Oracle Cloud Infrastructure Documentation

Configuring the OpenSSH Client

Install the OpenSSH client packages and manage per-user SSH configuration files.

To set up OpenSSH on the client, you need the openssh and openssh-clients packages.

Installing the OpenSSH Client Packages

Install the OpenSSH client packages if they aren't already present.

A default Oracle Linux installation includes both the openssh and openssh-clients packages. If the packages aren't installed, run the following command:

sudo dnf install openssh openssh-clients

Configuring OpenSSH Client Configuration Files

Review the key files in $HOME/.ssh that store client-side SSH settings.

A user configured for SSH key-based authentication on a client system typically has the following configuration files in their $HOME/.ssh directory:

SSH2 private and public key files

The user's private and public keys, created with the ssh-keygen utility, are named as follows by default:

  • id_rsa and id_rsa.pub on Oracle Linux 8 and 9.

  • id_ed25519 and id_ed25519.pub on Oracle Linux 10.

The default file names in the preceding list reflect the algorithm (rsa or ed25519) used to generate the keys.

You can store several key pairs in the $HOME/.ssh directory to use across different connections.

For more information, see the ssh-keygen(1) manual page.

CAUTION

Private key files must be readable and writable only by the owner and inaccessible to other users.

known_hosts file

Contains the public host keys that OpenSSH has obtained from SSH servers. OpenSSH adds an entry for each new server to which a user connects.

config file

Contains client configuration settings.

CAUTION

Ensure the config file is readable and writable only by you and not accessible to other users.

For more information, see the ssh(1) and ssh-keygen(1) manual pages.

Validating Configuration Permissions

Set and verify secure permissions on SSH client directories and files.

OpenSSH applies strict permissions to the $HOME/.ssh directory and files stored in this directory. If the permissions in the directories on either side of the connection are wrong, OpenSSH blocks the connection and returns a Permission denied message.

Use these steps to set the recommended permissions on the $HOME/.ssh directory and its contents.

  1. Set the directory and file permissions as follows. Some of these files might not be present on the system where you're running these commands:

    chmod 700 $HOME/.ssh                  # The user .ssh directory.
chmod 600 $HOME/.ssh/id_sshkey      # A user's private key. Typical values for id_sshkey are id_rsa or id_ed25519. 
chmod 644 $HOME/.ssh/id_sshkey.pub  # A user's public key. Typical values for id_sshkey.pub are id_rsa.pub or id_ed25519.pub.
chmod 600 $HOME/.ssh/config           # Customized configuration entries for the SSH client.
chmod 600 $HOME/.ssh/authorized_keys  # A user's authorized public key entries to allow login.
chmod 644 $HOME/.ssh/known_hosts      # A user's known hosts entries for system fingerprints.
chown -R $USER:$USER $HOME/.ssh       # Recursively set ownership of all .ssh files.

  2. Verify that file permissions are correct.

    ls -al .ssh
    drwx------. 2 user group     5 Jun 12   08:33 .
drwx------. 5 user group     9 Jun 12   08:32 ..
-rw-------. 1 user group   397 Jun 12   08:33 authorized_keys
-rw-------. 1 user group  2283 Nov 22 13:22 config
-rw-------. 1 user group   963 Aug 22 09:27 id_sshkey
-rw-r--r--. 1 user group   221 Aug 22 09:27 id_sshkey.pub
-rw-r--r--. 1 user group 85531 Nov  9 10:01 known_hosts
    Note

    In the preceding output example, the placeholder id_sshkey has the following default values on Oracle Linux instances:

    • id_rsa on Oracle Linux 8 and Oracle Linux 9 instances.

    • id_ed25519 on Oracle Linux 10 instances.