Skip to main content
Perform the following steps to configure the SSH Client Public Key on the SSH Server and disable non-key-based modes of authentication:
1
Log in to the SSH server machine as the root user.
2
Open a terminal session and go to the location of the SSH client public key file that you exported from the KMES Series 3.
3
Run the following OpenSSL command to convert the public key that was exported from the KMES Series 3 from DER format to PEM format (this is required for the ssh-keygen command in step 4):
Shell
openssl rsa -inform DER -outform PEM -in SSH.pub -out SSH_Client_Public.pem -pubin
4
SSH requires a specific format for the public keys used within an SSH session. Run the following ssh-keygen command to convert the SSH_Client_Public.pem file that was output from the previous command to the required SSH public key format, and add it to the ~/.ssh/authorized_keys file:
Shell
ssh-keygen -f SSH_Client_Public.pem -i -m PKCS8 >> ~/.ssh/authorized_keys
5
Open the SSH daemon configuration file:
Shell
vim /etc/ssh/sshd_config
6
Inside the file, make sure that the following directive is set:
None
PubkeyAuthentication yes
7
Optionally, you can also set the following directives to make the SSH daemon respond only to SSH keys:
None
PasswordAuthentication no
ChallengeResponseAuthentication no
8
Save and close the file when finished. You must restart the SSH service to apply the changes.On Ubuntu or Debian machines, issue the following command:
Shell
sudo service ssh restart
On CentOS/Fedora machines, issue the following command to start the sshd daemon:
Shell
sudo service sshd restart