 |
 |
 |
-
(3) Configuring the SSH server with the public key
When the SSH client initiates client authentication (by sending a public key and a signature to the SSH server), then the SSH server must be able to verify that it has been configured with the same public key that it receives from the client.
Therefore, the next step is to configure the SSH server with the public key. Two substeps are required:
You must transfer the public key file that you extracted in the previous step to the host on which the SSH server resides. Although this is a public key, you should choose a secure method for transferring the public key file. For example, you can use a secure FTP (sftp) session, or you can put the file on some physical media (such as a diskette) and have the media securely transferred.
Depending on the platform, on the SSH server implementation, and on the SSH server configuration, each SSH server can have somewhat different requirements for configuring the public key. Consult the system administrator of your SSH server for the requirements.
As an example, in the OpenSSH porting of SSH available on Red Hat Linux 8.0,
by default the public key is appended to the file
$HOME/.ssh/authorized_keys,
where $HOME is the home directory
of the user ID to which the SSH client logs on.
For example, if you configure the SSH client with
a user ID of
user1,
then the path for the
authorized_keys
file could be:
/home/user1/.ssh/authorized_keys.
Here is how you could perform the steps
involved in configuring the SSH server
on a system running Red Hat Linux 8.0.
(This information is for illustration purposes only.
Your SSH server may not require the same settings,
even if the platform is Red Hat Linux 8.0).
The red numerals (such as 1)
refer to lines in the console listing further below.
user1
on the host on which the SSH server resides
(see 1).
user1
(see 2).
.ssh under
/home/user1
(see 3).
.ssh
(see 4).
.ssh
to rwx------
(see 5).
.ssh
(see 6).
.ssh directory
(see 7).
johnkey02.id_dsa.pub
(see 8).
authorized_keys
(see 9).
If the file authorized_keys does not already exist,
this command creates it.
authorized_keys
(see 10).
authorized_keys
to rw-------
(see 11).
authorized_keys
(see 12).
johnkey02.id_dsa.pub if you want
(see 13).
Here is the console listing:
[user1@9.27.63.30]$ 1 [user1@9.27.63.30]$ cd /home/user1 2 [user1@9.27.63.30]$ mkdir .ssh 3 [user1@9.27.63.30]$ ls -la 4 drwxrwxr-x 2 user1 user1 4096 Oct 1 06:44 .ssh [user1@9.27.63.30]$ chmod 700 .ssh 5 [user1@9.27.63.30]$ ls -la 6 drwx------ 2 user1 user1 4096 Oct 1 06:44 .ssh [user1@9.27.63.30]$ cd .ssh 7 [user1@9.27.63.30]$ cp /public_keys_received/johnkey02.id_dsa.pub . 8 [user1@9.27.63.30]$ cat johnkey02.id_dsa.pub >> authorized_keys 9 [user1@9.27.63.30]$ ls -l 10 -rw-rw-r-- 2 user1 user1 4096 Oct 1 07:54 authorized_keys -rwxr-xr-x 2 user1 user1 4096 Oct 1 07:54 johnkey02.id_dsa.pub [user1@9.27.63.30]$ chmod 600 authorized_keys 11 [user1@9.27.63.30]$ ls -l 12 -rw------- 2 user1 user1 4096 Oct 1 07:54 authorized_keys -rwxr-xr-x 2 user1 user1 4096 Oct 1 07:54 johnkey02.id_dsa.pub [user1@9.27.63.30]$ rm johnkey02.id_dsa.pub 13
|
|
|