SSH : Key-Pair Authentication2023/02/22 |
Generate SSH Key-Pair and set Authentication by it.
If you like to enable SSH service always, you shoud set Key-Pair and also should disable password authentication method. |
|
[1] | Generate SSH Key-Pair on the shell. |
# create key-pair [root@ctrl:~] /usr/lib/vmware/openssh/bin/ssh-keygen Generating public/private rsa key pair. # set key-store location like follows (default on ESXi sshd_config) # for other users ⇒ /etc/ssh/keys-(username) Enter file in which to save the key (//.ssh/id_rsa): /etc/ssh/keys-root/id_rsa Enter passphrase (empty for no passphrase): # set passphrase (if set no passphrase, Enter with empty) Enter same passphrase again: Your identification has been saved in /etc/ssh/keys-root/id_rsa Your public key has been saved in /etc/ssh/keys-root/id_rsa.pub The key fingerprint is: SHA256:uk+P14mmtLzAWjrEMpisknffKeuxjcKXuwWpufTqN1c root@ctrl.srv.world The key's randomart image is: ..... .....[root@ctrl:~] ll /etc/ssh/keys-root total 16 drwxr-xr-x 1 root root 512 Feb 22 06:52 . drwxr-xr-x 1 root root 512 Feb 22 04:31 .. -rw------T 1 root root 0 Aug 23 2022 authorized_keys -rw------- 1 root root 2655 Feb 22 06:52 id_rsa -rw-r--r-- 1 root root 573 Feb 22 06:52 id_rsa.pub
[root@ctrl:~]
cat /etc/ssh/keys-root/id_rsa.pub >> /etc/ssh/keys-root/authorized_keys # to disable password input authentication method too, set like follows [root@ctrl:~] vi /etc/ssh/sshd_config # line 32 : # password authentication = no # keyboard interactive authentication = no (add the line) PasswordAuthentication no KbdInteractiveAuthentication no
/etc/init.d/SSH restart SSH login disabled SSH login enabled |
[2] | Transfer the secret key [/etc/ssh/keys-root/id_rsa] on ESXi Host to any client computer and verify SSH access with Key-Pair Authentication. |
# [id_rsa] file transfered from ESXi Host [root@localhost ~]# ll ~/.ssh total 12 -rw-------. 1 root root 2655 Feb 22 15:56 id_rsa -rw-------. 1 root root 996 Feb 22 11:13 known_hosts[root@localhost ~]# ssh root@ctrl.srv.world uname -a Enter passphrase for key '/root/.ssh/id_rsa': VMkernel ctrl.srv.world 7.0.3 #1 SMP Release build-20328353 Aug 22 2022 19:41:06 x86_64 x86_64 x86_64 ESXi |
Sponsored Link |
|