«

»

Nov 09

Secure Remote login through ssh

OpenSSH

OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.

Here is a brief tutorial for easy setup.
Install SSH

apt-get install ssh

Study following tutorial thoroughly and setup your unix/linux machine secure.

Step1:

Create Public and private keys from openssh and save it to your local computer by following command in your unix machine.

 

$ssh-keygen –t rsa

2 keys are

  • id_rsa.pub (Public Key)
  • id_rsa (Private Key)

Step 2:
Change the mode of public key

$chmod 600 id_rsa.pub

Step 3:
Transport the key to the server

$scp id_rsa.pub user@host:~/directory path



Step 4:

Make a .ssh directory in the home of the user

$mkdir .ssh

Step 5:
Change the key to authorized key in .ssh folder.

$cat id_rsa.pub >>authorized_keys

(Multiple Public can pe kept in server with same name either dsa key or rsa key from putty or linux)

Client Setting
Make directory .ssh in home of the user at local.

$mkdir .ssh

$cp id_rsa.ssh/

Now Connect your server with the key you generated by following command.

$ssh user@host

Connecting Server with PuTTY Key

Download PuTTY Installer from the following link
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Step 1.

Install the Putty in your local windows machine.

Step 2.

Generating Key pairs from PuTTYgen. Move your mouse during key generation.

Save your public key and private key in your folder.

Step 3.

Transport the key to the server

$scp id_rsa user@host:~/directory path

Step 4 .

Make a .ssh directory in the home of the user

$mkdir .ssh

Step 5 .

Transforming putty key into open-ssh key

In order to translate putty key into open-ssh key, you need to have ssh-keygen tool in your computer

$ssh-keygen –i –f putty_pu_key>> authorized_keys

 

Putty Setting

  1. Start putty
  2. Make a new session
  3. Set server ip in the Host/IP address form as shown in figure below
  4. Save the session as per the name of your server as shown in figure(pc1f044@feeBSD)
  5. Set the private key in the putty as shown in figure.
  6. -go to ssh

    -click auth

  7. give path of your private key.
  8. Save your session
  9. Connect to the server.
  10. Congratulation

Disable Password Authentication

Use your favourite text editor Vim to edit /etc/ssh/sshd_config on the machine you wish to ssh to, and set these options.

ChallengeResponseAuthentication no

PasswordAuthentication no

UsePAM no

Restart ssh server

$sudo /etc/init.d/sshd restart (Linux)
 

$/etc/rc.d/sshd restart (FreeBSD)

Cheers !!

1 comment

  1. admin

    Cygwin: Permissions 0660 for ‘~/.ssh/id_rsa’ are too open.
    Environment:
    MS Windows 8.1
    Cygwin 64bit
    ssh keys copied from somewhere and placed to ~/.ssh/
    Problem:
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    Permissions 0660 for ‘~/.ssh/id_rsa’ are too open.
    It is required that your private key files are NOT accessible by others.
    This private key will be ignored.
    bad permissions: ignore key: ~/.ssh/id_rsa
    Did not work:
    chmod 600 id_rsa
    chmod 700 .ssh
    Playing with Windows security panels
    Setting group to SYSTEM
    Everything else
    Solution:
    Found on Vineet Gupta’s blog http://vineetgupta.com/blog/cygwin-permissions-bug-on-windows-8

    chgrp Users id_rsa
    chmod 600 id_rsa

    Now, all works. Thank you, Vineet!

Leave a Reply