Configure the SSH server

1min
Perform the following steps to configure the SSH Client Public Key on the SSH Server and disable non-key-based modes of authentication:
1
Log in to the SSH server machine as the root user.
2
Open a terminal session and go to the location of the SSH client public key file that you exported from the . 
3
Run the following OpenSSL command to convert the public key that was exported from the  from DER format to PEM format (this is required for the ssh-keygen command in step 4):
Shell
openssl rsa -inform DER -outform PEM -in SSH.pub -out SSH_Client_Public.pem -pubin
openssl rsa -inform DER -outform PEM -in SSH.pub -out SSH_Client_Public.pem -pubin
﻿
4
SSH requires a specific format for the public keys used within an SSH session. Run the following ssh-keygen command to convert the SSH_Client_Public.pem file that was output from the previous command to the required SSH public key format, and add it to the ~/.ssh/authorized_keys file:
Shell
ssh-keygen -f SSH_Client_Public.pem -i -m PKCS8 >> ~/.ssh/authorized_keys
ssh-keygen -f SSH_Client_Public.pem -i -m PKCS8 >> ~/.ssh/authorized_keys
﻿
5
Open the SSH daemon configuration file:
Shell
vim /etc/ssh/sshd_config
vim /etc/ssh/sshd_config
﻿
6
Inside the file, make sure that the following directive is set:
Text
PubkeyAuthentication yes
PubkeyAuthentication yes
﻿
7
Optionally, you can set the following directives as well to make the SSH daemon respond only to SSH keys:
Text
PasswordAuthentication no
ChallengeResponseAuthentication no
PasswordAuthentication no
ChallengeResponseAuthentication no
﻿
8
Save and close the file when finished. You must restart the SSH service to apply the changes. 
On Ubuntu or Debian machines, issue the following command:
Shell
sudo service ssh restart
sudo service ssh restart
﻿
On CentOS/Fedora machines, the daemon is called sshd:
Shell
sudo service sshd restart
sudo service sshd restart
﻿
﻿
Updated 12 Jul 2024
Did this page help you?
Configure KMES Series 3
Edit the Futurex PKCS #11 configuration file