SSH

melvinong · 11-13-2007, 08:20 PM

in the putty, SSH-Auth Session , in the right hand side i have browse the private key file for authentication:
C:\Key\Putty certificate for inetsrvr\MailServer.ppk
and when i try to browse to E:\ftp2test.ppk.
when i close putty and open back , it came back
C:\Key\Putty certificate for inetsrvr\MailServer.ppk

Does anyone know how to remove the existing C:\Key\Putty certificate for inetsrvr\MailServer.ppk?
because i would like to change it to E:\ftp2test.ppk.

Wim Sturkenboom · 11-13-2007, 10:44 PM

Start putty, select your session from the saved sessions box (right hand side) and click load.
In the left hand pane, select SSH -> auth and select the file using the browse button in the authentication parameters box (right hand side)
In the left hand pane, select session and click the save button at the right hand side.

Not really a linux question

melvinong · 11-14-2007, 05:05 AM

Quote:

Originally Posted by Wim Sturkenboom

Start putty, select your session from the saved sessions box (right hand side) and click load.
In the left hand pane, select SSH -> auth and select the file using the browse button in the authentication parameters box (right hand side)
In the left hand pane, select session and click the save button at the right hand side.

Not really a linux question

thank for ur info. it work.
how about the key authentication?
because i don't even know how to generate the key.
is that from the server terminal or from puttygen?
how do i key in the root password in the server terminal or puttygen?
i knew the command ]ssh-keygen -t rsa, but i have no idea how to use it.
really appreciate if you can provide more details...step by step...

Wim Sturkenboom · 11-14-2007, 05:52 AM

ssh-keygen -t rsa generates a public and a private key; I did run it on the server. The pub;lic key needs to be added to the authorized_keys file and the private key can be carried around to other machines.

Code:

wim@webserver233:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/wim/.ssh/id_rsa):
Created directory '/home/wim/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/wim/.ssh/id_rsa.
Your public key has been saved in /home/wim/.ssh/id_rsa.pub.
The key fingerprint is:
9d:b7:00:ec:2d:be:70:ab:17:dd:86:8d:5f:32:64:95 wim@webserver233
wim@webserver233:~$ cd .ssh
wim@webserver233:~/.ssh$ cp id_rsa.pub authorized_keys
wim@webserver233:~$

Copy the id_rsa file (private key) to your windows machine and use puttygen to convert it.

You need to configure the sshd deamon to use key authetication

Code:

# To disable tunneled clear text passwords, change to no here!
# WimS
# enable passwordless login
PasswordAuthentication no
#PasswordAuthentication yes
#PermitEmptyPasswords no

Further you also don't want direct root access as that is what one will try to attack as it's the only know user and it's the user with all powers. root access can be achieved by login as a normal user and next use su - .

Code:

# WimS
# do not allow root login
PermitRootLogin no
#PermitRootLogin yes

You can further limit the users that can login remotely

Code:

# WimS
AllowUsers wim brian

Next restart the sshd daemon or stop/start it. There is a subtle difference: in the first case existing connections are not affected and in the second case any existing connections are killed.

melvinong · 11-15-2007, 01:37 AM

Quote:

Originally Posted by Wim Sturkenboom

ssh-keygen -t rsa generates a public and a private key; I did run it on the server. The pub;lic key needs to be added to the authorized_keys file and the private key can be carried around to other machines.

Code:

wim@webserver233:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/wim/.ssh/id_rsa):
Created directory '/home/wim/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/wim/.ssh/id_rsa.
Your public key has been saved in /home/wim/.ssh/id_rsa.pub.
The key fingerprint is:
9d:b7:00:ec:2d:be:70:ab:17:dd:86:8d:5f:32:64:95 wim@webserver233
wim@webserver233:~$ cd .ssh
wim@webserver233:~/.ssh$ cp id_rsa.pub authorized_keys
wim@webserver233:~$

Copy the id_rsa file (private key) to your windows machine and use puttygen to convert it.

You need to configure the sshd deamon to use key authetication

Code:

# To disable tunneled clear text passwords, change to no here!
# WimS
# enable passwordless login
PasswordAuthentication no
#PasswordAuthentication yes
#PermitEmptyPasswords no

Further you also don't want direct root access as that is what one will try to attack as it's the only know user and it's the user with all powers. root access can be achieved by login as a normal user and next use su - .

Code:

# WimS
# do not allow root login
PermitRootLogin no
#PermitRootLogin yes

You can further limit the users that can login remotely

Code:

# WimS
AllowUsers wim brian

Next restart the sshd daemon or stop/start it. There is a subtle difference: in the first case existing connections are not affected and in the second case any existing connections are killed.

elo!

#cp id_rsa.pub authorized_keys
actually what is the command for this use for?
why do we need authorized_keys since we only id_rsa will copy to windows machine only.

Wim Sturkenboom · 11-15-2007, 01:58 AM

I don't know as I'm not familiar with the internals of ssh. I only found out that it does not work if you don't add it to the authorized_keys.

I assume that one user can have multiple keypairs (for some reason) in which case they all can be in authorized_keys.

melvinong · 11-15-2007, 02:59 AM

Quote:

Originally Posted by Wim Sturkenboom

I don't know as I'm not familiar with the internals of ssh. I only found out that it does not work if you don't add it to the authorized_keys.

I assume that one user can have multiple keypairs (for some reason) in which case they all can be in authorized_keys.

ok..thanks for ur info & help anyway...