r ssh
authentication
·
Password Based Authentication
· Key Based Authentication
o Key Pair Value [Public Key + Private Key]
· Key Based Authentication
o Key Pair Value [Public Key + Private Key]
r ssh
server
·
Package: openssh-server
· Config File: /etc/ssh/sshd_config [For server]
/etc/ssh/ssh_config [For client]
· Port: 22/tcp
· Service Name: sshd
· By Default: All users allowed
· Config File: /etc/ssh/sshd_config [For server]
/etc/ssh/ssh_config [For client]
· Port: 22/tcp
· Service Name: sshd
· By Default: All users allowed
r ssh
client
·
Server IP
· Username
o PermitRootLogin yes
o AllowUsers shohan root
o DenyUser Alex
· Password
· Port
· Username
o PermitRootLogin yes
o AllowUsers shohan root
o DenyUser Alex
· Password
· Port
r ssh
server configuration
· PermitRootLogin
· Port
· Listen
· Key Based Authentication
o ssh-keygen
o ssh-copy-id
· PermitRootLogin
· Port
· Listen
· Key Based Authentication
o ssh-keygen
o ssh-copy-id
r
From SSH client:
·
ssh ip
· ssh user@ip
· ssh -l root 192.168.56.72
· ssh -p <port> user@ip
· ssh user@ip
· ssh -l root 192.168.56.72
· ssh -p <port> user@ip
r Deny
root login via ssh
·
PermitRootLogin no
r SSH
procedure
·
For server
[root@B ~]# rpm -qa openssh
[root@B ~]# yum install openssh-server
[root@B ~]# systemctl start sshd
[root@B ~]# systemctl enable sshd
·
For client [Clinet will provide ssh command]
[root@B ~]# rpm -q openssh-clients
openssh-clients-8.7p1-38.el9_4.4.x86_64
1.Generate keypair using ssh-key-gen
2.Copy public key to server (path depends on sshd_config file)
3.Login to ssh server using private key
step01:
[root@ServerA ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:JHSgwdyPgWCAZTNdrYed2Bbs97ZC+1nPZmEfnmyAE6w root@a
The key's randomart image is:
+---[RSA 2048]----+
|ooB=.+++. |
|.o o=+o.+ |
| . .@.o. |
| =oO .o |
| oS...o |
| E.oo. + |
| . o..* =|
| o .o B+|
| oo .oo|
+----[SHA256]-----+
step02:
[root@ ServerA ~]# cd .ssh/
[root@ ServerA .ssh]# ll
id_rsa
id_rsa.pub
step03:
[root@ServerA .ssh]# ssh-copy-id
root@192.168.56.72
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now, it is to install the new keys
root@192.168.56.72's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.56.72'"
and check to make sure that only the key(s) you wanted were added.
[root@B ~]# yum install openssh-server
[root@B ~]# systemctl start sshd
[root@B ~]# systemctl enable sshd
openssh-clients-8.7p1-38.el9_4.4.x86_64
2.Copy public key to server (path depends on sshd_config file)
3.Login to ssh server using private key
step01:
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:JHSgwdyPgWCAZTNdrYed2Bbs97ZC+1nPZmEfnmyAE6w root@a
The key's randomart image is:
+---[RSA 2048]----+
|ooB=.+++. |
|.o o=+o.+ |
| . .@.o. |
| =oO .o |
| oS...o |
| E.oo. + |
| . o..* =|
| o .o B+|
| oo .oo|
+----[SHA256]-----+
[root@ ServerA .ssh]# ll
id_rsa
id_rsa.pub
step03:
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now, it is to install the new keys
root@192.168.56.72's password:
and check to make sure that only the key(s) you wanted were added.
Tags
RHCSA