If anyone has played with ssh before, you should be quite familiar with login in with your password/passphrase to the ssh server. There is nothing wrong with this method of authentication at all as long as you have a complex password thats extremely hard to guess. However there is a more advanced method of authentication used by many professional organizations and businesses and the internet as well, known and Public key authentication. This system utilizes two keys, a public key known to everyone and is used for encryption and a private or secret key known only to the recipient of the message. In ssh, the use of the private keys are only for authentication purposes but then all of the communications are done using a negotiated symmetric key, which is a key common to both the sender and reciever of the message that is used to decrypt and encrypt the message.
SSh is commonly used for remote administering of machines, but is very common in the unix environment. As an administrator, we want to be able automate most of our tasks remotely over ssh, but the problem that arises is the password prompt screen. How can we automate a remote task if the machine we are login into is gonna ask for a password everytime we try to log on? The answer is to utilize the public and private key authentication method. You specify a private key to be used to authenticate on to the remote machine. The remote machine should have a matching public key under the logging in user account. Wants the pair of the public and private key is made, access is granted automatically withouth the use for a password/passphrase.
[tools]
sshd [linux]
Putty [windows]
Puttygen [windows]
Step 1. Using puttygen, generate a 1024 bit rsa keys and save the public and private key portion to a USB key (mykey.pub and mykey.ppk ).
Step 2. Copy the puiblic key (mykey.pub) to the unix machine into the "/root/.ssh/" folder
Step 3. Convert the puttygen public key to an openssh format.
# ssh-keygen -i -f /root/.ssh/mykey.pub > mykey2.pub
Step 4. Paste the contents of the public key into a file called authorized_keys or
authorized_keys2
# touch authorized_keys
# cat mykey2.pub >> authorized_keys
Step 5. Using putty, enter in root@10.0.0.1, assuming 10.0.0.1 is the remote hosts ip address.
Step 6. Under the 'Connections' section in putty, goto the 'SSH' sub section then 'Auth'. Browse
for your private key (mykey.ppk) then click on open
If all went well you should be granted access to the root account without having to enter a password. If you were using a linux client, this could have been automated using bash scripts and all that is required is for you to place your private key in your local home directory in the .ssh folder, i.e, /home/user1/.ssh/
Resources/Good reading:
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
http://hkn.eecs.berkeley.edu/~dhsu/ssh_public_key_howto.html
No comments:
Post a Comment