Click here for "Safe Air Conditioner Repair and Proper Freon Recovery".(Japanese Version)

Rocky Linux8.4 ; Creating a Certificate for SSL , Public key cryptography for SSH

1.Creating a Certificate for SSL

1.1 advance preparation

The RHEL8 series does not include CA, so use RHEL7 CA.
① Copy the CA to /etc/pki/tls/misc/ using WINSCP, etc.

➁Pass PATH to SSL commands

➂Edit the openssl.cnf file

④Go to the working directory for creating certificates, etc.

1-2. Create a CA-related certificate

①Create a private key for the CA (cakey.pem) and a certificate for the CA (cacert.pem)

➁Create a ca.der file to import the CA certificate into your browser

1-3. Create server-related certificates

①Create a private key for the server (newkey.pem)

② Remove the password for the server private key

If you leave this password set, you will be required to enter the password every time you start SSL, and you will not be able to start it, for example, during an automatic restart.
If you leave this password set, you will be required to enter the password every time you start SSL, and you will not be able to start it when you reboot automatically.

③ Create a certificate for the server (newcert.pem/server.crt)

④ Create a server certificate (server.crt)

2.SSH public key cryptography setting

① Create a key pair with RSA
Become an ordinary user (jimmy in the example) and create a key pair with RSA

➁Private Key Login Settings

③ Restart SSH

④Copy the private key to the client PC (using WinSCP)
Start WinSCP and configure it to connect to the server (IP:192.168.11.62, SSH port 2233  user;tama).
(where to get it ; https://winscp.net/eng/download.php)

Drag and drop the "id_rsa file" in the .ssh directory into Windows on the left side to save it.

Start Tera Term anew.

If the connection is successful, it will look like this

⑤ Change to login only with the private key.

[root@Lepard ~]# vi /etc/ssh/sshd_config
■Per line 69
Add "PasswordAuthentication no" under "#PasswordAuthentication yes".
#PasswordAuthentication yes
PasswordAuthentication noRestart SSH
[root@Lepard ~]# systemctl restart sshd.service

⑥Change WinSCP settings (using PuTTYgen, which is included with WinSCP)
Launch WinSCP and click "Tools".





Enter the "CA password" on the password inquiry screen.

Copied title and URL