Line 1: |
Line 1: |
| 27th December 2003 Ian Wells | | 27th December 2003 Ian Wells |
− | Introduction | + | |
| + | == Introduction == |
| + | |
| | | |
| This is an introduction to using Public-Private Keys as applied to SSH. It has been written in response to questions regarding my CVS How-To. | | This is an introduction to using Public-Private Keys as applied to SSH. It has been written in response to questions regarding my CVS How-To. |
Line 6: |
Line 8: |
| It currently covers the first three steps needed to use Public-Private keys | | It currently covers the first three steps needed to use Public-Private keys |
| | | |
− | * Generate Public-Private Key Pairs
| + | *Generate Public-Private Key Pairs |
− | * Installing the Public Key onto the Server
| + | *Installing the Public Key onto the Server |
− | * Installing the Private Key onto the Clients
| + | *Installing the Private Key onto the Clients |
| | | |
| It also has sections on | | It also has sections on |
| | | |
− | * Using public keys for SSH authentication
| + | *Using public keys for SSH authentication |
− | * Further Information
| + | *Further Information |
| | | |
| The following has been tested using a Mitel SME Server, and Windows XP& RedHat 8.0 clients. | | The following has been tested using a Mitel SME Server, and Windows XP& RedHat 8.0 clients. |
Line 22: |
Line 24: |
| This section describes three ways to generate the public-private key pairs, and specifically a SSH protocol 2 RSA key pair. | | This section describes three ways to generate the public-private key pairs, and specifically a SSH protocol 2 RSA key pair. |
| | | |
− | 1. On Windows using PuTTY
| + | *1. On Windows using PuTTY |
− | 2. On SME Server using OpenSSH
| + | *2. On SME Server using OpenSSH |
− | 3. On RedHat 8.0 using OpenSSH
| + | *3. On RedHat 8.0 using OpenSSH |
| + | |
| + | |
| + | === On Windows using PuTTY PuTTYgen === |
| + | |
| + | |
| + | [[Image:Putty00.png]] |
| | | |
− | On Windows using PuTTY
| + | PuTTYgen can be used to generate the keys, which is described in detail in Chapter 8.2 |
− | PuTTYgen PuTTYgen can be used to generate the keys, which is described in detail in Chapter 8.2
| |
| | | |
| 1. Select SSH2 RSA. | | 1. Select SSH2 RSA. |
Line 40: |
Line 47: |
| Then paste the OpenSSH2 version to a file, eg putty.pub. | | Then paste the OpenSSH2 version to a file, eg putty.pub. |
| | | |
− | On SME Server | + | |
| + | === On SME Server === |
| + | |
| | | |
| It is possible to use the SME Server itself to generate the public-private key pairs. This is done by using ssh-keygen. | | It is possible to use the SME Server itself to generate the public-private key pairs. This is done by using ssh-keygen. |
Line 57: |
Line 66: |
| aa:bb:cc:dd:ee:ff:aa:bb:cc:dd:ee:ff:aa:bb:cc:dd dummy@gatekeeper | | aa:bb:cc:dd:ee:ff:aa:bb:cc:dd:ee:ff:aa:bb:cc:dd dummy@gatekeeper |
| | | |
− | On RedHat 8.0 | + | === On RedHat 8.0 === |
| | | |
| To generate the public-private key pair on a RedHat 8.0 box is identical to the SME Server, as both use OpenSSH. | | To generate the public-private key pair on a RedHat 8.0 box is identical to the SME Server, as both use OpenSSH. |
| In this example I have specified the comment field. | | In this example I have specified the comment field. |
| | | |
− | $ ssh-keygen -t rsa -C dummy@rh8 | + | $ ssh-keygen -t rsa -C dummy@rh8 |
| | | |
| Generating public/private rsa key pair. | | Generating public/private rsa key pair. |
Line 73: |
Line 82: |
| aa:bb:cc:dd:ee:ff:aa:bb:cc:dd:ee:ff:aa:bb:cc:dd dummy@rh8 | | aa:bb:cc:dd:ee:ff:aa:bb:cc:dd:ee:ff:aa:bb:cc:dd dummy@rh8 |
| | | |
− | Installing the Public Key onto the Server | + | == Installing the Public Key onto the Server == |
| | | |
| To make use of the Public-Private Key pair the Public keys must be put onto the server that will be accessed. The Public Key file and its contents do not need to be kept secret. | | To make use of the Public-Private Key pair the Public keys must be put onto the server that will be accessed. The Public Key file and its contents do not need to be kept secret. |
Line 79: |
Line 88: |
| The Public Key needs to be saved in the file $HOME/.ssh/authorized_keys . For the user dummy on an SME Server it would be: | | The Public Key needs to be saved in the file $HOME/.ssh/authorized_keys . For the user dummy on an SME Server it would be: |
| | | |
− | /home/e-smith/files/users/dummy/.ssh/authorized_keys | + | /home/e-smith/files/users/dummy/.ssh/authorized_keys |
| | | |
| The directory .ssh should have permissions 700 and the file authorized_keys should have permissions either 644 or 600. If the directory does not exist it can be created as follows, which presumes that you are logged in as yourself, not root. | | The directory .ssh should have permissions 700 and the file authorized_keys should have permissions either 644 or 600. If the directory does not exist it can be created as follows, which presumes that you are logged in as yourself, not root. |
| | | |
− | bash-2.05a$ cd
| + | cd |
− | bash-2.05a$ mkdir .ssh
| + | mkdir .ssh |
− | bash-2.05a$ chmod 700 .ssh
| + | chmod 700 .ssh |
− | bash-2.05a$ ls -al
| + | ls -al |
− | drwx------ 2 dummy dummy 4096 Feb 18 11:23 .ssh | + | drwx------ 2 dummy dummy 4096 Feb 18 11:23 .ssh |
| | | |
| The authorized_keys file can store multiple public keys, one on each line, so the following examples always append to the end of the file. | | The authorized_keys file can store multiple public keys, one on each line, so the following examples always append to the end of the file. |
Line 95: |
Line 104: |
| This example presumes that the key was generated on the server, or has been copied into the $HOME/.ssh directory. | | This example presumes that the key was generated on the server, or has been copied into the $HOME/.ssh directory. |
| | | |
− | bash-2.05a$ cat id_rsa.pub >> authorized_keys
| + | cat id_rsa.pub >> authorized_keys |
− | bash-2.05a$ ls -l
| + | ls -l |
− | -rw-r--r-- 1 dummy dummy 225 Feb 18 11:26 authorized_keys | + | -rw-r--r-- 1 dummy dummy 225 Feb 18 11:26 authorized_keys |
| | | |
− | Public key from PuTTYgen | + | === Public key from PuTTYgen === |
| | | |
| There are two main ways of doing this, they each require that the "Public key for pasting into authorized_keys file" is copied to the clipboard (see Step 7 on the figure above). For more details read the PuTTY manual. | | There are two main ways of doing this, they each require that the "Public key for pasting into authorized_keys file" is copied to the clipboard (see Step 7 on the figure above). For more details read the PuTTY manual. |
Line 106: |
Line 115: |
| Then copy this file into the $HOME/.ssh directory on the server. This file can then be appended to the authorized_keys file. | | Then copy this file into the $HOME/.ssh directory on the server. This file can then be appended to the authorized_keys file. |
| | | |
− | bash-2.05a$ cat putty.pub >> authorized_keys
| + | cat putty.pub >> authorized_keys |
| | | |
| The other method is simpler but more complicated to explain. | | The other method is simpler but more complicated to explain. |
| | | |
− | * Open a PuTTY terminal to the server
| + | *Open a PuTTY terminal to the server |
− | * Open the $HOME/.ssh/authorized_keys file with your favourite test editor (vi, pico etc)
| + | *Open the $HOME/.ssh/authorized_keys file with your favourite test editor (vi, pico etc) |
− | * Paste in the public key from the clipboard
| + | *Paste in the public key from the clipboard |
| | | |
− | Installing the Private Key onto the Clients | + | == Installing the Private Key onto the Clients == |
| | | |
| The Private Key needs to be accessible from the clients that you use. The Private Key file should be kept secure, and should be protected by a pass phrase. | | The Private Key needs to be accessible from the clients that you use. The Private Key file should be kept secure, and should be protected by a pass phrase. |