Security analyst normally have many machines they need access too just as system administrators do, so why not set up automatic login over SSH with pki keys to speed up the process? This blog post will show you how easy it is to set up this secure method of authentication.
Configuring SSH to use key for login
For this to work we need to configure both ends of the connection, both the local host and the remote host. It is crucial to pay close attention to which host you are performing the configuration changes on. Let’s get started by connecting to both hosts via SSH with your normal user account, it is easyier if you have the same account name on both hosts. Once you are logged in to both systems jump into the local host so you can create the RSA key, use the following command, take the default file name and a blank password by hitting enter:
ssh-keygen -t rsa
Now change over to the remote host and make sure you have a directory for SSH, if not create one (pay attention to the period in front of ssh):
cd ~ mkdir .ssh
Now lets switch back to the local host so we can securely move the public key over to the remote host via SSH:
cd ~ cat .ssh/id_rsa.pub | ssh username@remote-ip 'cat >> .ssh/authorized_keys'
Now switch back to the remote host and make sure the permissions are correct on the files and directory:
cd ~ chmod 700 .ssh cd .ssh chmod 640 authorized_keys
That’s all there is to the configuration, just copy over the public key to other hosts you need to access and make sure the file and directory permissions are correct.
Testing the SSH configuration
Time to test the configuration and see if it works correctly. To do this we will perform four simple tests:
- remote login
- execute a remote command
- copy a file to the remote system
- retrieve a file from the remote system
Lets start with the remote login, I have added entries to the /eetc/hosts file for the remote host to make this easier:
Executing this command will automatically log you into the remote system. On the first login you may get a warning about not being able to verify the host, this is normal with a self signed key pair, just accept it by hitting y for yes. Now lets execute a remote command:
ssh eda@dallas df -h
Executing this command will return the disk usage on the remote host. Now lets run the last two tests by moving a file between the two hosts. Start by creating a file called test-file-local on the local machine then create a file called test-file-remote on the remote host. Execute the following command to move the files:
<LOCAL HOST> scp test-file-local eda@dallas: <REMOTE HOST> scp eda@dallas:test-file-remote /home/eda
That’s all there is to it, you can now login, execute commands and move files between Linux hosts.
If you have questions feel free to ask them in the comments below. I hope you enjoyed this blog post, if you did please take a moment and give it a like. I enjoy doing tutorials and how-to’s on cyber security topics and as long as they are popular I’ll keep doing them.
- SSH, The Secure Shell: The Definitive Guide
- Vi and Vim Editors Pocket Reference
- Learning the bash shell
- Mastering CentOS 7 Linux Server
Some of the links we provide on the site are affiliate links and your use of that link provides this site with needed funding to provide this free content; and we greatly appreciate it! Without your support we could not sustain the site.