| 1- Installation | 2- Network | 3- Firewall | 4- Selinux |
|---|---|---|---|
| 5- Logs | 6- Certificates | 7- Mail | 8- PassphraseSSH |
| 9- Sudo | 10- GnomeShell | 11- CloneVM | 12- Volume |
| 13- Troubleshoot |
The ssh connection from the remote server will only be done by passphrase provided that:
- the administrator of the remote server has created an account for you.
- your public key is saved in the
/home/<username>/.ssh/authorized_keysremote server. - your private key is installed in
/home/<username>/.sshyour machine.
Your machine is a Unix system (Ubuntu, Debian, RedHat, freebsd, Mac …).
For Macs, the home directory is /Users/<username>.
Open a terminal on your machine (not from the remote server).
Your session <username> (no root , no sudo).
mkdir /home/<username>/.ssh
If you already have in /home/<username>/.ssh the id_rsa and id_rsa.pub files,
I advise you to make a copy.
ssh-keygen -t rsa -b 4096 -C <username>@<domain>
Enter file in which to save the key (/home/teacher/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): Mag6@ndm&re
You must not forget your passphrase.
ls –la /home/<username>/.ssh
id_rsa —> private.
id_rsa.pub —> public.
Copy the contents of your public key to the /home/<username>/.ssh/authorized_keys
remote server file authorizing the ssh connection.
This command makes it easier for you to transfer the copy.
ssh-copy-id -i ~/.ssh/id_rsa.pub <username>@<ipaddress remote server>
On the remote server, check if the public key is present.
cat /home/<username>/.ssh/authorized_keys
Remote server root session.
chmod 700 /home/<username>/.ssh
chmod 600 /home/<username>/.ssh/authorized_keys
Session <username>of your machine:
chmod 700 /home/<username>/.ssh
chmod 600 /home/<username>/.ssh/*
Keep copies of your public and private keys in a safe and not on your machine.
Root session of the remote machine:
Configuration of /etc/ssh/sshd_config on the remote machine.
vi /etc/ssh/sshd_config
#modify or add
Port 22
StrictModes yes
PermitRootLogin no
AllowUsers <username>
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
PermitEmptyPasswords no
Configuring /etc/sshd_config.d/50-redhat.conf.
vi /etc/ssh/sshd_config.d/50-redhat.conf
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
X11Forwarding yes
UsePAM yes
PrintMotd no
Restart the ssh service.
systemctl restart sshd
To access the remote server: ssh <username>@<serveur distant>.
Passphrase password <obligatoire>.
Open a terminal on your machine (not from the remote server).
Your session (no root , no sudo).
ssh-keygen -o -a 256 -t ed25519 -C <username>@<domain>
id_ed25519 —> private.
id_ed25519.pub —> public.
Repeat the same procedure (chapter 8.3) to export the key to the /home/<username>/.ssh/authorized_keys the remote machine.
ssh-copy-id -i ~/.ssh/id_ed25519.pub <username>@<ipaddress remote server>
The connection may be rejected and the solution is to empty the content /home/<username>/.ssh/known_hosts.
> /home/<username>/.ssh/known_hosts
The easiest solution.
- You have a private and public key.
- On Windows, download PUTTYgen and Putty-installer from
https://www.putty.org/. - Open PUTTYgen —> conversion —> import your private key.
- Save the private key in ppk format.
- Launch Putty. Go to Connection, SSH, Auth and Credentials.
- Put only the private key in ppk format.
If you don't have a private key.
Putty can create it, but it will take some patience to format the public key into an acceptable format.
https://www.tutos.eu/3194 gives you the procedure.
Tip: start your machine with a “live almalinux” bootable key and create your keys.