1. Connecting to Remote Systems With OpenSSH
  2. Configuring the OpenSSH Client

3 Configuring the OpenSSH Client

To set up OpenSSH on the client, you need the openssh and openssh-clients packages.

Installing the OpenSSH Client Packages

A default Oracle Linux installation includes both the openssh and openssh-clients packages. If the packages aren't installed, run the following command: 

sudo dnf install openssh openssh-clients

Configuring OpenSSH Client Configuration Files

The $HOME/.ssh directory on the client system contains the OpenSSH client configuration files for a particular user as follows:

  • id_rsa and id_rsa.pub

    Contains a user's SSH2 RSA private and public keys. SSH2 RSA is most commonly used key-pair type. id_rsa and id_rsa.pub are the conventional names for these files, but no restrictions exist on the file name to use. You can store several key pairs in this directory to use across different connections.

    Caution:

    The private key file can be readable and writable by the user but must not be accessible to other users.

  • known_hosts

    Contains the public host keys that OpenSSH has obtained from SSH servers. OpenSSH adds an entry for each new server to which a user connects.

  • config

    Contains client configuration settings.

    Caution:

    A config file can be readable and writable by the user but must not be accessible to other users.

For more information, see the ssh(1) and ssh-keygen(1) manual pages.

Validating Configuration Permissions

OpenSSH applies strict permissions to the $HOME/.ssh directory and files stored in this directory. If the permissions in the directories on either side of the connection are wrong, OpenSSH prevents the connection and errors out with a Permission Denied message.

Access to contents $HOME/.ssh directory must be limited to the individual user. An exception to this rule is the authorized_keys file, which contains public keys that can be readable to other users.

  1. Set the directory and file permissions as follows. Some of these files might not be present on the system where you're running these commands:

    chmod 700 $HOME/.ssh                  # The user .ssh directory
chmod 600 $HOME/.ssh/id_rsa           # A user's private key 
chmod 644 $HOME/.ssh/id_rsa.pub       # A user's public key
chmod 600 $HOME/.ssh/config           # Customized configuration entries for the ssh client
chmod 644 $HOME/.ssh/authorized_keys  # A user's authorized public key entries to allow login
chmod 600 $HOME/.ssh/known_hosts      # A user's known hosts entries for system fingerprints
chown -R $USER:$USER $HOME/.ssh       # Recursively set ownership of all .ssh files

  2. Verify that file permissions are correct.

    ls -al .ssh
    drwx------+ 2 user group     5 Jun 12   08:33 .
drwxr--r--+ 3 user group     9 Jun 12   08:32 ..
-rw-r--r--+ 1 user group   397 Jun 12   08:33 authorized_keys
-rw-------. 1 user group  2283 Nov 22 13:22 config
-rw-------. 1 user group   963 Aug 22 09:27 id_rsa
-rw-r--r--. 1 user group   221 Aug 22 09:27 id_rsa.pub
-rw-------. 1 user group 85531 Nov  9 10:01 known_hosts