Topic - (3) Configuring the SSH server with the public key
When the SSH client initiates client authentication (by sending a public key and a signature to the SSH server), then the SSH server must be able to verify that it has been configured with the same public key that it receives from the client.
Therefore, the next step is to configure the SSH server with the public key. Two substeps are required:
- Transfer the public key file to the host on which the SSH server resides.
- Configure the SSH server with the public key.
Transferring the public key file to the host
You must transfer the public key file that you extracted in the previous step to the host on which the SSH server resides. Although this is a public key, you should choose a secure method for transferring the public key file. For example, you can use a secure FTP (sftp) session, or you can put the file on some physical media (such as a diskette) and have the media securely transferred.
Configuring the SSH server with the public key
Depending on the platform, on the SSH server implementation, and on the SSH server configuration, each SSH server can have somewhat different requirements for configuring the public key. Consult the system administrator of your SSH server for the requirements.
As an example, in the OpenSSH porting of SSH available on Red Hat Linux 8.0, by default the public key is appended to the file
$HOME/.ssh/authorized_keys
, where
$HOME
is the home directory of the user ID to which the SSH client logs on. For example, if you configure the SSH
client with a user ID of
user1
, then the path for the
authorized_keys
file could be:
/home/user1/.ssh/authorized_keys
.
Here is how you could perform the steps involved in configuring the SSH server on a system running Red Hat Linux 8.0. (This
information is for illustration purposes only. Your SSH server may not require the same settings, even if the platform is Red Hat
Linux 8.0). The red numerals (such as
1
) refer to lines in the console listing further below.
- You are logged on as
user1
on the host on which the SSH server resides (see1
). - You change to the home directory for
user1
(see2
). - You create the directory
.ssh
under/home/user1
(see3
). - You check the permission settings for
.ssh
(see4
). - You change the permission settings for
.ssh
torwx------
(see5
). - You verify the new permission settings for
.ssh
(see6
). - You change to the
.ssh
directory (see7
). - You retrieve the public key file
johnkey02.id_dsa.pub
(see8
). - You append the public key file to the file
authorized_keys
(see9
). If the fileauthorized_keys
does not already exist, this command creates it. - You check the permission settings for
authorized_keys
(see10
). - You change the permission settings for
authorized_keys
torw-------
(see11
). - You verify the new permission settings for
authorized_keys
(see12
). - You can delete
johnkey02.id_dsa.pub
if you want (see13
).
Here is the console listing:
[user1@9.27.63.30]$
1
[user1@9.27.63.30]$ cd /home/user1
2
[user1@9.27.63.30]$ mkdir .ssh
3
[user1@9.27.63.30]$ ls -la
4
drwxrwxr-x 2 user1 user1 4096 Oct 1 06:44 .ssh
[user1@9.27.63.30]$ chmod 700 .ssh
5
[user1@9.27.63.30]$ ls -la
6
drwx------ 2 user1 user1 4096 Oct 1 06:44 .ssh
[user1@9.27.63.30]$ cd .ssh
7
[user1@9.27.63.30]$ cp /public_keys_received/johnkey02.id_dsa.pub .
8
[user1@9.27.63.30]$ cat johnkey02.id_dsa.pub >> authorized_keys
9
[user1@9.27.63.30]$ ls -l
10
-rw-rw-r-- 2 user1 user1 4096 Oct 1 07:54 authorized_keys
-rwxr-xr-x 2 user1 user1 4096 Oct 1 07:54 johnkey02.id_dsa.pub
[user1@9.27.63.30]$ chmod 600 authorized_keys
11
[user1@9.27.63.30]$ ls -l
12
-rw------- 2 user1 user1 4096 Oct 1 07:54 authorized_keys
-rwxr-xr-x 2 user1 user1 4096 Oct 1 07:54 johnkey02.id_dsa.pub
[user1@9.27.63.30]$ rm johnkey02.id_dsa.pub
13