Changes

2,266 bytes added , 02:41, 25 March 2016

→‎Option 1 (Amahi 7/8 ONLY)

Using ''putty'' logon to our Amahi HDA using the profile you created earlier.

=== Option 1 (Amahi 7 or greater '''ONLY''') ===

We can add the key file to the HDA using the HDA dashboard.

Navigate to the '''Users''' tab

[[File:User-SS0.png|700px]]

Select your user and you should see ''Authentication''.

[[File:User-SS1.png|700px]]

Click the key and paste your key information. Choose ''Update Key'' when finished.

[[File:User-SS2.png|700px]]

Proceed to [[Key-Based_SSH_Logins#Configure_PuTTY_to_use_the_private_key|Configure PuTTY to use the private key]]

=== Option 2 (All Amahi versions) ===

We must now create a directory and file in which to store our public key

<div style="border: 1px solid #A3B1BF; padding: .5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">chmod 600 ~/.ssh/authorized_keys2</div>

==Configure PuTTY to use the private key==

==Generating a public/private key pair==

~~Execute~~ To generate a new SSH key in a client computer used to login to Amahi, do this:<div style="border: 1px solid #A3B1BF; padding: .5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">ssh-keygen -t rsa -C "your-email@yourdomain.com"</div> It should say something like this (on Mac OS X). Press enter to choose the default:<div style="border: 1px solid #A3B1BF; padding: .5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">Generating public/private rsa key pair.Enter file in which to save the key (/Users/YOURUSERNAME/.ssh/id_rsa):</div> Enter a passphrase. It's not secure to leave it empty. To avoid having to enter the ~~following command,~~ passphrase every time you can use the [https://en.wikipedia.org/wiki/Apple_Keychain Mac OS Keychain] in ~~Terminal~~Mac OS or an ssh-agent on Linux:<div style="border: 1px solid #A3B1BF; padding: .~~app~~5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">Enter passphrase (empty for no passphrase):</div> Then enter it again<div style="border: 1px solid #A3B1BF; padding: .5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">Enter same passphrase again:</div>

This will give you something like this:

Your identification has been saved in /Users/YOURUSERNAME/.ssh/id_rsa.Your public key has been saved in /Users/YOURUSERNAME/.ssh/id_rsa.pub.The key fingerprint is:f1:2b:ae:c0:64:0c:57:6a:46:da:6a:ec:db:8c:a2:06 your-~~keygen -t rsa~~email@yourdomain.com</div>

~~Accept all the defaults values~~ and it may also show a randomart image (~~by hitting ENTER~~not used very often yet) ~~to the questions you'll be asked~~.

==Save the public key on our Amahi server==

Follow the [[#Mac_OS_X_-_Terminal.app|Mac OS X instructions]], but use a standard terminal (Applications > System Tools > Terminal in Fedora).

=~~Making it that tad more secure~~Additional Security Settings=

Up to now, you can log in with your private/public key pair and still with username/password logins, so if someone doesn't attach a private key to his PuTTY session, he will be asked for a username and password. So to achieve a better security, we must disable the username/password logins (you should do this only when you know that your key-based logins are working, because if they aren't and you disable username/password logins, then you have a problem...).

service sshd restart</div>

= Tips =

* Recommend you check out [[Secure_SSH_against_brute_force_attacks|secure SSH against brute force attacked]] guidance to protect your HDA.

* Monitor SSH access to your HDA by following the [[SSH_Email_Alerts|SSH email alerts]] tutorial.

* In Amahi 7, you can add the '''public''' (not the private key) in your Users area of the HDA dashboard.

[[File:SSH_keys.png]]

Bigfoot65

Trusted, Bureaucrats, Administrators

12,424

edits

Amahi Wiki

Links

Personal tools

Navigation

Tools

Changes

Key-Based SSH Logins (view source)

Revision as of 02:41, 25 March 2016