Comments on: Public Key Authentication for SSH Made Easy

By: Google Authenticator PAM ??? ??????? 11.10 - MR WOW

Google Authenticator PAM ??? ??????? 11.10 - MR WOW — Tue, 18 Oct 2011 05:45:29 +0000

[...] ?? ?? ????? ??? ???? ?????? ???? ssh ?? public key authentication ??????? ????? ??? ???????? ?? Google Authenticor ?oogle Authenticor [...]

By: SSH connectivity - Page 3

SSH connectivity - Page 3 — Wed, 17 Aug 2011 19:10:07 +0000

[...] netseer_tag_id = "1735"; netseer_ad_width = "300"; netseer_ad_height = "250"; netseer_task = "ad"; document.write('[Log in to get rid of this advertisement]'); So in a nutshell: 1 – ssh-keygen -t rsa –> on the ssh server itself or your client machine This will create your id_rsa (private key) and id_rsa.pub (public key) 2 – Tell the server what your public key is: I created this stuff on my workstation not the server hosting ssh-server: user@client>cat .ssh/id_rsa.pub | ssh user@ssh-server "cat >> .ssh/authorized_keys" 3 – Make sure that you have stuff setup correctly in your /etc/ssh/sshd_config RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys 4 You should be golden from this point on. Now it all about who has your private key to be able to authenticate the "ssh" server. Simply give the machines that you want to give access to, the private key and they should be able to login into the server. Here are the urls that I used: https://help.ubuntu.com/community/SSH/OpenSSH/Keys http://tombuntu.com/index.php/2008/0…ssh-made-easy/ [...]

By: matt illingworth

matt illingworth — Thu, 14 May 2009 18:16:59 +0000

If it is still asking for a password it might be to do with your home directory permissions. In /var/log/auth.log on server it will say something about the permissions being wrong on the home folder.
To reset your home folder back to default permissions run:

chmod -R 755 /home/matt
chmod 644 /home/matt/.dmrc

The .dmrc file has to be set to 644 or when you log in you get an error.

By: Daniel Davies :: Blog :: Setting up a Django Web Server (Part 1)

Daniel Davies :: Blog :: Setting up a Django Web Server (Part 1) — Wed, 11 Mar 2009 05:24:07 +0000

[...] should strongly consider this now. I assume here you already have a key to use, if you don’t then read this article which describes how to generate your key and use it on [...]

By: The understated usefulness of SSH, part 1. « Omegamormegil’s Weblog

The understated usefulness of SSH, part 1. « Omegamormegil’s Weblog — Thu, 04 Dec 2008 00:15:28 +0000

[...] off password authentication, keeping unwanted guests out of your server. I’ve used this excellent post from Tombuntu.com as a quick reference for a while now, and I’m going to recommend you click the link for the [...]

By: bobm

bobm — Fri, 29 Feb 2008 05:58:11 +0000

If you still get a password request make sure that the ‘authorized_keys2′ is chmod’d to 600.

that fixed it for me.

By: Installing and Using a SSH Server | Tombuntu

Installing and Using a SSH Server | Tombuntu — Mon, 25 Feb 2008 00:16:48 +0000

[...] Public Key Authentication for SSH Made Easy [...]

By: Brian Pence

Brian Pence — Thu, 21 Feb 2008 19:43:51 +0000

Remember, though, that the security of publickey authentication is entirely dependent on your ability to keep the private key private. If you must use public key authentication, you should NEVER generate one without a password! Why would you sacrifice security for convenience?? Consider this… if you have an unencrypted private key (no password) stored on your PC or Linux workstation and your workstation is compromised, your servers should be considered compromised as well. If a hacker can obtain the key, it will give him access to your server.

Having a password on the key helps, but if your system is compromised, you should consider the possibility that your keystrokes are being logged and your password stolen.

Possibly having the key file stored on a floppy, USB key, or other removable device that is only inserted at login time might help, but again, if your system is compromised, the key file could be swiped off of the removable device when inserted.

The most secure way I’ve found to authenticate is by using a smartcard or USB encryption token. The concept is the same as the typical publickey authentication except that the private key is guaranteed to remain private.

The smartcard or USB token has a CPU inside that handles the mechanics of the key authentication. The key pair is generated inside the token and only the public key comes out (which you place on the server). The private key cannot be accessed.

The authentication bits that happen at login time occur inside the token by its own CPU, so the private key is not exposed.

The difference between smartcard and publickey may seem unimportant at first, but can be summed up this way….

file-based publickey authentication can only assure you that the user logging in has a *copy* of the key (there may be others).

smartcard-based publickey authentication assures you that the user is in posession of the hardware key (of which there is only one)

Of course, the amount of time/energy/money you spend securing your system should be somewhat proportional to what you are securing. If it’s your home linux box, plain passwords or publickey are probably enough. If it’s a business or government server, you’ll probably want to go with something stronger like smartcard.

If you’re interested in talking about this more, contact me at bpence@celestialsoftware.net

Brian Pence
Celestial Software
http://www.celestialsoftware.net
AbsoluteTelnet (for telnet and ssh)

By: Dominik

Dominik — Thu, 21 Feb 2008 08:52:37 +0000

w00t! Really incredible article! Thanks a LOT!

By: Andrei

Andrei — Wed, 20 Feb 2008 22:30:58 +0000

Perfect article.

Thank you!