SSH SFTP Setup - Linux Docs

---SSH Setup and SFTP---#####---See "Convert '*.ppk'" to convert puttygen files to openssh

mkdir ~/.ssh ##if it does not exist on private (client) computer, create the .ssh directory in the users home directory: '/home/user/.ssh'

touch ~/.ssh/authorized_keys ##if it does not exist on public (server) computer, create the .ssh directory in the users home directory: '/home/user/.ssh' , then touch authorized_keys file

chmod 700 ~/.ssh ##secure access to the public/private key directory by setting restrictive permissions, done on private and public computers

chmod 700 ~/.ssh/authorized_keys ##secure access to the public key directory by setting restrictive permissions

chown user:user ~/.ssh ##in case you accidentally created the directories with a different account (root perhaps), change the ownership of the directory to the user, done on both private and public

chown user:user ~/.ssh/authorized_keys ##same as above

ssh-keygen ##use this command on private (client) computer, create the public and private key pair, you do not need to use a pass phrase if you don't want to, just hit enter twice, can also be done on public computer

ls ~/.ssh ##see if id_rsa and id_rsa.pub are located in the .ssh directory

ssh-copy-id -i id_rsa.pub user@publicserver.net ##run from client where ssh keys were generated, 'ssh-copy-id' appends the public server authorized_keys file with the 'id_rsa.pub' key, and sets restrictive permissions

less ~/.ssh/authorized_keys ##make sure the file was appeneded with the 'id_rsa.pub' key

ssh user@publicserver.net ##log into the public server and test the ssh keys

sftp user@publicserver.net ##log into the public server and test the ssh keys using sftp

su - scp -c "ssh -o "StrictHostKeyChecking=no" scp@c2960g-8tc-a" ##run command as another user, good for testing permissions or SSH keys

######################################### ####---Convert '*.ppk' to 'openssh'---###---See above for location, permissions details, and testing #########################################

puttygen rfc.ppk -O private-openssh -o id_rsa ##extract private key from ppk file, -O set output type, -o set output file, place 'ppk' file in '~/.ssh' then run this command, don not forget to 'chmod 700'

puttygen rfc.ppk -O public-openssh -o id_rsa.pub ##extract public key from ppk file, -O set output type, -o set output file, place 'ppk' file in '~/.ssh' then run this command, don not forget to 'chmod 700'

################################################################ ####---Use passwordless SSH with Cisco IOS ver 15 or newer---### ################################################################

aaa authentication login default local aaa authentication enable default enable aaa authorization exec default local none ip domain name domain.net

(config)username scp privilege 7 ##create an account for scp, use a separate privilege mode for scp, so we can modify it later to restrict commands (config)#ip ssh pubkey-chain ##from global config mode, enter into "ip ssh pubkey-chain" so we can add or modify the public keychain (conf-ssh-pubkey)#username scp ##select the username that you want to set-up a public key chain (conf-ssh-pubkey-user)#key-string ##tell the device you want to add a public key for username scp (conf-ssh-pubkey-data)# ##paste id_rsa.pub key here, you can't paste the whole key at once, split into two ssh-keygen -e -f id_rsa.pub > cisco_rsa.pub ssh-keygen -i -f cisco_rsa.pub > id_rsa.pub

privilege exec all reset write