[CentOS 8] Sakura VPS server initial settings 2020 version

2020.08.04

A memorandum when renting and setting up Sakura’s VPS.

Server environment: CentOS 8.1, OpenSSH_7.4p1, OpenSSL 1.0.2k-fips

Client environment: Windows 10, TeraTerm 4.95

1. OS installation

Install «Standard OS».

I tried to use the minimum configuration with a custom OS, but I got an error, so I stopped it.

Start service confirmation

# systemctl list-unit-files -t service

The firewall uses a packet filter that can be set from the console and does not control the port on the VPS.

Change host name

# hostnamectl set-hostname sakura01.dksg.co.jp

# hostnamectl status

SELinux confirmation

# getenforce

Add EPEL repository

# dnf install epel-release

2. SSH key authentication

SSH version check

#ssh -V

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017

Authenticate key when accessing with SSH.

Generate public and private keys.

# ssh-keygen

No passphrase.

Confirmation

# ssh-keygen -l

3072 SHA256

It is generated with RSA 3072bit.

Change sshd settings. Disable password authentication.

# less /etc/ssh/sshd_config

PubkeyAuthentication yes

PasswordAuthentication no

Change the public key to the name of AuthorizedKeysFile.

# cd .ssh/

# mv id_rsa.pub authorized_keys

Copy the private key to the accessing Windows machine.

Change the name for the time being.

# less id_rsa

# mv id_rsa id_rsa.sshd

sshd restart. The ssh session that is currently connected will not expire, so it’s ok.

# systemctl restart sshd

Confirm that access is not possible with Tera Term password authentication.

Try to access by specifying the private key in Tera Term.

error

read error SSH2 private key file

error:0906D06C:PEM routines:PEM_read_bio:no start line

I was angry that it was not in PEM format.

Certainly it is «BEGIN OPENSSH PRIVATE KEY».

It seems that the default value has changed recently.

Convert to pem format on the server.

-p is an option to change the passphrase (reference: ssh-keygen(1)-OpenBSD manual pages ).

# ssh-keygen -p -m pem -f id_rsa.sshd

Confirmation

# ssh-keygen -l

3072 SHA256

Overwrite the private key.

# less id_rsa.sshd

Successfully connected successfully.

Perhaps the latest Tera Term may be OK even with OPEN SSH PRIVATE KEY.