Uploading ssh public keys to your running Instance

Generally nobus store your public key while your private key is downloaded by you. Ensure to keep it safe and uncompromised

 
Configure SSH server to login with Key-Pair Authentication. Download a private key for client and a public key for server to do it.
[1] Create Key-Pair for each user, so login with a common user on SSH Server Host and work like follows.
[2] Transfer the secret key created on the Server to a Client, then it's possbile to login with keys authentication.
[username@www ~]$
mkdir ~/.ssh

[username@www ~]$
chmod 700 ~/.ssh
# copy the secret key to local ssh directory

[username@www ~]$
sudo cp ~/path/to/your/private-key ~/.ssh/


# alternatively using scp

[username@www ~]$
scp username@server_ip:/home/username/private-key ~/.ssh/

username@server_ip's password:
id_rsa [username@www ~]$
ssh -i ~/.ssh/private-key username@server_ip

Enter passphrase for key '/home/username/.ssh/private-key':  
# passphrase

Last login: Wed May 19 08:04:20 2020 from www.mod.com
[username@server_ip ~]$  
# Just login
[3] It's more secureed to if you set [PasswordAuthentication no].
[root@server_ip ~]#
vi
/etc/ssh/sshd_config
# line 65: turn to [no]

PasswordAuthentication
no
# line 69: make sure the value is [no]

ChallengeResponseAuthentication no
# line 96: make sure the value is [yes]

UsePAM yes
[root@server_ip ~]#
systemctl
restart sshd

Troubleshooting for SSH

For security reasons, you can't add or modify the SSH keys on your FCS Instance using the panel after you create it, but you have several options to add and modify them via the command line. If you currently have SSH access to the FCS Instance, you can upload keys:

  • From your local computer using ssh-copy-id, which is included in many Linux distributions’ OpenSSH packages.

  • From your local computer by extracting and appending the contents of the key into the ~/.ssh/authorized_keys file. This is a good choice if you don't have ssh-copy-id.

  • By SSHing to your FCS Instance and adding the public key manually, which is necessary if you do not have password-based SSH access.

If you currently can't connect to your FCS Instance at all, use the FCS Instance console to reset the root user password. Once logged in on the console, you can either add your key manually from the console or temporarily enable password authentication to add the key via SSH.

Locally Using ssh-copy-id and Password-Based Access

If you have password-based access to your FCS Instance, you can copy your SSH key using ssh-copy-id. Substitute the IP address of your FCS Instance.

                ssh-copy-id username@server_ip

This prompts you for the user account's password on the remote system:

                The authenticity of host 'server_ip (server_ip)' can't be established.
                ECDSA key fingerprint is fd:fd:d4:f9:EX:AM:PL:E0:e1:55:00:ad:d6:6d:22:fe.
                Are you sure you want to continue connecting (yes/no)? yes
                /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
                /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
                username@server_ip's password:

After typing in the password, the contents of your ~/.ssh/id_rsa.pub key are appended to the end of the user account's ~/.ssh/authorized_keys file:

Number of key(s) added: 1

                Now try logging in to the machine, with:   "ssh 'username@server_ip'"
                and check to make sure that only the key(s) you wanted were added.

After entering the password, it copies your key, and you can log in without a password.

Locally by Navigating into ssh with Password-Based Access

If you do not have the ssh-copy-id utility available, but still have password-based SSH access to the remote server, you can pipe the contents of the key into the ssh command.

On the remote side, make sure the ~/.ssh directory exists, and then append the piped contents into the ~/.ssh/authorized_keys file. Substitute the IP address and your username for your FCS Instance.

cat ~/.ssh/id_rsa.pub | \
                ssh username@server_ip "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

You are then asked to supply the password for the remote account:

                The authenticity of host 'server_ip (server_ip)' can't be established.
                ECDSA key fingerprint is fd:fd:d4:f9:EX:AM:PL:E0:e1:55:00:ad:d6:6d:22:fe.
                Are you sure you want to continue connecting (yes/no)? yes
                username@server_ip's password:

After entering the password, it copies your key, and you can log in without a password.

Manually from the FCS Instance without Password-Based Access

If you do not have password-based SSH access available, you have to add your public key to the remote server manually.

Note:
These instructions assume you're connecting to your FCS Instance with a terminal and SSH without password access. If you can't connect using those methods, you can use the FCS Instance console to recover access by resetting your FCS Instance's root password, and then use ssh to add your keys.

On your local machine, output the contents of your public key.

cat ~/.ssh/id_rsa.pub

Copy the output.

ssh-rsa EXAMPLEzaC1yc2EAAAADAQABAAACAQCqql6MzstZYh1TmWWv11q5O3pISj2ZFl9HgH1JLknLLx44+tXfJ7mIrKNxOOwxIxvcBF8PXSYvobFYEZjGIVCEAjrUzLiIxbyCoxVyle7Q+bqgZ8SeeM8wzytsY+dVGcBxF6N4JS+zVk5eMcV385gG3Y6ON3EG112n6d+SMXY0OEBIcO6x+PnUSGHrSgpBgX7Ks1r7xqFa7heJLLt2wWwkARptX7udSq05paBhcpB0pHtA1Rfz3K2B+ZVIpSDfki9UVKzT8JUmwW6NNzSgxUfQHGwnW7kj4jp4AT0VZk3ADw497M2G/12N0PPB5CnhHf7ovgy6nL1ikrygTKRFmNZISvAcywB9GVqNAVE+ZHDSCuURNsAInVzgYo9xgJDW8wUw2o8U77+xiFxgI5QSZX3Iq7YLMgeksaO4rBJEa54k8m5wEiEE1nUhLuJ0X/vh2xPff6SQ1BL/zkOhvJCACK6Vb15mDOeCSq54Cr7kvS46itMosi/uS66+PujOO+xt/2FWYepz6ZlN70bRly57Q06J+ZJoc9FfBCbCyYH7U/ASsmY095ywPsBo1XQ9PqhnN1/YOorJ068foQDNVpm146mUpILVxmq41Cj55YKHEazXGsdBIbXWhcrRf4G2fJLRcGUr9q8/lERo9oxRm5JFX6TCmj6kmiFqv+Ow9gI0x8GvaQ== username@server_ip

Log in to your FCS Instance using your local terminal and create the ~/.ssh directory if it does not already exist:

mkdir -p ~/.ssh

You'll need to add your SSH key to an authorized_keys file in this directory. The public keys listed in that file are the ones that can be used to log in to the server as this user.

Create and open the ~/.ssh/authorized_keys file for editing using a terminal-based text editor, like nano.

nano ~/.ssh/authorized_keys

Paste the contents of your SSH key into the file by right-clicking in your terminal and choosing Paste or by using a keyboard shortcut like CTRL+SHIFT+V. Then, save and close the file. In nano, save by pressing CTRL+O and then ENTER, and exit by pressing CTRL+X.

Alternatively, instead of opening the file in an editor and pasting your key, you can create the authorized_keys file with your public key added with a single command. If you use this, make sure to substitute the contents of your public key into the echo command.

echo "ssh-rsa EXAMPLEzaC1yc2E...GvaQ== username@server_ip" \
                >> ~/.ssh/authorized_keys

Once the authorized_keys file contains the public key, you need to update permissions on some of the files. The ~/.ssh directory and authorized_keys file must have specific restricted permissions (700 for ~/.ssh and 600 for authorized_keys). If they don't, you won't be able to log in.

Make sure the permissions and ownership of the files are correct.

                chmod -R go= ~/.ssh
                chown -R $USER:$USER ~/.ssh

You can now log out of your FCS Instance. The next time you log in, you can do so without a password.