Tutorial on configuring the SSH client

Back Home Next
 

Topic Topic 5 - (3) Configuring the SSH server with the public key

When the SSH client initiates client authentication (by sending a public key and a signature to the SSH server), then the SSH server must be able to verify that it has been configured with the same public key that it receives from the client.

Therefore, the next step is to configure the SSH server with the public key. Two substeps are required:

Transferring the public key file to the host

You must transfer the public key file that you extracted in the previous step to the host on which the SSH server resides. Although this is a public key, you should choose a secure method for transferring the public key file. For example, you can use a secure FTP (sftp) session, or you can put the file on some physical media (such as a diskette) and have the media securely transferred.

Configuring the SSH server with the public key

Depending on the platform, on the SSH server implementation, and on the SSH server configuration, each SSH server can have somewhat different requirements for configuring the public key. Consult the system administrator of your SSH server for the requirements.

As an example, in the OpenSSH porting of SSH available on Red Hat Linux 8.0, by default the public key is appended to the file $HOME/.ssh/authorized_keys, where $HOME is the home directory of the user ID to which the SSH client logs on. For example, if you configure the SSH client with a user ID of user1, then the path for the authorized_keys file could be:
/home/user1/.ssh/authorized_keys.

Here is how you could perform the steps involved in configuring the SSH server on a system running Red Hat Linux 8.0. (This information is for illustration purposes only. Your SSH server may not require the same settings, even if the platform is Red Hat Linux 8.0). The red numerals (such as 1) refer to lines in the console listing further below.

Here is the console listing:

[user1@9.27.63.30]$                                                  1
[user1@9.27.63.30]$ cd /home/user1                                   2
[user1@9.27.63.30]$ mkdir .ssh                                       3
[user1@9.27.63.30]$ ls -la                                           4
drwxrwxr-x    2 user1    user1            4096 Oct 1 06:44 .ssh       
[user1@9.27.63.30]$ chmod 700 .ssh                                   5
[user1@9.27.63.30]$ ls -la                                           6
drwx------    2 user1    user1            4096 Oct 1 06:44 .ssh       
[user1@9.27.63.30]$ cd .ssh                                          7
[user1@9.27.63.30]$ cp /public_keys_received/johnkey02.id_dsa.pub .  8
[user1@9.27.63.30]$ cat johnkey02.id_dsa.pub >> authorized_keys      9
[user1@9.27.63.30]$ ls -l                                           10
-rw-rw-r--    2 user1     user1           4096 Oct 1 07:54 authorized_keys         
-rwxr-xr-x    2 user1     user1           4096 Oct 1 07:54 johnkey02.id_dsa.pub     
[user1@9.27.63.30]$ chmod 600 authorized_keys                       11
[user1@9.27.63.30]$ ls -l                                           12
-rw-------    2 user1     user1           4096 Oct 1 07:54 authorized_keys        
-rwxr-xr-x    2 user1     user1           4096 Oct 1 07:54 johnkey02.id_dsa.pub     
[user1@9.27.63.30]$ rm johnkey02.id_dsa.pub                         13

Back Home Next