SSH - settings for connecting to a remote server

By kimot, 29 September, 2023

If you have to connect to remote server via ssh with public key authentication.
- you will need ssh key pair
- install public key on remote server
- configure your ssh settings

 

Best way to generate key pair is to use ssh-keygen utility: 
ssh-keygen -t rsa -b 4096 
ssh-keygen -t dsa 
ssh-keygen -t ecdsa -b 521 
ssh-keygen -t ed25519 


these are four examples to generate public/private key pair with different algorithm and key size. Private key can contain passphrase, which will be required each time it is used.
The public key must be installed on the remote ssh server.
Private key must be stored on your server from which you will establish the connection. 

If only one user will use this key, then it is best to store it in their home directory:
/home/specific_user_name/.ssh/id_rsa

if this key will be used by multiple users:
/QOpenSys/QIBM/ProdData/SC1/OpenSSH/key_store/id_rsa

It's important to setup correct authority for this private key:
chmod 600 id_rsa

In the next step, you should ensure that the public key is correctly installed on the remote server.

Subsequently, the configuration of the local ssh must be modified.

There are two options.

If you plan to use this login only for you. You must correctly setup AS/400 profile and config file in home directory (for example)

                         Display User Profile - Basic       
                                                            
User profile . . . . . . . . . . . . . . . :   ADMIN       
                                                            
Home directory . . . . . . . . . . . . . . :   /home/admin

then setup his home directory

mkdir /home/admin
chmod 755 /home/admin
touch ~/.ssh/config 
chmod 600 ~/.ssh/config

Configure config file

EDTF '/home/admin/.ssh/config'

In this case there are two servers defined in config file

  ************Beginning of data**************  
 Host server1                                   
     HostName server1.domain.com                           
     User admin                               
     IdentityFile ~/.ssh/id_rsa                
     LogLevel=debug3                           
                                               
 Host server2                                    
     HostName ibmserver.local                            
     User superadmin                              
     IdentityFile ~/.ssh/id_rsa_4096           
     LogLevel=debug3                           
  ************End of Data********************

After this configuration you can try first connection :
ssh server1
server1.domain.com will be connected as user admin
LogLevel=debug3 means that a detailed message about the login process is displayed on the screen.

If you plan to share key with multiple users, then you have to put private key somewhere outside your /home directory:
/QOpenSys/QIBM/ProdData/SC1/OpenSSH/key_store

Then set the key in the global ssh configuration:

EDTF '/QOpenSys/QIBM/UserData/SC1/OpenSSH/etc/ssh_config' 
IdentityFile /QOpenSys/QIBM/ProdData/SC1/OpenSSH/key_store/id_rsa