Tuesday, 17 May 2016

Setting up a keypair for SSH authentication in CentOS 7

We should firstly generate our RSA key pair for the server we wish to remote from:

ssh-keygen -t rsa -b 2048

We should end up with a public key here:

~/.ssh/id_rsa.pub

and a private key in here:

~/.ssh/id_rsa

We now need to place our public key on the remote server so it will allow us to login from the origin server:

vi ~/.ssh/authorized_keys

and copy the relevant output of ~/.ssh/id_rsa.pub (from the master server.)

and then attempt to login to the remote server:

ssh root@remote-server

I received the following error message after attempting to login on CentOS 7:

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

So to debug this issue we can run the SSH daemon in debug mode:

vi /etc/sysconfig/sshd

and add: OPTIONS="-ddd"

and then restart the SSH daemon:

systemctl restart sshd

and observe the output with tail or something similar:

tail -f /var/log/messages

After reviewing the output I noticed 'key_read missing keytype' - after reviewing the 'authorized_keys' file on the remote server it was immediately obvious what was wrong - the two keys were missing a linebreak between them - lesson learnt!

0 comments:

Post a comment