In this lab, you'll use one virtual machine (VM)as your client, and one VM as the server. Alternatively, if you're using a Windows host machine, you can use Cygwin, PowerShell, or the built-in Windows Bash shell for the client. (Be aware, though, that PowerShell and the Windows Bash shell store the key files in alternate locations.) If you're on either a Mac or a Linux host machine, you can use the host machine's native command-line Terminal as the client. In any case, the procedure will be the same.

For the server VM, use either Ubuntu 18.04 or CentOS 7. This procedure does work the same on CentOS 8. However, we'll be using this same VM for the next few labs, and CentOS 8 has some special considerations that we'll look at later. Let's get started:

1. On the client machine, create a pair of 384-bit elliptic curve keys. Accept the default filename and location and create a passphrase:

ssh-keygen -t ecdsa -b 384

2. Observe the keys, taking note of the permissions settings:

ls -l ./ssh

3. Add your private key to your session keyring. Enter your passphrase when prompted:

exec /usr/bin/ssh-agent $SHELL
ssh-add

4. Transfer the public key to the server VM. When prompted, enter the password for your user account on the server VM (substitute your own username and IP address in the following command):

ssh-copy-id [email protected]

5. Log into the server VM as you normally would:

ssh [email protected]

6. Observe the authorized_keys file that was created on the server VM:

ls -l .ssh
cat .ssh/authorized_keys

7. Log out of the server VM and close the Terminal window on the client. Open another Terminal window and try to log into the server again. This time, you should be prompted to enter the passphrase for your private key.
8. Log back out of the server VM and add your private key back to the session keyring of your client. Enter the passphrase for your private key when prompted:

exec /usr/bin/ssh-agent $SHELL
ssh-add

As long as you keep this Terminal window open on your client, you'll be able to log into the server VM as many times as you want without having to enter a password. However, when you close the Terminal window, your private key will be removed from your session keyring.

9. Keep your server VM, because we'll do more with it in a bit.

You've reached the end of the lab – congratulations!

What we've done here is good, but it's still not quite enough. One flaw is that if you go to another client machine, you'll still be able to use the normal username/password authentication to log in. That's okay; we'll fix that in a few moments.