Changes

From SME Server
Jump to navigationJump to search
Line 53: Line 53:  
If they don't match then the server simply drops the TCP session.  There is no opportunity for a cracker to try brute forcing your root password.
 
If they don't match then the server simply drops the TCP session.  There is no opportunity for a cracker to try brute forcing your root password.
   −
Below are instructions on how to create the Public / Private key pair using windows and putty.
+
Setup your keys with the information at [[:SSH_Public-Private_Keys]]
   −
* Create the Keys
+
When you have SSH Keys working, the server Admin can disable logging in using passwords.
Log onto the server, cd to ~/.ssh and enter the following command:
  −
cd ~/.ssh
  −
ssh-keygen -t dsa
  −
When asked if you want a passphrase, this is up to you. If you set one, then you will still be asked for a password after the key exchange.  This is an extra level of security, just incase your private key falls into unwelcome hands.  I Recommend that you set a strong password.
  −
Hit Enter when asked where to save the keys to.
  −
 
  −
You will now have two new files in the current Directory: id_dsa & id_dsa.pub
  −
 
  −
* Activate the Public Key
  −
Enter the following command to add the Public key to the list of allowed keys for root:
  −
cat id_dsa.pub >> authorized_keys
  −
 
  −
* Get the Private Key
  −
Now all we need to do is get the Private Key onto your client.
  −
If you are connected using ssh, then you can simply
  −
cat id_dsa
  −
then copy & paste the output into a notepad file. Failing that, you can use SCP to get the file off, or move the file into an iBay and copy it out using SMB.
  −
 
  −
* Convert the Private Key
  −
Once you have the file on your windows machine, you need to convert it from OpenSSH Format to PPK (Putty Private Key) format.
  −
To do this you need PuttyGen.  This is part of the Windows installation of Putty, but if you just downloaded the Putty.exe executable then you will need to visit http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html and download the PuttyGen executable.
  −
Run PuttyGen, select Conversions -> Import Key & open your OpenSSH PrivateKey.
  −
If you set a PassPhrase, you will be asked for it now.
  −
Once the Key is Imported, Click "Save Private Key" and save your new ppk file somewhere safe.
  −
 
  −
* Use the Key & Test
  −
Now when you use Putty, you just have to tell it to use the Private Key
  −
Put your Server IP address / FQDN in the main screen as normal, then go to //Connection -> SSH -> Auth// from the menu, and browse for the PPK file you created earlier.
  −
If you want, you can go back to Session, and save these settings.
  −
 
  −
Hit Login, and if your Keypair is working, you will see the following:
  −
Using username "root".
  −
Authenticating with public key "imported-openssh-key"
  −
Passphrase for key "imported-openssh-key":
  −
 
  −
 
  −
* As long as the above worked, the server Admin can now disable logging in using passwords.
  −
Go to the Server-manager, and switch Off 'Allow secure shell access using standard passwords'
  −
 
  −
Further information at http://wiki.contribs.org/SSH_Public-Private_Keys
 

Navigation menu