Configure Key-Based Authentication for SSH

Introduction

In this challenge, you will configure key-based authentication for SSH, which is a more secure alternative to password-based authentication. You will generate a public-private key pair, authorize the public key on the server, and configure the SSH service to allow connections using the key. This will enable you to log in to the SSH server without a password, enhancing security and convenience.

Generate a Public-Private Key Pair

The first step is to create a cryptographic key pair. This pair consists of a private key, which you must keep secret, and a public key, which you will place on the server to authorize access.

Tasks

• Generate a new RSA public-private key pair using the ssh-keygen command.

Requirements

• Switch to the testuser account before generating the key pair.
• Generate the key pair as the testuser user.
• Use the default file location when prompted (/home/testuser/.ssh/id_rsa).
• Do not set a passphrase for the private key (press Enter when prompted for a passphrase).

Getting Started

First, switch to the testuser account:

su - testuser
## Password: testuser123

Example

After generating the key pair, you can list the files in the ~/.ssh directory to see your new keys.

$ ls -l ~/.ssh
total 8
-rw------- 1 testuser testuser 3401 Aug 19 03:49 id_rsa
-rw-r--r-- 1 testuser testuser  759 Aug 19 03:49 id_rsa.pub

The id_rsa file is your private key, and id_rsa.pub is your public key.

Authorize Public Key and Configure SSH Server

Now that you have a key pair, you must configure the server. This involves two main actions: adding your public key to the list of authorized keys and ensuring the SSH service is configured to accept key-based authentication.

Prerequisites

Make sure you are still logged in as the testuser account. If not, switch to it:

su - testuser
## Password: testuser123

Tasks

• Copy your public key to the ~/.ssh/authorized_keys file.
• Set the correct file permissions for ~/.ssh/authorized_keys.
• Modify the SSH server configuration file (/etc/ssh/sshd_config) to enable public key authentication.
• Reload the SSH service to apply the configuration changes.

Requirements

• The file ~/.ssh/authorized_keys must be created and contain the content of your public key (~/.ssh/id_rsa.pub).
• The permissions for ~/.ssh/authorized_keys must be 600.
• In /etc/ssh/sshd_config, PubkeyAuthentication must be uncommented and set to yes.
• The SSH service configuration must be reloaded using sudo pkill -HUP sshd.

Hints

• You can use the cat command with output redirection (>>) to add the key to the authorized_keys file.
• Use the chmod command to set file permissions.
• The testuser has sudo privileges to edit /etc/ssh/sshd_config and to reload the sshd service.
• Since systemctl is not available in this container environment, use pkill to send a HUP signal to the sshd process, which causes it to reload its configuration.

Example

After completing these steps, you should be able to log into localhost using your SSH key without being prompted for a password.

$ ssh testuser@localhost "echo Login successful"
Login successful

Summary

In this challenge, you learned how to enhance SSH security by configuring key-based authentication. You generated a public-private key pair, authorized the public key on the server by adding it to the authorized_keys file, and modified the SSH server configuration to enable this secure authentication method. By completing this challenge, you have gained a fundamental skill for securely managing remote systems.