A memorandum when renting and setting up Sakura’s VPS.
Server environment: CentOS 8.1, OpenSSH_7.4p1, OpenSSL 1.0.2k-fips
Client environment: Windows 10, TeraTerm 4.95
1. OS installation
Install «Standard OS».
I tried to use the minimum configuration with a custom OS, but I got an error, so I stopped it.
Start service confirmation
# systemctl list-unit-files -t service
The firewall uses a packet filter that can be set from the console and does not control the port on the VPS.
Change host name
# hostnamectl set-hostname sakura01.dksg.co.jp
# hostnamectl status
Add EPEL repository
# dnf install epel-release
2. SSH key authentication
SSH version check
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
Authenticate key when accessing with SSH.
Generate public and private keys.
# ssh-keygen -l
It is generated with RSA 3072bit.
Change sshd settings. Disable password authentication.
# less /etc/ssh/sshd_config
Change the public key to the name of AuthorizedKeysFile.
# cd .ssh/
# mv id_rsa.pub authorized_keys
Copy the private key to the accessing Windows machine.
Change the name for the time being.
# less id_rsa
# mv id_rsa id_rsa.sshd
sshd restart. The ssh session that is currently connected will not expire, so it’s ok.
# systemctl restart sshd
Confirm that access is not possible with Tera Term password authentication.
Try to access by specifying the private key in Tera Term.
read error SSH2 private key file
error:0906D06C:PEM routines:PEM_read_bio:no start line
I was angry that it was not in PEM format.
Certainly it is «BEGIN OPENSSH PRIVATE KEY».
It seems that the default value has changed recently.
Convert to pem format on the server.
-p is an option to change the passphrase (reference: ssh-keygen(1)-OpenBSD manual pages ).
# ssh-keygen -p -m pem -f id_rsa.sshd
# ssh-keygen -l
Overwrite the private key.
# less id_rsa.sshd
Successfully connected successfully.
Perhaps the latest Tera Term may be OK even with OPEN SSH PRIVATE KEY.