2,569
edits
Changes
From SME Server
Jump to navigationJump to searchSME Server:Documentation:User Manual:Chapter1 (view source)
Revision as of 04:48, 28 September 2007
, 04:48, 28 September 2007→Securing SSH With Public / Private Keys
Line 53:
Line 53:
Below are instructions on how to create the Public / Private key pair using windows and putty.+* Create the Keys+Log onto the server, cd to ~/.ssh and enter the following command:
− cd ~/.ssh
− ssh-keygen -t dsa
−Hit Enter when asked where to save the keys to.
−
−You will now have two new files in the current Directory: id_dsa & id_dsa.pub
−
−* Activate the Public Key
−Enter the following command to add the Public key to the list of allowed keys for root:
− cat id_dsa.pub >> authorized_keys
−
−* Get the Private Key
−Now all we need to do is get the Private Key onto your client.
−If you are connected using ssh, then you can simply
− cat id_dsa
−then copy & paste the output into a notepad file. Failing that, you can use SCP to get the file off, or move the file into an iBay and copy it out using SMB.
−
−* Convert the Private Key
−Once you have the file on your windows machine, you need to convert it from OpenSSH Format to PPK (Putty Private Key) format.
−To do this you need PuttyGen. This is part of the Windows installation of Putty, but if you just downloaded the Putty.exe executable then you will need to visit http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html and download the PuttyGen executable.
−Run PuttyGen, select Conversions -> Import Key & open your OpenSSH PrivateKey.
−If you set a PassPhrase, you will be asked for it now.
−Once the Key is Imported, Click "Save Private Key" and save your new ppk file somewhere safe.
−
−* Use the Key & Test
−Now when you use Putty, you just have to tell it to use the Private Key
−Put your Server IP address / FQDN in the main screen as normal, then go to //Connection -> SSH -> Auth// from the menu, and browse for the PPK file you created earlier.
−If you want, you can go back to Session, and save these settings.
−
−Hit Login, and if your Keypair is working, you will see the following:
− Using username "root".
− Authenticating with public key "imported-openssh-key"
− Passphrase for key "imported-openssh-key":
−
−
−* As long as the above worked, the server Admin can now disable logging in using passwords.
−Go to the Server-manager, and switch Off 'Allow secure shell access using standard passwords'
−
−Further information at http://wiki.contribs.org/SSH_Public-Private_Keys
If they don't match then the server simply drops the TCP session. There is no opportunity for a cracker to try brute forcing your root password.
If they don't match then the server simply drops the TCP session. There is no opportunity for a cracker to try brute forcing your root password.
−Setup your keys with the information at [[:SSH_Public-Private_Keys]]
−When you have SSH Keys working, the server Admin can disable logging in using passwords.
−When asked if you want a passphrase, this is up to you. If you set one, then you will still be asked for a password after the key exchange. This is an extra level of security, just incase your private key falls into unwelcome hands. I Recommend that you set a strong password.
−
