1) adjust your firewall to allow ssh port 22
menu>administration>firewall
2) open a terminal change into .ssh then create a new private/public key(save the artwork as well).
cd .ssh
ls -l
ssh-keygen -t rsa -f /home/justin/.ssh/id_rsa -C ' '
gvim artwork <--copy/paste your key artwork from the screen then save -->
optional artwork from the default:
ssh-keygen -lv -f /etc/ssh/ssh_host_rsa_key >> artwork
3) add the key to the database then create authorized_keys. After creating the file(s) then create a compressed image of everything to be transferred over to the other host system either by disk drive or scp whatever you prefer.
ssh-add id_rsa
ssh-add -l
ls -l
cp id_rsa.pub authorized_keys
tar -cf ssh_key_pub.tar artwork authorized_keys id_rsa id_rsa.pub
ls -l
4) using the other machine, use scp to copy the image of files the uncompress and add the key to the database.
scp justin@10.0.0.17:/home/justin/.ssh/ssh_key_pub.tar .
ls -l
tar -xf ssh_key_pub.tar
ls -l
ssh-add id_rsa
NOTE: for whatever reason I hit some connection issue with scp, strange thing is everything worked as it should.
(BUGGY)
5) adjust the config file(s) so you can be using RSA authentication
su
gvim /etc/ssh/sshd_config
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile /home/justin/.ssh/authorized_keys
PasswordAuthentication no
/etc/ssh/ssh_config
RhostRSAAuthentication yes
RSAAuthentication yes
PasswordAuthentication no
VisualHostKey yes
save and exit.
6) restart sshd and login
su
service sshd restart
ssh justin@10.0.0.17|3 etc..
NOTE: the first login seems to have /usr/libexec/gcr-prompter in of which requires the password you used for the RSA keyfile, after giving the password click on the box on the bottom to remember. after the initial login all other login(s) are without a password. still need to figure out why gcr-prompter fires off.
hope this helps anybody having issues with this.
Awesome post. LOve to see your captions Justin P. Mattock.
ReplyDeleteVPN For Linux
cool, thanks!
Delete