[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Dfey-nw-discuss] Dogfish
From: |
Tim Dobson |
Subject: |
Re: [Dfey-nw-discuss] Dogfish |
Date: |
Sat, 18 Jul 2009 14:46:25 +0100 |
User-agent: |
Thunderbird 2.0.0.22 (X11/20090608) |
Isabell Long wrote:
On 18/07/2009, Tim Dobson <address@hidden> wrote:
I suggest that we strongly encourage use of ssh public key
authentication to log into the machine due to the number of compromises
that occur due to weak passwords.
SSH public key authentication? What is that?
Sorry to get really verbose;
I've just copied and pasted and modified a little, a howto I use at work,
Cheers
Tim
If you are unfamiliar with SSH public key authentication, I’m happy to
support you learning it – its easier and more secure than passwords! :-)
You need to generate a SSH key for yourself. Using OpenSSH on GNU/Linux
or Mac OS X:
0. In the unlikely event you don’t have OpenSSH installed, install it
1. Run “ssh-keygen -t dsa”
2. Accept the default file and enter a passphrase
3. Print the public key data and copy and paste it into your reply to
this email
For example:
$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_dsa):
Created directory ’/home/username/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_dsa.
Your public key has been saved in /home/username/.ssh/id_dsa.pub.
The key fingerprint is:
f3:31:a8:c6:82:18:c8:0f:dd:6b:fb:27:98:83:3d:3b address@hidden
$ cat .ssh/id_dsa.pub
ssh-dss
AAAAB3NzaC1kc3MAAACBANDe4j3VF6p3T1O25wjphQhkJposn65npbTkmR4I3PJBjq9ybNpFyPUTT+LOkCLV02QqKceAVZiwo14WCCdFv1Wm+PMo6RW0uJa+pXA69gdS7ck6lJRLnfoHH2L49WTdynhmrMzQq2i2aqiNyvnRDWsTtvcyD+PV1rEhi7K5T2iZAAAAFQCJSZ++/fxxiheBBDvGVSifoJvsHwAAAIEApAkKYLZkiXrWr3qeWU3j8d8XvzJf/NP4nyqahc63S6EAfc90T6n4casdha78hsd9a7hsd7ahsdpJwltK2agrMAe5gQ4kAVR1UN7qynDj+iUAzUZsTFYZlyGLsTTrZ6pFuLRAj/c8/dwXUSaIGEhsXFelb/SjAPtDQyR6V80AAACARfLnjV8YgTzMXtBSeslc6LAzx2ZRwZXW91S/ohhi7+xkXg/Y/u+7NDBuHVo8E9b4rn2QnqfCacG8KpZ6sJgUgZZYzpgE+tW6ddtVo7MG35E1Y4P/AhJDBhltnkAE9xaEI3mQsKvxVE2ZqHlVapTT/ESAbhJFDWfMC4DJ6zlRHdA=
address@hidden
$
To generate a SSH key using PuTTY on Windows:
0. Download and install the PuTTY suite of OpenSSH tools from
http://www.chiark.greenend.org.uk/sgtatham/putty/download.html
1. Run “PUTTYGEN.EXE”
2. Select “SSH2 DSA” in the “Parameters” section
3. Click “Generate”
4. Move the mouse over the blank area of the program until puttygen has
enough entropy
5. Click “Save private key” button and save the private key as
“DfeyDogfish.ppk”
6. Copy the “Public key for pasting into OpenSSH authorized_keys2 file”
data email it to address@hidden
When I have your public key, I’ll copy it to the your user’s
/.ssh/authorized_keys on your machine, and you’ll then be able to log in
over ssh as root from any Unix machine with your private key in
/.ssh/id_dsa or on a Windows machine with a PuTTY ‘saved session’
configured to use the Private Key that you saved.
If you’re curious about all this, the PuTTY documentation at
http://the.earth.li/~sgtatham/putty/0.55/htmldoc/Chapter8.html is
excellent, as is the http://www.openssh.org/ site.
Also I recommend using OpenSSH for file transfer as well as remote
login, instead of insecure legacy protocols like FTP.
[Dfey-nw-discuss] Re: Dogfish, Tim Dobson, 2009/07/18