Public-key authentication is based on the use of digital signatures. Each user creates a pair of 'key' files. One of these key files is the user's public key, and the other is the user's private key. The server knows the user's public key, and only the user has the private key.
When the user tries to authenticate herself, the server checks for matching public keys and sends a challenge to the user end. The user is authenticated by signing the challenge using her private key.
Remember that your private key file is used to authenticate you. Never expose your private keys. If anyone else can access your private key file, they can attempt to login to the remote host computer as you, and claim to be you. Therefore it is extremely important that you keep your private key file in a secure place and make sure that no one else has access to it.
Public-key authentication is is based on the use of digital signatures. Each users have to create a pair of keys. ie public key and private key. Private key is owned by user and the public key is given to the server. When the user tries to authenticate, server check for the matching public key and sends a challenge to the user. Private key is used to authenticate the user, so never provide your private keys to others. If anyone got your private key, they can login to the server as you. So keep your private key file in a secure place and make sure that no one else has access to it.
Secure Shell (SSH) public key authentication is used for clients to acess servers without using passwords.
Steps to configure public key.
OpenSSH is the SSH software installed on the client system. The ssh -V will show the openssh details in the server.
$ ssh -V
OpenSSH_3.6.1p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL 0x0090702f
If ssh is running on a non standard port, you need to put the custom port. You can provide the custom port as follows.
$ ssh -p 1111 server.test.com
or
$ ssh -oPort=1111 server.test.com
RSA key pair will be generated in the client system.Public key will be provided to the server that is to be connnected, while the private key should remain in the secured area in the client system.By default it will be in ~/.ssh/id_rsa
New keys can be generated using the command ssh-keygen
client$ mkdir ~/.ssh
client$ chmod 700 ~/.ssh
client$ ssh-keygen -t rsa
Enter passphrase
Enter same passphrase again:
File permissions should be protected to prevent other users from being able to read the key pairs.OpenSSH may refuse to support public key authentication if the file permissions are too open.
$ chmod -R 700 ~/.ssh
Public key must be copied to any servers that will be accesses by the client.Public key information to be copied should be located in the ~/.ssh/id_rsa.pub file on the client. Public key data must be appended into ~/.ssh/authorized_keys file on the servers.
First upload public key from client to server
Client$ scp ~/.ssh/id_rsa.pub root@server.test.com
Setup the public key in the server
server$ mkdir ~/.ssh
erver$ chmod 700 ~/.ssh
server$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
server$ chmod 600 ~/.ssh/authorized_keys
We should always append new public key data to the authorized_keys file, as multiple public keys may be in use. Each public key entry must be on a different line
"from" statement can be used before public key entries in the ~/.ssh/authorized_keys file on the servers to limit where the client system is permitted to access the server from. Without a from limit, any client will the appropriate private key data will be able to connect to the server from anywhere. Key pair should only work, if the client connecting to the server is from a host under test.com, set from="*.test.com" before the public key data.
server$ cat ~/.ssh/authorized_keys
from="*.test.com" ssh-rsa AAAAB3NzaC1
Multiple hosts or addresses can be specified as comma separated values.
from="*.test.com,,external.example.com"
ABHIONLINUX
Site useful for linux administration and web hosting
2010/06/05
2010/05/29
Video uploading throws error -- Failed to find flength file.
This is a well known error with the uploader component (which is commonly used by many scripts like clipshare, phpmotion etc). This is just a cosmetic error and nothing to do with the real uploading process. The best "workaround" for this issue is to disable the error message. To do so, locate the file cgi-bin/uu_ini_status.pl inside your script folder and change the value of my $flength_file_exists from 0 to 1.
The bad news is, you won't see the upload status counter. The good news is, your upload process will work just fine!
The bad news is, you won't see the upload status counter. The good news is, your upload process will work just fine!
Subscribe to:
Posts (Atom)