107PassphraseSSH - amagerard/TemplateVM GitHub Wiki
| 1- Installation | 2- Network | 3- Firewall | 4- Selinux |
|---|---|---|---|
| 5- Logs | 6- Certificates | 7- PassphraseSSH | 8- Sudo |
| 9- GnomeShell | 10- Volumes | 11- Proxmox | 12- Troubleshoots |
The ssh connection from the remote server (VM) will only be done by passphrase provided that:
- the administrator of the remote server(VM) has created an account for you.
- your public key is saved in the
/home/<username>/.ssh/authorized_keysremote server (VM). - your private key is installed in
/home/<username>/.sshyour computer (Linux).
For Macs, the home directory is /Users/<username>.
Open a terminal on your computer (not from the remote server).
Your session <username> (no root , no sudo).
mkdir /home/<username>/.ssh
If you already have in /home/<username>/.ssh the id_ed25519 and id_ed25519.pub files,
I advise you to make a copy.
ssh-keygen -t ed25519 -b 521 -C teacher@<your hostname
Enter file in which to save the key (/home/teacher/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): Mag6@ndm&re
You must not forget your passphrase.
ls –la /home/<username>/.ssh
id_25519 —> private.
id_25519.pub —> public.
The easiest solution.
Start your computer with a “live almalinux” bootable usb and create your keys.
- You have a private and public key.
- On Windows, download PUTTYgen and Putty-installer from
https://www.putty.org/. - Open PUTTYgen —> conversion —> import your private key.
- Save the private key in ppk format.
- Launch Putty. Go to Connection, SSH, Auth and Credentials.
- Put only the private key in ppk format.
If you don't have a private key.
Putty can create it, but it will take some patience to format the public key into an acceptable format.
https://www.tutos.eu/3194 (french) gives you the procedure.
Copy the contents of your public key to the /home/<username>/.ssh/authorized_keys
remote server (VM) file authorizing the ssh connection.
This command makes it easier for you to transfer the copy.
ssh-copy-id -i ~/.ssh/id_ed25519.pub <username>@<ipaddress remote server>
For Windows lovers,you will give your public key to the system administrator who manages the VM.
On the remote server (VM), check if the public key is present.
cat /home/<username>/.ssh/authorized_keys
Remote server (VM) root session.
chmod 700 /home/<username>/.ssh
chmod 600 /home/<username>/.ssh/authorized_keys
Session <username>of your computer:
chmod 700 /home/<username>/.ssh
chmod 600 /home/<username>/.ssh/*
Keep copies of your public and private keys in a safe and not on your computer.
Root session of the remote machine (VM):
Configuration of /etc/ssh/sshd_config on the remote machine (VM).
vi /etc/ssh/sshd_config
#modify or add
Port 22
StrictModes yes
PermitRootLogin no
AllowUsers <username>
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
PermitEmptyPasswords no
Configuring /etc/sshd_config.d/50-redhat.conf.
This is no longer necessary with newer versions but it should be checked.
vi /etc/ssh/sshd_config.d/50-redhat.conf
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
X11Forwarding yes
UsePAM yes
PrintMotd no
Restart the ssh service.
systemctl restart sshd
To access the remote server (VM): ssh <username>@<serveur distant>.
Passphrase password <mandatory>.
The connection may be rejected and the solution is to empty the content /home/<username>/.ssh/known_hosts.
Clean the known_hosts file.
> /home/<username>/.ssh/known_hosts