SSH configuration with certificates
Quickly now.....
these are openSUSE specifics:
### Creating SSH certs ###
enter a key at the prompt (can be left blank)
this will create 2 files certkeyfile and certkeyfile.pub
copy certkeyfile to /home/source_user/.ssh/id_rsa
both files should be 600 owned by the user.
Tunneling:
Thanks for playing :)
### /etc/ssh/sshd_config ###
Port 22
Protocol 2
SyslogFacility LOCAL1
PermitRootLogin no
StrictModes yes
PubkeyAuthentication yes
IgnoreRhosts yes
PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication no
GSSAPIAuthentication no
GSSAPICleanupCredentials no
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding no
UsePrivilegeSeparation yes
Banner /etc/ssh/banner
Subsystem sftp /usr/libexec/openssh/sftp-server
these are openSUSE specifics:
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
### Creating SSH certs ###
ssh-keygen -b 2048 -t rsa -f certkeyfile
enter a key at the prompt (can be left blank)
this will create 2 files certkeyfile and certkeyfile.pub
cat certkeyfile.pub >> /home/target_user/.ssh/authorized_keys
copy certkeyfile to /home/source_user/.ssh/id_rsa
both files should be 600 owned by the user.
Tunneling:
ssh -p <ssh_port> -L <src_port>:hostname:<dest_port> username@ssh_server_host
Thanks for playing :)
