Changes

From Amahi Wiki
Jump to: navigation, search

Key-Based SSH Logins (view source)

Revision as of 02:41, 25 March 2016

3,732 bytes added ,  02:41, 25 March 2016
→‎Option 1 (Amahi 7/8 ONLY)
= This page shows the way how to create a key based SSH login to your server (using the ability for no password and safe connection) with Windows putty PuTTY client and , Mac OS X's Terminal.app =or Linux.
This will allow you to safely login using SSH onto your HDA without having to provide a password every time.
=Windows - PuTTY=
== Key-Based SSH Logins with OS X's Terminal.app == Coming Soon... == Key-Based SSH Logins with Windows putty application == * <strong>Install Putty and PuttyGen on your windows desptop</strong>==
Download the following files from the [http://www.chiark.greenend.org.uk/%7Esgtatham/putty/download.html PuTTY download] page and save them on your Windows system, e.g. on the desktop:
Both files are self contained executables. That is: they do not install anything but run from where they are saved.
 * <strong>==Create a profile for use with our your Amahi HDA</strong>==
In PuTTY, you can create profiles for connections to your various SSH servers, so you don't have to type in the settings again when you want to connect to a certain server again.
[[Image:Red-S01.png]]
Now select '''Connection >> Data'' in the Catagory Category box and in the Auto-login box enter the username you wish to login to your HDA with. In this example 'sue'.
[[Image:Red-S02.png]]
* <strong>==Connecting to your HDA using ssh</strong>SSH==
Now you are on your 'Sessions' screen lets open our session by pressing open. You should see:
* <strong>==Generating a public/private key pair</strong>==
Here we can use PuTTYgen to create a private/public key pair. Start it by double-clicking its executable file. Make sure you select SSH-2 RSA under Type of key to generate and specify 1024 as the Number of bits in a generated key. Then click on Generate:
* <strong>==Save the public key on our Amahi server</strong>==
Now we must transfer the public key to our Amahi HDA server. Copy the key from the PuttyGEN window:
Using ''putty'' logon to our Amahi HDA using the profile you created earlier.
=== Option 1 (Amahi 7 or greater '''ONLY''') ===
We can add the key file to the HDA using the HDA dashboard.
 
Navigate to the '''Users''' tab
[[File:User-SS0.png|700px]]
 
Select your user and you should see ''Authentication''.
[[File:User-SS1.png|700px]]
 
Click the key and paste your key information. Choose ''Update Key'' when finished.
[[File:User-SS2.png|700px]]
 
Proceed to [[Key-Based_SSH_Logins#Configure_PuTTY_to_use_the_private_key|Configure PuTTY to use the private key]]
 
=== Option 2 (All Amahi versions) ===
We must now create a directory and file in which to store our public key
<div style="border: 1px solid #A3B1BF; padding: .5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">chmod 600 ~/.ssh/authorized_keys2</div>
 * <strong>Configuring putty ==Configure PuTTY to use public/the private keys</strong>key==
Close down your shell to your HDA and restart ''putty'' and load your ''192.168.1.67'' profile
[[Image:Red-S01.png]]
Go to '''''SHH SSH >> Auth''''' and click on '''''Browse'''''
[[Image:Red-S10.png]]
Broswe Browse to the folder where you saved your keys and select the private key. The one with the '''''ppk''''' suffix.
[[Image:Red-S11.png]]
* <strong>==Our key-based logon</strong>==
Now on our puuty PuTTY sessions screen load your '''192.168.1.67''' profile and press ''Open''. You should get:
[[Image:Red-S12.png]]
Enter you your passphrase that you input created when generating your keys.
[[Image:Red-S12a.png]]
=Mac OS X - Terminal.app=
* ==Open Terminal.app==You can find Terminal.app in your Applications > Utilities folder. ==Generating a public/private key pair==To generate a new SSH key in a client computer used to login to Amahi, do this:<div style="border: 1px solid #A3B1BF; padding: .5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">ssh-keygen -t rsa -C "your-email@yourdomain.com"</div> It should say something like this (on Mac OS X). Press enter to choose the default:<div style="border: 1px solid #A3B1BF; padding: .5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">Generating public/private rsa key pair.Enter file in which to save the key (/Users/YOURUSERNAME/.ssh/id_rsa):</div> Enter a passphrase. It's not secure to leave it empty. To avoid having to enter the passphrase every time you can use the [https://en.wikipedia.org/wiki/Apple_Keychain Mac OS Keychain] in Mac OS or an ssh-agent on Linux:<div style="border: 1px solid #A3B1BF; padding: .5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">Enter passphrase (empty for no passphrase):<strong/div>Making  Then enter it again<div style="border: 1px solid #A3B1BF; padding: .5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">Enter same passphrase again:</div> This will give you something like this:<div style="border: 1px solid #A3B1BF; padding: .5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">Your identification has been saved in /Users/YOURUSERNAME/.ssh/id_rsa.Your public key has been saved in /Users/YOURUSERNAME/.ssh/id_rsa.pub.The key fingerprint is:f1:2b:ae:c0:64:0c:57:6a:46:da:6a:ec:db:8c:a2:06 your-email@yourdomain.com</div> and it may also show a randomart image (not used very often yet). ==Save the public key on our Amahi server== Now we must transfer the public key to our Amahi HDA server. Execute the following command, in Terminal.app: <div style="border: 1px solid #A3B1BF; padding: .5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">scp ~/.ssh/id_rsa.pub your_username@hda:.</div> Replace ''your_username'' with the username you created on Fedora.<br/>If your HDA is not yet setup, you might have to replace ''hda'' by your HDA' IP address too.<br/>When prompted, enter the associated password. Then, we must copy that tad more securepublic key into the ''authorized_keys'' file. <div style="border: 1px solid #A3B1BF; padding: .5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">ssh your_username@hda<br />mkdir ~/.ssh<br />chmod 700 ~/.ssh<br />mv id_rsa.pub .ssh/authorized_keys2</div> Now to make that file accessible by only the user <div style="border: 1px solid #A3B1BF; padding: .5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">chmod 600 ~/.ssh/authorized_keys2</strongdiv> =Linux= Follow the [[#Mac_OS_X_-_Terminal.app|Mac OS X instructions]], but use a standard terminal (Applications > System Tools >Terminal in Fedora). =Additional Security Settings=
Up to now, you can log in with your private/public key pair and still with username/password logins, so if someone doesn't attach a private key to his PuTTY session, he will be asked for a username and password. So to achieve a better security, we must disable the username/password logins (you should do this only when you know that your key-based logins are working, because if they aren't and you disable username/password logins, then you have a problem...).
<div style="border: 1px solid #A3B1BF; padding: .5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">su -<br />
vi /etc/sshdssh/sshd_config</div>
[[Image:Red-S13.png]]
<div style="border: 1px solid #A3B1BF; padding: .5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">
service sshd restart</div>
 
= Tips =
 
* Recommend you check out [[Secure_SSH_against_brute_force_attacks|secure SSH against brute force attacked]] guidance to protect your HDA.
 
* Monitor SSH access to your HDA by following the [[SSH_Email_Alerts|SSH email alerts]] tutorial.
 
* In Amahi 7, you can add the '''public''' (not the private key) in your Users area of the HDA dashboard.
 
[[File:SSH_keys.png]]
Bigfoot65
Trusted, Bureaucrats, Administrators
12,424

edits

Retrieved from "https://wiki.amahi.org/index.php/Special:MobileDiff/3109...103326"