Set up SSH using certificate authentication

You want to connect from the internet to your computer. Internet is an insecure medium to use. There are a few options. You could use a VPN like OpenVPN, or you could use Secured Shell using OpenSSH.

Here is how you can connect to your computer using SSH.

Pre-requisites:

OpenSSH and putty installed on your Linux desktop (in my case, Fedora 14).
SSH service running on your computer.

1.	Check for pre-requisitesOpen up a terminal window on your Linux computer. See here for more detail. At the $ prompt, type following (commands to type in italics): $ rpm -qa \| grep “openssh” <enter> $ rpm -qa \| grep “putty” <enter> If both above commands find the respective packages, you will see them listed. If not, install the packages. You can install them from the System -> Administration -> Add/Remove Software.
2.	Create your SSH key pair for strong authentication. In a terminal window, enter the commands as shown below. $ ssh-keygen -t rsa <enter>Just accept the defaults, and enter a strong passphrase (password) for your key. This command generates a key pair in your home directory folder .ssh, for you to provide strong authentication when you connect over the internet into your computer.$ cd ~/.ssh <enter> $ ls <enter> You should see 2 files id_rsa and id_rsa.pub in the folder. Now set the public key as the authorized key in your .ssh folder. $ cat id_rsa.pub >> authorized_keys <enter> You are now done with set up your keys for SSH. If you need to set up the key on other computers, you can repeat the step as many times: add the id_rsa.pub key file content to the authorized_keys list as shown in the cat command above; and copy the id_rsa key private key file to the computer from where you want to login using SSH-2.
3	Set up your SSH server configuration file. Login as root at the terminal $ prompt $ su <enter>Enter your root password. # cd /etc/ssh <enter> # vi sshd_config <enter>Search for the following lines and change them as shown below: RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys :wq Restart SSH daemon / service to make the changes effective. # /sbin/service sshd restart Now you can test your SSH configuration.
4	Test your SSH connection From a terminal window, type: $ ssh localhost <enter> Accept the key fingerprint and enter your passphrase for the keys as you did in step 2 above. If all is well, you are connected.
5	Connect to your computer without certificatesIf you want to connect without certificates, you can connect using SSH with: $ ssh localhost / <IP address> where <IP address> = your computer’s IP address. If you use this method, from an untrusted medium such as the internet, you are exposed to a security vulnerability. Therefore, it is recommended to use certificate authentication when connecting to your computer, using SSH.

You can use putty to set up SSH-2 on a Windows computer.

Share this:

Like this:

Related

Published by Geetu R. Vaswani