Configuring SSH for Public Key Authentication

The following activities are covered in this task: • Configuring the private/public keys

• Copying the public key onto the remote host (server) • Verifying Secure Shell (SSH) access

1. Verify that the Sol11-Server1 and Sol11-Desktop virtual machines are running.

2. In Sol11-Server1, use the su command to switch to the jholt account. Use oracle1 as the password.

oracle@s11-server1:~# su - jholt Password: oracle1

jholt@s11-server1:~$

Oracle Corporation SunOS 5.11 11.2 June 2014

During SSH configuration for jholt, you will be moving back and forth between Sol11- Server1 and Sol11-Desktop. If you need to know which VM you are on, check the command prompt. In this example, it is the Sol11-Server1 machine. Alternatively, use the hostname command.

3. Create the rsa pair of public and private keys on your system. jholt@s11-server1:~$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key

(/export/home/jholt/.ssh/id_rsa): <Press Enter Key> Created directory ‘export/home/jholt/.ssh’.

Enter passphrase (empty for no passphrase): passphrase Enter same passphrase again: passphrase

Your identification has been saved in /export/home/jholt/.ssh/id_rsa.

Your public key has been saved in /export/home/jholt/.ssh/id_rsa.pub. The key fingerprint is:

b6:87:0f:52:4a:af:a6:9c:28:b1:b9:db:4b:fe:9d:ed jholt@s11- server1

jholt@s11-server1:~$ ls .ssh id_rsa id_rsa.pub

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Controlling Access to Systems and Files

You created the rsa private/public key pair to be used by ssh. Can you find these keys? Yes, they are in the .ssh directory.

4. Copy your rsa public key to the remote system and store it in jholt’s .ssh directory. jholt@s11-server1:~$ scp .ssh/id_rsa.pub jholt@s11- \

desktop:id_rsa.pub

Note: Type yes for any RSA-related message.

Password: Newpass1

id_rsa.pub 100% |*************| 399 00:00 jholt@s11-server1:~$ ssh s11-desktop

Password: Newpass1

Last login: Mon Aug 4 18:34:41 2014 from s11-server1.myd Oracle Corporation SunOS 5.11 11.2 June 2014 jholt@s11-desktop:~$ ls

id_rsa.pub ... jholt@s11-desktop:~$ mkdir -p .ssh jholt@s11-desktop:~$ cat ./id_rsa.pub >> .ssh/authorized_keys jholt@s11-desktop:~$ rm ./id_rsa.pub

.pub means that it is the public key and it must be placed in the

.ssh/authorized_keys file. This public key will be used by the Sol11-Desktop host to authenticate your incoming ssh connection.

5. Exit Sol11-Desktop and log back in by using the ssh command to see the rsa prompt. jholt@s11-desktop:~$ exit

logout

Connection to s11-desktop closed. jholt@s11-server1:~$ ssh s11-desktop

Enter passphrase for key '/export/home/jholt/.ssh/id_rsa':

passphrase

Last login: Mon Aug 4 18:36:23 2014 from s11-server1.myd Oracle Corporation SunOS 5.11 11.2 June 2014 jholt@s11-desktop:~$ exit

logout

Connection to s11-desktop closed.

This demonstrates that your rsa public key is functioning. It is supposed to ask you for the passphrase that you specified when you created the rsa key.

6. Repeat Steps 3–6 for the dsa pair of the private/public keys. These steps are listed here as a reminder.

jholt@s11-server1:~$ ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key

(/export/home/jholt/.ssh/id_dsa): <Press Enter Key> Enter passphrase (empty for no passphrase): passphrase Enter same passphrase again: passphrase

Your identification has been saved in /export/home/jholt/.ssh/id_dsa.

Your public key has been saved in /export/home/jholt/.ssh/id_dsa.pub. The key fingerprint is:

db:e4:3e:50:19:cd:b2:85:bf:b6:ea:d7:25:81:c2:f2 jholt@s11- server1

jholt@s11-server1:~$ scp ./.ssh/id_dsa.pub jholt@s11-

desktop:id_dsa.pub

Enter passphrase for key '/export/home/jholt/.ssh/id_rsa':

passphrase

id_dsa.pub 100% |*****************************| 607 00:00

jholt@s11-server1:~$ ssh s11-desktop

Enter passphrase for key '/home/jholt/.ssh/id_rsa': passphrase Last login: Mon Aug 4 18:44:25 2014 from s11-server1.myd Oracle Corporation SunOS 5.11 11.2 June 2014 jholt@s11-desktop:~$ ls

id_dsa.pub …

jholt@s11-desktop:~$ cat ./id_dsa.pub >> .ssh/authorized_keys jholt@s11-desktop:~$ rm ./id_dsa.pub

jholt@s11-desktop:~$ exit

Connection to s11-desktop closed.

Currently, you have created the rsa and dsa pairs of keys. The private keys are on your Sol11-Server1 system and the public keys have been transmitted and stored on the remote system for authentication.

7. Use the ssh command to log in to the Sol11-Desktop machine. When prompted for the rsa key passphrase, do not supply the value. Just press the Enter key, but provide the

password for the dsa key prompt.

jholt@s11-server1:~$ ssh s11-desktop

Enter passphrase for key '/export/home/jholt/.ssh/id_rsa': Press

Enter Key

Enter passphrase for key '/export/home/jholt/.ssh/id_dsa':

passphrase

Last login: Mon Aug 4 18:46:03 2014 from s11-server1.myd Oracle Corporation SunOS 5.11 11.2 June 2014 jholt@s11-desktop:~$ exit

logout

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Controlling Access to Systems and Files

You exited from the ssh session to start the next task clean. jholt@s11-server1:~$ exit

logout

oracle@s11-server1:~#

Now when you ssh to Sol11-Desktop, you are prompted for the rsa and the dsa passphrases.

Now you know that users can create their own ssh authentication keys and manage the authentication process by using passphrases.