# 1.1 SSH-keys ## SSH and key-based authentication Connectivity to your Virtual Machine or VM is important if you want to get started. For this you will need to connect from your own machine to the VM with the following SSH command: ```bash ssh -p $PORT_NUMBER $USER_NAME@$MACHINE_NAME # For example: ssh -p 33 root@machine11 ``` | Command | Options | Arguments | |:--------|:--------|:---------------| | ssh | -p 33 | root@rhcsa | To get to your VM we first need to go to our Bastion server. A Bastion is a type of stepping stone server that guards the inner network from the outside internet. For more information on [Bastion Hosts](https://en.wikipedia.org/wiki/Bastion_host) check out the Wikipedia article on Bastion hosts. You can connect to our Bastion with the following command: ```bash ssh greater@rhcsa-0.uksouth.cloudapp.azure.com ``` This attempts to establish a connection to the hypervizor `rhcsa-0.uksouth.cloudapp.azure.com` server with `ssh` on port `22` connecting with user `grearer`. The Hypervizor should ask you for a password. It should look like this: ```bash fdrost@Fonss-MacBook-Pro:~$ ssh greater@rhcsa-0.uksouth.cloudapp.azure.com Last login: Wed Jul 6 20:08:55 2022 from 84.106.118.154 _____ _____ ______ _______ ______ _____ / ____|| __ \ | ____| /\ |__ __|| ____|| __ \ | | __ | |__) || |__ / \ | | | |__ | |__) | | | |_ || _ / | __| / /\ \ | | | __| | _ / | |__| || | \ \ | |____ / ____ \ | | | |____ | | \ \ \_____||_| \_\|______|/_/ \_\|_| |______||_| \_\ _________ |_________| Welcome to rhcsa.greateracademy.local You are logged in as: greater To start your student VM: gstart To replace your student VM: greplace (everything you have done will be lost!!!) To connect to your VM: gssh , ssh greater@192.168.56.200 or ssh rhcsa with password greater. To connect to the console of your VM: gconsole greater@rhcsa:~$ ``` From the Bastion server you can use SSH to connect to your own machine using the following command: ```bash ssh greater@rhcsa ``` The server will ask for a password, this password should be `greater`. If you know the VM's IP address you can also use the IP address to connect this is an example since the IP address wil change every course. ```bash ssh greater@20.0.18.213 ``` If you want to disconnect from the VM just use the command `exit`. This will also allow you to disconnect from the Bastion. ### Key-based Authentication Next we will connect to your VM without using any credentials by using an [SSH Key Pair](https://en.wikipedia.org/wiki/Public-key_cryptography). To do this you will have to create your own key pair using the `ssh-keygen` command. Create an SSH Key pair on your laptop or pc using no passphrase with `ssh-keygen`. The terminal will ask you a few pieces of information: - Where you want to save the key. - What passphrase you want to use. - A confirmation of the passphrase you used. For our purposes the defaults are all fine, so you can just press `ENTER` three times. When you are done, your terminal should respond with something similar to the output below. ```bash [fdrost@Fonss-MacBook-Pro:~$ ~]$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/fdrost/.ssh/id_rsa): Created directory '/home/fdrost/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/fdrost/.ssh/id_rsa. Your public key has been saved in /home/fdrost/.ssh/id_rsa.pub. The key fingerprint is: SHA256:NtK/6ZwUA2OMDUGFfhO/uRIF7M4NYUKDyD/N/eZ8+r0 fdrost@Fonss-MacBook-Pro The key's randomart image is: +---[RSA 2048]----+ | . . +*=. | | o . o** | | . +.=*= | | o +o*oo | | ..+S*oo | | o+o*o | | =o. | | .o++.. | | oB+. E. | +----[SHA256]-----+ ``` You have now created a private key and public key: | Location | File Name | Type | |:----------------------|:-----------|:------------| | ~/.ssh/ | id_rsa.pub | Public Key | | ~/.ssh/ | id_rsa | Private Key | The `~` represents your user home directory. This may be different depending on the operating system you use, but using `~/.ssh/` to represent your directory will work with all modern operating systems. To be able to use your SSH key to authenticate you will have to send your Public Key to your VM by using the `ssh-copy-id` command. ```bash ssh-copy-id greater@rhcsa-[##].uksouth.cloudapp.azure.com ``` This will attempt to send your public key to the `rhcsa-[##].uksouth.cloudapp.azure.com` server where `[##]` should be replaced by your student number. It will tell your machine to associate that public key with the `greater` account. The server will ask you for the VM password. When you run this command your output should look similar to this: ```bash fdrost@Fonss-MacBook-Pro:~$ ssh-copy-id greater@rhcsa-1.uksouth.cloudapp.azure.com /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/fdrost/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys greater@rhcsa-1.uksouth.cloudapp.azure.com's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh greater@rhcsa-1.uksouth.cloudapp.azure.com" and check to make sure that only the key(s) you wanted were added. fdrost@Fonss-MacBook-Pro:~$ ``` You should now be able to log in to your VM server without a password. To check this you can use SSH from the Bastion and attemp to connect to your own VM. ```bash ssh greater@rhcsa ```