SSH Checklist
SSH Key Setup Checklist
-
Generate SSH Key Pair
- Ensure that you have generated an SSH key pair on the client machine (
system a
).- Run the following command and check for the existence of
~/.ssh/id_rsa
(private key) and~/.ssh/id_rsa.pub
(public key):bashls -l ~/.ssh/id_rsa ~/.ssh/id_rsa.pub
- Run the following command and check for the existence of
- If the keys do not exist, generate them using:
bashssh-keygen -t rsa -b 4096
- Ensure the keys have appropriate permissions (600 for private and 644 for public keys):
bashchmod 600 ~/.ssh/id_rsa chmod 644 ~/.ssh/id_rsa.pub
- Ensure that you have generated an SSH key pair on the client machine (
-
Copy Public Key to Remote Server
- Ensure that the public key has been copied to
system b
and appended to the~/.ssh/authorized_keys
file.- Use the
ssh-copy-id
command to copy the key:bashssh-copy-id username@system_b
- Alternatively, you can manually copy the contents of
~/.ssh/id_rsa.pub
to~/.ssh/authorized_keys
onsystem b
.
- Use the
- Verify that the
authorized_keys
file has the correct permissions:bashchmod 600 ~/.ssh/authorized_keys
- Make sure the
.ssh
directory has the correct permissions:bashchmod 700 ~/.ssh
- Ensure that the public key has been copied to
-
Check SSH Daemon Configuration on Remote Server
- Ensure the SSH daemon is configured to allow key-based authentication. Check
/etc/ssh/sshd_config
onsystem b
for the following settings:PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
(optional, for enforcing key-based auth only)
- Restart the SSH daemon to apply changes:
bashsudo systemctl restart sshd
- Ensure the SSH daemon is configured to allow key-based authentication. Check
-
Verify Ownership and Permissions
- Check ownership and permissions of the user's home directory on
system b
:- Ensure that the home directory and
.ssh
directory are owned by the user and have appropriate permissions:bashchown -R username:username /home/username chmod 700 /home/username/.ssh
- Ensure that the home directory and
- Check ownership and permissions of the user's home directory on
-
Ensure Correct SSH Command Usage
- Use the correct username and hostname when attempting to SSH into
system b
:bashssh username@system_b
- If using a non-standard SSH port, specify it using the
-p
option:bashssh -p <port_number> username@system_b
- Use the correct username and hostname when attempting to SSH into
-
Check SSH Agent (Optional)
- Ensure that the SSH agent is running and the key is added to it, especially if using
ssh-agent
for key management:basheval "$(ssh-agent -s)" ssh-add ~/.ssh/id_rsa
- Verify the keys added to the agent:
bashssh-add -l
- Ensure that the SSH agent is running and the key is added to it, especially if using
-
Review SSH Debugging Output
- Use the
-v
option with the SSH command to enable verbose mode, which can provide detailed debugging information:bashssh -v username@system_b
- Look for lines indicating whether the key is being offered and any errors that may indicate why the key is being rejected.
- Use the
-
Network Issues
- Ensure there are no network issues preventing the connection. Check that
system b
is reachable via the network. - Verify that the firewall on
system b
is allowing incoming SSH connections on the specified port.
- Ensure there are no network issues preventing the connection. Check that
-
SELinux and AppArmor (Linux Specific)
- If
system b
uses SELinux, ensure it is not blocking SSH connections:bashsudo setenforce 0 # Temporarily disable for testing
- If using AppArmor, check that it allows SSHD to read the authorized_keys file.
- If
-
Check for Multiple Keys (Optional)
- If multiple keys are present, specify the exact key to use:
bashssh -i ~/.ssh/id_rsa username@system_b
- If multiple keys are present, specify the exact key to use:
By following this checklist, you should be able to identify and resolve most issues preventing SSH key-based authentication. If problems persist, examining the verbose output from the SSH command can provide further clues.