Help Center> Cloud Bastion Host> FAQs> User, Resource, and Policy Configuration in a CBH System> System Configuration> How Do I Configure an SSH Key for Logging In to a Managed Host?
Updated on 2022-11-30 GMT+08:00

How Do I Configure an SSH Key for Logging In to a Managed Host?

A CBH system allows you to configure SSH keys for logging in to managed hosts. After an SSH key is configured for a host, the SSH keys are verified preferentially.

Generating an SSH Key

  1. Generate an SSH authentication key.

    Log in to the host and run the following command to generate an SSH key:

    ssh-keygen –t rsa

    The command output is as follows:

    [root@Server ~]# ssh-keygen -t rsa
    Generating public/private rsa key pair.
    You can configure the SSH key file name and password as required. The following is an example of the command output:
    Enter file in which to save the key (/root/.ssh/id_rsa): Leave this parameter blank or enter the name of the file to be generated. The file is saved in the /root/.ssh directory.
    Enter passphrase (empty for no passphrase): Leave this parameter blank or enter a password as required.
    Enter same passphrase again: Confirm the password.
    Your identification has been saved in /home/fdipzone/.ssh/id_rsa.
    Your public key has been saved in /home/fdipzone/.ssh/id_rsa.pub.
    The key fingerprint is: f2:76:c3:6b:26:10:14:fc:43:e0:0c:4d:51:c9:a4:b2 root@Server
    The key's randomart image is:
    +--[ RSA 2048]----+
    |    .+=*         |
    |  .  += +        |
    |   o   +         |
    |  E . . o        |
    |    .S.          |
    |      .o .       |
    |       . +       |
    |       ..        |
    |       . +.      |
    +-----------------+

    -t rsa indicates that the RSA algorithm is used for encryption. DSA algorithm can also be used, and the command is as follows:

    ssh-keygen -t dsa

  2. Run the following command to view the SSH key file:

    cd /root/.ssh (directory for storing files)/

    In the directory where the SSH key file of the current user is stored, view the generated private key file id_rsa and public key file id_rsa.pub. After the password is configured, you can also view the private key password key and public key password key.pub.

    Information similar to the following is displayed:

    [root@Server ~]# cd /root/.ssh/
    [root@Server ~]# ll
    total 16
    -rw------- 1 root root    0 Oct 14 15:47 authorized_keys
    -rw------- 1 root root 1679 Nov 15 09:45 id_rsa
    -rw------- 1 root root  430 Nov 15 09:45 id_rsa.pub
    -rw------- 1 root root 1766 Nov 15 09:48 key
    -rw------- 1 root root  430 Nov 15 09:48 key.pub

  3. In the /.ssh directory of the current user, run the following command to copy the public key content to the authorized_keys file:

    cat id_rsa.pub >>authorized_keys

  4. Enable the SSH key login authentication.

    1. Run the following command and modify the sshd_config configuration file for RSAAuthentication and PubkeyAuthentication to take effect and authorize SSH key authentication:

      vim /etc/ssh/sshd_config

    2. Press Esc, enter :wq!, and press Enter to save the modification and exit.
    3. Run the following command to restart the SSHD service:

      service sshd restart

      The process is successfully restarted if the following command output is displayed.

      Redirecting to /bin/systemctl restart sshd.service

Configuring SSH Key Information

  1. Log in to the CBH system.
  2. Choose Resource > Host. On the displayed page, create a host resource for which an SSH key has been generated.

    You can click Manage to add an account for the managed host on the host details page.

  3. Click New to create the SSH host resource, and configure the host Account and Password on the Add Account page.

    Figure 1 Configuring SSH Key

  4. Copy the content of the id_rsa private key file and the private key password, and configure SSH Key and passphrase.

    passphrase is optional. If passphrase is not configured:

    • You do not need to enter the password for logging in to the host when no private key password is generated.
    • You need to enter the private key password each time you log in to the host when the private key password is generated.

  5. Click OK to add an account with the SSH key configured to the host resource.

    • When importing host resources in batches, enter the correct SSH key private key and passphrase. Do not enter unnecessary characters or spaces.
    • You are advised to configure only the host account and password for host resources to be imported in batches. After the host resources are imported to the CBH system, change the account and add the private key and password.

  6. Configure ACL rules.

    Grant the host account configured with the SSH key to users.

  7. Log in to the host as an authorized user.

System Configuration FAQs

more