Wednesday, July 17, 2013

Configuring SSH Key Authentication in RHEL6

SSH Key Authentication


SSH Stand for Secure shell that is used to access remote system. It is more secure than Telnet due to encrypted transmission.
dixitmicro.blogspot.com
ssh process

The SSH server main configuration file is /etc/ssh/sshd_config where you can change options regarding SSH service.
To check that package is installed or not
#rpm -qa |grep ssh

Now open configuration file with any editor for example vim
#vim /etc/ssh/sshd_conifg
(options that you need to know before configure SSH)

Port                          Defines the port used for SSH (22)
Protocol                    Specifies the protocol being used (1 or 2 more secure)
ListenAddress           Defines the IP address to listen on
PermitRootLogin        Determines whether the root user can log in
X11Forwarding           Allows the forwarding of GUI programs

To verify that ssh port (22) is open through iptables type this command.

# cat /etc/sysconfig/iptables | grep 22

Now try to access ssh from other system
#ssh -X root@serverip
Then give password for root and you will be able to login. (X means i want to user GUI tools also)
==============================================================
ssh security

Step 1. Use TCP Wrappers to limit the hosts that can connect to the server:

# echo “sshd: 172.168.1.” >> /etc/hosts.allow
# echo “ALL: ALL” >> /etc/hosts.deny
It means only 172.168.1.0/16 can access my SSH service. Optionally you can also use any editor to edit this file.

Add the following to your config file to allow only specific users to connect:
AllowUsers user01,user02

This file display detail info about who have logged in your system with username and ip address.
#cat /var/log/secure
==============================================================

SSH key authentication

    192.168.0.1(server)    192.168.0.2(client)

A-  Generate the keys on Client as kk:
    # ssh-keygen -t rsa

B- Copy the public key over to server as kk:
   # ssh-copy-id -i ~/.ssh/id_rsa.pub server

C- In the sshd_config file, change the following two options:
    PasswordAuthentication no
    PubKeyAuthentication yes

E- Restart the SSH service for the settings to take effect:
  # service sshd restart

F- Try to connect to server as kk from the Client host to ensure that the key authentication is working properly:
   # ssh kk@192.168.0.1
You can also execute direct command from remote system by typing this command.
#ssh kk@server.example.com cat /etc/redhat-release
Posted by
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)