-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathssh-public-key-method.html
124 lines (104 loc) · 5.67 KB
/
ssh-public-key-method.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<title>SSH public key method - kb.haeringer.org</title>
<link href="http://fonts.googleapis.com/css?family=Arimo:400,700|Inika" rel="stylesheet" type="text/css" />
<link rel="stylesheet" type="text/css" href="/theme/bootstrap.css" />
<link rel="stylesheet" type="text/css" href="/theme/pastie.css" />
<link href="/" type="application/atom+xml" rel="alternate" title="kb.haeringer.org Atom Feed" />
</head>
<body>
<div class="container">
<div class="row">
<div class="span10">
<div id="content">
<div class="header">
<h1>SSH public key method</h1>
</br>
</div>
<p class="meta"><small><span><a href="/author/ben/">ben</a> - </span><span>Mi 14 März 2012</span> - <span class="tags"><a href="/tag/Linux networking/">Linux networking</a>, <a href="/tag/Management/">Management</a>, <a href="/tag/PuTTY/">PuTTY</a>, <a href="/tag/SSH/">SSH</a>, <a href="/tag/Windows client/">Windows client</a></span></small></p>
<div class="entry-content">
<p>People often still use simple password authentication to log onto
critical servers via SSH, which is not very secure especially on web
servers that are directly managed from the outside. A better method is
the use of asymmetric encryption with public and private keys.</p>
<p>You create a key pair on your client and save the public key in the
authorized keys file on the server. The private key must always kept
secret.<br />
</p>
<p><strong>Client-side (Linux/Mac)</strong></p>
<p>Create SSH key pair (will be created in <code>/home/user/.ssh/</code>):</p>
<div class="highlight"><pre><span class="o">~</span><span class="err">#</span> <span class="n">ssh</span><span class="o">-</span><span class="n">keygen</span> <span class="o">-</span><span class="n">t</span> <span class="n">rsa</span>
</pre></div>
<p>You should secure the key with a password. You can also leave it blank
so you can <!--more-->directly log in without a password, but if some
one should 'steal' your private key he can easily abuse it.</p>
<p>Show public key:</p>
<div class="highlight"><pre><span class="o">~</span><span class="err">#</span> <span class="n">cat</span> <span class="p">.</span><span class="n">ssh</span><span class="o">/</span><span class="n">id_rsa</span><span class="p">.</span><span class="n">pub</span>
</pre></div>
<p><strong>Client-side (Windows, PuTTY)</strong></p>
<ul>
<li>Start PuTTYgen - this is a small key generator program that comes with
PuTTY. </li>
<li>Choose SSH-2 RSA and change the number of bits to 2048 </li>
<li>Press Generate </li>
<li>You should secure the key with a password. You can also leave it
blank so you can directly log in without a password, but if some one
should 'steal' your private key he can easily abuse it. </li>
<li>Copy the generated key from the top of the window into a new notepad
file and save it as "id_rsa.pub". </li>
<li>Save the private key with the corresponding button. </li>
<li>To use the private key in PuTTY for logging in, go to Connection >
SSH > Auth and load the key.<br />
</li>
</ul>
<p><strong>Server-side</strong></p>
<p>Go into the home directory of the user that needs access:</p>
<div class="highlight"><pre><span class="n">cd</span> <span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">user</span>
</pre></div>
<p>Create hidden SSH directory:</p>
<div class="highlight"><pre><span class="n">mkdir</span> <span class="p">.</span><span class="n">ssh</span>
</pre></div>
<p>Create and open an authorized_keys file:</p>
<div class="highlight"><pre><span class="n">vi</span> <span class="p">.</span><span class="n">ssh</span><span class="o">/</span><span class="n">authorized_keys</span>
</pre></div>
<p>Paste the key out of id_rsa.pub (from the client, see above) as one
line into the authorized_keys file.</p>
<p>Modify rights:</p>
<div class="highlight"><pre><span class="n">chmod</span> <span class="o">-</span><span class="n">R</span> <span class="mi">600</span> <span class="p">.</span><span class="n">ssh</span>
</pre></div>
<p>After having tested the public key-based login successfully (and only
then!), disable the normal password-based login:</p>
<div class="highlight"><pre><span class="n">vi</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">ssh</span><span class="o">/</span><span class="n">sshd_config</span>
<span class="n">PasswordAuthentication</span> <span class="n">no</span>
<span class="n">service</span> <span class="n">ssh</span> <span class="n">restart</span>
</pre></div>
</div><!-- /.entry-content -->
</div>
</div>
<div class="span2">
<div class="well">
<ul class="nav nav-list">
<li class="nav-header">Blog</li>
<!-- <li ><a href="">Home</a></li> -->
<li ><a href="index.html">Home</a></li>
<li ><a href="/tags/">Tags</a></li>
<li ><a href="/archives/">Archive</a></li>
<li class="nav-header">Pages</li>
<li><a href="/pages/about.html">About</a></li>
</ul>
</div><!-- /#menu -->
</div>
</div>
<hr />
<div class="row">
<div class="span12">
<div id="about">
<p>Proudly powered by <a href="http://twitter.github.com/bootstrap/">bootstrap</a>, <a href="http://docs.notmyidea.org/alexis/pelican/">pelican</a>, <a href="http://python.org">python</a> and <a href="http://www.julo.ch/about/">Alex</a></p>
</div><!-- /#about -->
</div><!-- /#contentinfo -->
</div>
</div>
</body>
</html>