1.1 SSH-keys

SSH and key-based authentication

Connectivity to your Virtual Machine or VM is important if you want to get started. For this you will need to connect from your own machine to the VM with the following SSH command:

ssh -p $PORT_NUMBER $USER_NAME@$MACHINE_NAME
# For example:
ssh -p 33 root@machine11

Command	Options	Arguments
ssh	-p 33	root@rhcsa

To get to your VM we first need to go to our Bastion server. A Bastion is a type of stepping stone server that guards the inner network from the outside internet. For more information on Bastion Hosts check out the Wikipedia article on Bastion hosts.

You can connect to our Bastion with the following command:

ssh greater@rhcsa-0.uksouth.cloudapp.azure.com

This attempts to establish a connection to the hypervizor rhcsa-0.uksouth.cloudapp.azure.com server with ssh on port 22 connecting with user grearer. The Hypervizor should ask you for a password.

It should look like this:

fdrost@Fonss-MacBook-Pro:~$ ssh greater@rhcsa-0.uksouth.cloudapp.azure.com
Last login: Wed Jul  6 20:08:55 2022 from 84.106.118.154

   _____  _____   ______         _______  ______  _____  
  / ____||  __ \ |  ____|    /\ |__   __||  ____||  __ \ 
 | |  __ | |__) || |__      /  \   | |   | |__   | |__) |
 | | |_ ||  _  / |  __|    / /\ \  | |   |  __|  |  _  / 
 | |__| || | \ \ | |____  / ____ \ | |   | |____ | | \ \ 
  \_____||_|  \_\|______|/_/    \_\|_|   |______||_|  \_\
 
  _________                                                 
 |_________|
 
Welcome to rhcsa.greateracademy.local
You are logged in as: greater

To start your student VM:  gstart 
To replace your student VM:  greplace  (everything you have done will be lost!!!)
To connect to your VM:  gssh  ,  ssh greater@192.168.56.200  or  ssh rhcsa  with password greater.
To connect to the console of your VM:  gconsole 

greater@rhcsa:~$ 

From the Bastion server you can use SSH to connect to your own machine using the following command:

ssh greater@rhcsa

The server will ask for a password, this password should be greater.

If you know the VM’s IP address you can also use the IP address to connect this is an example since the IP address wil change every course.

ssh greater@20.0.18.213

If you want to disconnect from the VM just use the command exit. This will also allow you to disconnect from the Bastion.

Key-based Authentication

Next we will connect to your VM without using any credentials by using an SSH Key Pair. To do this you will have to create your own key pair using the ssh-keygen command.

Create an SSH Key pair on your laptop or pc using no passphrase with ssh-keygen.

The terminal will ask you a few pieces of information:

Where you want to save the key.
What passphrase you want to use.
A confirmation of the passphrase you used.

For our purposes the defaults are all fine, so you can just press ENTER three times.

When you are done, your terminal should respond with something similar to the output below.

[fdrost@Fonss-MacBook-Pro:~$ ~]$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/fdrost/.ssh/id_rsa): 
Created directory '/home/fdrost/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/fdrost/.ssh/id_rsa.
Your public key has been saved in /home/fdrost/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:NtK/6ZwUA2OMDUGFfhO/uRIF7M4NYUKDyD/N/eZ8+r0 fdrost@Fonss-MacBook-Pro
The key's randomart image is:
+---[RSA 2048]----+
| . . +*=.        |
|  o . o**        |
|   . +.=*=       |
|    o +o*oo      |
|     ..+S*oo     |
|       o+o*o     |
|         =o.     |
|        .o++..   |
|         oB+. E. |
+----[SHA256]-----+

You have now created a private key and public key:

Location	File Name	Type
~/.ssh/	id_rsa.pub	Public Key
~/.ssh/	id_rsa	Private Key

The ~ represents your user home directory. This may be different depending on the operating system you use, but using ~/.ssh/ to represent your directory will work with all modern operating systems.

To be able to use your SSH key to authenticate you will have to send your Public Key to your VM by using the ssh-copy-id command.

ssh-copy-id greater@rhcsa-[##].uksouth.cloudapp.azure.com

This will attempt to send your public key to the rhcsa-[##].uksouth.cloudapp.azure.com server where [##] should be replaced by your student number. It will tell your machine to associate that public key with the greater account. The server will ask you for the VM password.

When you run this command your output should look similar to this:

fdrost@Fonss-MacBook-Pro:~$ ssh-copy-id greater@rhcsa-1.uksouth.cloudapp.azure.com
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/fdrost/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
greater@rhcsa-1.uksouth.cloudapp.azure.com's password: 

Number of key(s) added:        1

Now try logging into the machine, with:   "ssh greater@rhcsa-1.uksouth.cloudapp.azure.com"
and check to make sure that only the key(s) you wanted were added.

fdrost@Fonss-MacBook-Pro:~$

You should now be able to log in to your VM server without a password. To check this you can use SSH from the Bastion and attemp to connect to your own VM.

ssh greater@rhcsa