SSH - settings for connecting to a remote server

By kimot, 29 September, 2023

If you have to connect to remote server via ssh with public key authentication.
- you will need ssh key pair
- install public key on remote server
- configure your ssh settings


Best way to generate key pair is to use ssh-keygen utility: 
ssh-keygen -t rsa -b 4096 
ssh-keygen -t dsa 
ssh-keygen -t ecdsa -b 521 
ssh-keygen -t ed25519 

these are four examples to generate public/private key pair with different algorithm and key size. Private key can contain passphrase, which will be required each time it is used.
The public key must be installed on the remote ssh server.
Private key must be stored on your server from which you will establish the connection. 

If only one user will use this key, then it is best to store it in their home directory:

if this key will be used by multiple users:

It's important to setup correct authority for this private key:
chmod 600 id_rsa

In the next step, you should ensure that the public key is correctly installed on the remote server.

Subsequently, the configuration of the local ssh must be modified.

There are two options.

If you plan to use this login only for you. You must correctly setup AS/400 profile and config file in home directory (for example)

                         Display User Profile - Basic       
User profile . . . . . . . . . . . . . . . :   ADMIN       
Home directory . . . . . . . . . . . . . . :   /home/admin 

then setup his home directory

mkdir /home/admin
chmod 755 /home/admin
touch ~/.ssh/config 
chmod 600 ~/.ssh/config

Configure config file

EDTF '/home/admin/.ssh/config'

In this case there are two servers defined in config file

  ************Beginning of data**************  
 Host server1                                   
     User admin                               
     IdentityFile ~/.ssh/id_rsa                
 Host server2                                    
     HostName ibmserver.local                            
     User superadmin                              
     IdentityFile ~/.ssh/id_rsa_4096           
  ************End of Data********************  

After this configuration you can try first connection :
ssh server1 will be connected as user admin
LogLevel=debug3 means that a detailed message about the login process is displayed on the screen.

If you plan to share key with multiple users, then you have to put private key somewhere outside your /home directory:

Then set the key in the global ssh configuration:

EDTF '/QOpenSys/QIBM/UserData/SC1/OpenSSH/etc/ssh_config' 
IdentityFile /QOpenSys/QIBM/ProdData/SC1/OpenSSH/key_store/id_rsa