985
edits
Changes
From SME Server
Jump to navigationJump to searchno edit summary
27th December 2003 Ian Wells
27th December 2003 Ian Wells
Introduction
== Introduction ==
This is an introduction to using Public-Private Keys as applied to SSH. It has been written in response to questions regarding my CVS How-To.
This is an introduction to using Public-Private Keys as applied to SSH. It has been written in response to questions regarding my CVS How-To.
It currently covers the first three steps needed to use Public-Private keys
It currently covers the first three steps needed to use Public-Private keys
*Generate Public-Private Key Pairs
*Installing the Public Key onto the Server
*Installing the Private Key onto the Clients
It also has sections on
It also has sections on
*Using public keys for SSH authentication
*Further Information
The following has been tested using a Mitel SME Server, and Windows XP& RedHat 8.0 clients.
The following has been tested using a Mitel SME Server, and Windows XP& RedHat 8.0 clients.
This section describes three ways to generate the public-private key pairs, and specifically a SSH protocol 2 RSA key pair.
This section describes three ways to generate the public-private key pairs, and specifically a SSH protocol 2 RSA key pair.
*1. On Windows using PuTTY
*2. On SME Server using OpenSSH
*3. On RedHat 8.0 using OpenSSH
=== On Windows using PuTTY PuTTYgen ===
[[Image:Putty00.png]]
PuTTYgen can be used to generate the keys, which is described in detail in Chapter 8.2
1. Select SSH2 RSA.
1. Select SSH2 RSA.
Then paste the OpenSSH2 version to a file, eg putty.pub.
Then paste the OpenSSH2 version to a file, eg putty.pub.
On SME Server
=== On SME Server ===
It is possible to use the SME Server itself to generate the public-private key pairs. This is done by using ssh-keygen.
It is possible to use the SME Server itself to generate the public-private key pairs. This is done by using ssh-keygen.
aa:bb:cc:dd:ee:ff:aa:bb:cc:dd:ee:ff:aa:bb:cc:dd dummy@gatekeeper
aa:bb:cc:dd:ee:ff:aa:bb:cc:dd:ee:ff:aa:bb:cc:dd dummy@gatekeeper
On RedHat 8.0
=== On RedHat 8.0 ===
To generate the public-private key pair on a RedHat 8.0 box is identical to the SME Server, as both use OpenSSH.
To generate the public-private key pair on a RedHat 8.0 box is identical to the SME Server, as both use OpenSSH.
In this example I have specified the comment field.
In this example I have specified the comment field.
$ ssh-keygen -t rsa -C dummy@rh8
$ ssh-keygen -t rsa -C dummy@rh8
Generating public/private rsa key pair.
Generating public/private rsa key pair.
aa:bb:cc:dd:ee:ff:aa:bb:cc:dd:ee:ff:aa:bb:cc:dd dummy@rh8
aa:bb:cc:dd:ee:ff:aa:bb:cc:dd:ee:ff:aa:bb:cc:dd dummy@rh8
Installing the Public Key onto the Server
== Installing the Public Key onto the Server ==
To make use of the Public-Private Key pair the Public keys must be put onto the server that will be accessed. The Public Key file and its contents do not need to be kept secret.
To make use of the Public-Private Key pair the Public keys must be put onto the server that will be accessed. The Public Key file and its contents do not need to be kept secret.
The Public Key needs to be saved in the file $HOME/.ssh/authorized_keys . For the user dummy on an SME Server it would be:
The Public Key needs to be saved in the file $HOME/.ssh/authorized_keys . For the user dummy on an SME Server it would be:
/home/e-smith/files/users/dummy/.ssh/authorized_keys
/home/e-smith/files/users/dummy/.ssh/authorized_keys
The directory .ssh should have permissions 700 and the file authorized_keys should have permissions either 644 or 600. If the directory does not exist it can be created as follows, which presumes that you are logged in as yourself, not root.
The directory .ssh should have permissions 700 and the file authorized_keys should have permissions either 644 or 600. If the directory does not exist it can be created as follows, which presumes that you are logged in as yourself, not root.
cd
mkdir .ssh
chmod 700 .ssh
ls -al
drwx------ 2 dummy dummy 4096 Feb 18 11:23 .ssh
drwx------ 2 dummy dummy 4096 Feb 18 11:23 .ssh
The authorized_keys file can store multiple public keys, one on each line, so the following examples always append to the end of the file.
The authorized_keys file can store multiple public keys, one on each line, so the following examples always append to the end of the file.
This example presumes that the key was generated on the server, or has been copied into the $HOME/.ssh directory.
This example presumes that the key was generated on the server, or has been copied into the $HOME/.ssh directory.
cat id_rsa.pub >> authorized_keys
ls -l
-rw-r--r-- 1 dummy dummy 225 Feb 18 11:26 authorized_keys
-rw-r--r-- 1 dummy dummy 225 Feb 18 11:26 authorized_keys
Public key from PuTTYgen
=== Public key from PuTTYgen ===
There are two main ways of doing this, they each require that the "Public key for pasting into authorized_keys file" is copied to the clipboard (see Step 7 on the figure above). For more details read the PuTTY manual.
There are two main ways of doing this, they each require that the "Public key for pasting into authorized_keys file" is copied to the clipboard (see Step 7 on the figure above). For more details read the PuTTY manual.
Then copy this file into the $HOME/.ssh directory on the server. This file can then be appended to the authorized_keys file.
Then copy this file into the $HOME/.ssh directory on the server. This file can then be appended to the authorized_keys file.
cat putty.pub >> authorized_keys
The other method is simpler but more complicated to explain.
The other method is simpler but more complicated to explain.
*Open a PuTTY terminal to the server
*Open the $HOME/.ssh/authorized_keys file with your favourite test editor (vi, pico etc)
*Paste in the public key from the clipboard
Installing the Private Key onto the Clients
== Installing the Private Key onto the Clients ==
The Private Key needs to be accessible from the clients that you use. The Private Key file should be kept secure, and should be protected by a pass phrase.
The Private Key needs to be accessible from the clients that you use. The Private Key file should be kept secure, and should be protected by a pass phrase.
