Friday, April 25, 2014

Authentication in SSH/SFTP via private/public keys

SSH/SFTP  login with public/private keys between a linux machine (server) and a windows (client)

This is a small guide, for mostly personal use, that's why it is not very detailed.
Anyway, the content is derived from the two references below:


(1) http://www.howtoforge.com/ssh_key_based_logins_putty
(2) http://sshkeychain.sourceforge.net/

- Generate keys with PuttyGen
     2048 bit, SSH-2 RSA
    add a key comment like name@machine
    add a passphrase (this is optional and I haven't done it)
- Save  the keys in a safe place
    NOTE: You can also export the private key in other format (SSH, openSSH)
- Copy the public key on the server you want to login into
    in the file  ~/.ssh/authorized_key2
- MODIFY the access of ~/.ssh to be readable/writeable/executable ONLY by that user:
        "chmod 0700 ~/.ssh"
- MODIFY the access of ~/.ssh/autorized_key2 to be readable/writeable ONLY by that user:
        "chmod 0600 ~/.ssh/authorized_keys2"   
- Disable the login with password by modifying (e.g. with vi) the file  "/etc/ssh/sshd_config" as it follows:
   
    Protocol 2
    PasswordAuthentication no
    UsePAM no

   
NOTE: in /etc/ssh there is ssh_config and sshd_config choose the right one!

- Restart the SSH server
    /etc/init.d/sshd restart

That's it.

No comments:

Post a Comment

Your comment will be visible after approval.