www.bonsaiframework.com
Page tree

Versions Compared

Old Version 73

changes.mady.by.user Tin Pham

Saved on

compared with

New Version 74

changes.mady.by.user Tin Pham

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

With a Unix based system, this can be accomplished with the command line (below). Windows does not have a native way of doing this, but most Windows ssh client programs will provide a means of key generation.

Windows Client

If you are on a Windows machine, make sure to store your private key on a protected location. Usually this would be your Windows desktop or home directory.

...

For console work, I still use Putty (actually Kitty) for normal console work, but still keep BitVise for its superior interface for file uploads and port tunnelling.

Unix Client

On Ubuntu it's super easy and your generated private key also work with Windows SSH clients.

...

On a Unix system file permissions should automatically be set to protect your key files from other accounts.

Storing Your Private Key

You private key is to never be shared. It's the equivalent of giving away your password.

Windows Client

If you are on a Windows machine, make sure to store your private key on a protected location. Usually this would be Be default, usually the safest place is your Windows desktop or home directory.

Unix Client

If you used the commands provides, your keys will be generated in your protected home folder with further restrictions placed on your directory and files.

Place Public Key on Server

Ubuntu Shortcut

If you happen to using a Linux client and your Linux server still allows username password authentication, there is a shortcut to getting everything up and running on the server,

...

(Roderick you should fill this in)

Manually Copy Over Public Key to the Target Server

Transfer Over Public Key

Since I happen to be using Mac OS X I do this manually,

...

First check in your home folder that you have a .ssh directory and an authorized_keys . If you had used your account to access another server through ssh the directory will have been created automaticallyfile. The folder and file are generated if you had ever run the ssh client command,

Code Block
languagebash
ls -al # which will show hidden directories
ls -al .ssh # given the .ssh directory exists

Otherwise, perform the following steps,If the directory did not exist, no problem, we can create ourselves,

Code Block
languagebash
mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

...

If you have been using SSH before, you might also see a file called known_hosts (will link and explain to this later).

Test Key Based Authentication

...

Warning

Someone can put the instructions here.

Disable Password Authentication

Modify the sshd_config file to disable password authentication,

...

The Permission denied indicates that password authentication is now disabled.

Key Compromise

...

Strategies

Reusing Public Keys Across Machines

You can actually reuse public keys across machines. With this approach, you only need to keep track of one private key per user.

Resources

http://www.ibm.com/developerworks/library/l-keyc.html - pretty good article, I think I can improve it, shorter, clearly show when running on client or server.

...

http://www.freetutorialssubmit.com/convert-ssh-private-key-with-putty-keygen/1400 - sometimes you need to use different formats of keys.

Warning

Instructions for Windows to be put here.