I needed to set up key based, rather than password based, access to SUSE Linux Enterprise Server. It\u2019s more secure because it uses a public\/private key pair rather than a password. The user\u2019s private key is stored on the client. The private key for the user is stored on the Linux machines. When they connect using an SSH client there is no need to enter a password. You can optionally (and it\u2019s recommended) store a passphrase with the private key so that it cannot be used without knowing the private key.<\/p>\n
The solutions starts at the client. I normally used Putty but I couldn\u2019t get it to work properly with this type of solution. Instead I turned to Poderosa<\/a>. Using it I create a public and private key pair. From there I saved the public key in OpenSSH format and the private key.<\/p>\n Save the private key somewhere safe, e.g. a backed up location on your PC or on your home drive on a file server. Make sure the location is secure.<\/p>\n Now you need to copy the text of the public key. Note that it is a single line. Log into the SLES machine and browse to your home directory. For example:<\/p>\n Use a text editor (like vi) to create a file called authorized_keys in that home directory. Copy the text from your private key and paste it into the file. Save it.<\/p>\n You now need to enable SSH to allow logons using keys. The configuration for SSH is stored in a text file: \/etc\/ssh\/sshd_config. Edit that and you\u2019ll have a few entries to modify. We\u2019ll start by allowing public keys to be used for authentication. This is done by setting PubkeyAuthentication to \u201cyes\u201d. I had to remove the # (comment\/remark) symbol from the start of the line.<\/p>\n PubkeyAuthentication yes<\/p>\n I restarted the SSH daemon or service by running rcsshd restart. That\u2019s required to load the new settings for authentication. <\/p>\n I configured the SSH client to log in as my user to this server with my private copy of the key. I started the connection and I was logged in without using a password. It authenticated me using the private key (and the passphrase for the key if you set it).<\/p>\n Now it is possible to disable log via SSH on using passwords. You\u2019ll do this to force people to us their private key instead of a weaker password that could be subject to brute force attacks.<\/p>\n The first is to change PasswordAuthentication to have a value of \u201cno\u201d. You may need to remove the comment\/remark symbol of # from the start of the line. I also found that I had to set UsePam to a value of \u201cno\u201d. That meant these two lines were in the file in different locations:<\/p>\n PasswordAuthentication no<\/p>\n UsePam no<\/p>\n Again I restarted SSH using rcsshd restart. Now I tested two things:<\/p>\n Perfect. Now I can use SSH to log into the Linux box without the worry of weak passwords being used by users on the machine. They are forced into using stronger public\/private key pairs. And I can sleep safe knowing that the machine is not vulnerable to brute force password attacks.<\/p>\n I needed to set up key based, rather than password based, access to SUSE Linux Enterprise Server. It\u2019s more secure because it uses a public\/private key pair rather than a password. The user\u2019s private key is stored on the client. The private key for the user is stored on the Linux machines. When they connect … Continue reading “Setting Up Public Key Based SSH Access To SLES”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[24],"tags":[184,190],"class_list":["post-10283","post","type-post","status-publish","format-standard","hentry","category-linux","tag-linux","tag-security"],"aioseo_notices":[],"jetpack_featured_media_url":"","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/10283","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10283"}],"version-history":[{"count":0,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/10283\/revisions"}],"wp:attachment":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10283"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10283"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10283"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n