Novice Level

Generating and Exchanging SSH Keys for Secure Access

Pricing
15 minutes
  • 4 Learning Objectives

About this Hands-on Lab

Understanding the creation and exchange of SSH keys is a key concept to grasp as a new system administrator. In this lab, we will generate keys on two systems using the `ssh-keygen` utility and learn how to exchange and verify the keys with a remote system using `ssh-copy-id` and associated key files on each. At the end of this lab, you will understand how to create secure keys for remote access, how to exchange them, and where to store them on each system involved in the chain.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create the Key on Server 1
  1. In your terminal, log in to Server 1.
    `ssh cloud_user@[SERVER1_PUBLIC_IP]`
  2. Change to the .ssh directory.
    cd .ssh
  3. Generate a key for Server 1.
    ssh-keygen
  4. List the contents of the id_rsa.pub file.
    cat id_rsa.pub
  5. Copy the output of this command to your clipboard.
Create the Key on Server 2
  1. Log in to Server 2.
    `ssh cloud_user@[SERVER2_PUBLIC_IP]`
  2. Change to the .ssh directory.
    cd .ssh/
  3. Install the nano text editor.
    sudo yum install nano
  4. Open the authorized_keys file in nano.
    nano authorized_keys
  5. Add the key we just generated to the file. (Note: We don’t see the other accounts shown in the video, but it won’t impact the lab activity.)
  6. Press Ctrl + X.
  7. Press Y and then Enter to save the changes.
Exchange the SSH Keys between the Servers
  1. In your Server 2 terminal window, create a new key.
    ssh-keygen
  2. List the contents of the id_rsa.pub file.
    cat id_rsa.pub
  3. Copy the output of this command to your clipboard.
  4. Type exit to log out of Server 2.
  5. Install nano.
    sudo yum install nano
  6. Open the authorized_keys file in nano.
    nano authorized_keys
  7. Add the key we just generated to the file.
  8. Press Ctrl + X.
  9. Press Y then Enter to save the changes.
Test the Configuration
  1. Attempt to log in to Server 2 from Server 1 without a password.
    `ssh cloud_user@[SERVER2PUBLIC_IP]`
  2. Attempt to log in to Server 1 from Server 2 without a password.
    ssh cloud_user@[SERVER1PUBLIC_IP]
Contact SalesSee Pricing

Additional Resources

The development team in your organization is setting up their new development servers in preparation for the creation of a new web-based API. They are going to be creating configurations, copying files, etc., between two servers using a single service account.

You have been provided with credentials and connectivity information to those two new server instances. The service account they wish to use is the cloud_user account that you were provided. Following company security policy, a complex password has been set that is making periodic connections, copies, and service configurations hard for the team. They have asked you to simplify the process and create a trust for the service account between the two systems.

To make the trust between the two systems, you have determined the easiest method for doing so while maintaining security would be to use SSH keys and exchange them between the systems. You will need to create keys on both servers for the cloud_user service account and then exchange each server's account key with the other. This will facilitate connections from one system to the other, regardless of the initiating system. Once you verify that each user can log in from one server to the other, you can turn them back over to your team for use.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Don't have an account?

Get Started
Who’s going to be learning?
MyselfMy Organization