2,569
edits
Changes
Jump to navigation
Jump to search
Line 53:
Line 53: − Below are instructions on how to create the Public / Private key pair using windows and putty.+ − * Create the Keys+ − Log onto the server, cd to ~/.ssh and enter the following command: − cd ~/.ssh − ssh-keygen -t dsa − − Hit Enter when asked where to save the keys to. − − You will now have two new files in the current Directory: id_dsa & id_dsa.pub − − * Activate the Public Key − Enter the following command to add the Public key to the list of allowed keys for root: − cat id_dsa.pub >> authorized_keys − − * Get the Private Key − Now all we need to do is get the Private Key onto your client. − If you are connected using ssh, then you can simply − cat id_dsa − then copy & paste the output into a notepad file. Failing that, you can use SCP to get the file off, or move the file into an iBay and copy it out using SMB. − − * Convert the Private Key − Once you have the file on your windows machine, you need to convert it from OpenSSH Format to PPK (Putty Private Key) format. − To do this you need PuttyGen. This is part of the Windows installation of Putty, but if you just downloaded the Putty.exe executable then you will need to visit http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html and download the PuttyGen executable. − Run PuttyGen, select Conversions -> Import Key & open your OpenSSH PrivateKey. − If you set a PassPhrase, you will be asked for it now. − Once the Key is Imported, Click "Save Private Key" and save your new ppk file somewhere safe. − − * Use the Key & Test − Now when you use Putty, you just have to tell it to use the Private Key − Put your Server IP address / FQDN in the main screen as normal, then go to //Connection -> SSH -> Auth// from the menu, and browse for the PPK file you created earlier. − If you want, you can go back to Session, and save these settings. − − Hit Login, and if your Keypair is working, you will see the following: − Using username "root". − Authenticating with public key "imported-openssh-key" − Passphrase for key "imported-openssh-key": − − − * As long as the above worked, the server Admin can now disable logging in using passwords. − Go to the Server-manager, and switch Off 'Allow secure shell access using standard passwords' − − Further information at http://wiki.contribs.org/SSH_Public-Private_Keys
SME Server:Documentation:User Manual:Chapter1 (view source)
Revision as of 04:48, 28 September 2007
, 04:48, 28 September 2007→Securing SSH With Public / Private Keys
If they don't match then the server simply drops the TCP session. There is no opportunity for a cracker to try brute forcing your root password.
If they don't match then the server simply drops the TCP session. There is no opportunity for a cracker to try brute forcing your root password.
Setup your keys with the information at [[:SSH_Public-Private_Keys]]
When you have SSH Keys working, the server Admin can disable logging in using passwords.
When asked if you want a passphrase, this is up to you. If you set one, then you will still be asked for a password after the key exchange. This is an extra level of security, just incase your private key falls into unwelcome hands. I Recommend that you set a strong password.