SSH
SSH Key Offloading

Configure the SSH server and client

3min
perform the following tasks to configure the ssh server and client 1 | extract the ssh client public key from the zip file log in to the ssh server machine as the user you plan to connect with from the ssh client machine open a terminal session and go to the location of the ssh client public key zip file exported from the {{ch}} run the following command to extract the ssh client public key from the zip file, modifying the file name to match the actual name of your file unzip archive171924 zip you should see the following output archive archive171924 zip extracting ssh pub the ssh pub file is in der format, meaning the public key is binary encoded the next section uses openssl to convert the ssh pub file from der to pem format pem is a method of encoding binary data as a string (also known as ascii armor) 2 | convert the ssh client public key file from der to pem format run the following openssl command to convert the public key exported from the {{ch}} in der format to pem format (as required for the ssh keygen command in the next subsection) openssl rsa inform der outform pem in ssh pub out ssh pubkey pem pubin 3 | configure the ssh client public key on the ssh server and disable non key based modes of authentication ssh requires a specific format for the public keys used within an ssh session run the following ssh keygen command to convert the ssh pubkey pem file from the previous command to the required ssh public key format and add it to the / ssh/authorized keys file ssh keygen f ssh pubkey pem i m pkcs8 >> / ssh/authorized keys run the following command to open the ssh daemon configuration file editing this file requires sudo privileges sudo vim /etc/ssh/sshd config inside the file, confirm the following directive is present pubkeyauthentication yes optionally, you can also set the following directives to make the ssh daemon only respond to ssh keys passwordauthentication no challengeresponseauthentication no save and close the file when finished to implement these changes, restart the ssh service on ubuntu or debian machines, run the following command sudo systemctl restart sshd on centos/fedora machines, run the following command sudo service sshd restart
Updated 03 Dec 2024
Did this page help you?
PREVIOUS
Configure SSH Key Offloading
NEXT
Test the SSH connection
Docs powered by Archbee