Set up a user to connect to a Linux server with a private-public key pair

To secure a Linux server, disable password authentication on it. This way only those users can connect to it, who have access to an authorized private key.

To enable users to connect to a Linux server with a private-public key pair

Generate an RSA key pair

  1. In a Bash terminal on your workstation execute
    ssh-keygen
  2. Follow the prompts to specify the name of the key file pair. In most of the cases, you don’t need to protect the key with a password.
    1. If you don’t specify the file name, the key will be saved as ~/.ssh/id_rsa
    2. If you specify a file name, the key files will be saved in the current directory
  3. The public key file will get the “.pub” extension, the private file has no extension

Upload the public key to the Linux server

  1. Log into the server with the “ssh” command using a username and password
    ssh MY_USER_NAME@SERVER_IP_ADDRESS
  2. Add the public part of the key to the user configuration
    1. Switch to sudo mode, this command will ask for the password again
      sudo -i
    2. Navigate to the user home directory
      cd /home/USER_NAME/
    3. Add the public key to the user’s authorized_keys file. Open the file with a text editor and copy the public key into a new line.
      vi authorized_keys
    4. To test the configuration, on your workstation navigate to the directory where the new key is located, and log into the server with
      ssh -i MY_KEY_NAME MY_USER_NAME@SERVER_IP_ADDRESS

Turn off password authentication

  1. Make sure you can log in with the new key !!!
  2. Execute the command
    sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config

Set up the Artifactory repository authentication

To secure Artifactory repositories follow the steps below

  1. Log into Artifactory as an administrator
  2. On the left select Admin

Add users

  1. In the Security menu select Users
  2. In the upper right select New

  3. Create users for admin, writer, and reader. Make sure the Can Update Profile checkbox is NOT checked, so if someone logs in with the service account credentials cannot change the account settings.

    1. REPOSITORY-NAME_admin,
    2. REPOSITORY-NAME_writer,
    3. REPOSITORY-NAME_reader.

Create security groups and add the new users to the groups

  1. In the Admin menu select Security and Groups
  2. On the Group Management page select New
  3. Create groups for admins, writers, and readers. Add “s” to the name of the group to differentiate it from the user.
    1. REPOSITORY-NAME_admins,
    2. REPOSITORY-NAME_writers,
    3. REPOSITORY-NAME_readers.
  4. In the Users section add the appropriate user to the group

Create permissions and add the groups to the permissions

  1. In the Security menu select Permissions
  2. In the upper right corner select New
  3. Create permissions to administer, write, and read the repository
    1. REPOSITORY-NAME_administer,
    2. REPOSITORY-NAME_write,
    3. REPOSITORY-NAME_read.
      1. Select the repository, click the green arrow to add the repository to the Selected Repositories list, and click Next
      2. Click the arrow next to the name of the group to add it to the list of groups
      3. Select the appropriate check boxes
        1. For writers select Delete/Overwrite, Deploy/Cache, Annotate, and Read
      4. Click the Save & Finish button.

To allow anonymous read access to the repository

To allow everyone to read the repository without authentication, add the anonymous user to the REPOSITORY-NAME_readers group.