Rsa-key

From MineOS Wiki
Jump to navigation Jump to search

The standard inclusion of OpenSSH in Linux allows MineOS admins to employ RSA-Private/Public key pairs.

RSA-keys can be used for numerous applications:

  1. Permit secure password-less logins into SSH/SFTP
    1. Saves time and reduces error in logins
    2. Allows automated execution of scripts by an authorized user (no keyboard-interaction required)
    3. Physical control of the private key file is required for all logins of a user
  2. Add an additional layer of security to passwords
    1. Physical control of the private key file is required for all logins of a user
    2. An additional passphrase can be attached to the RSA key to regulate the USE of anybody wishing to use the RSA key file (think of it like a finger-print checking door key)

In short, a regular cleartext password can be replaced or supplemented with a SSH-2 RSA key which cannot be faked.

Youtube walk-through

For a Youtube walk-through, you can visit RSA-key (password-free) SSH Login

Step-by-step

To login password-free, simply leave the passphrase inputboxes empty in puTTygen.

  • To start, download puTTygen
  • Generate your RSA-key using puTTYgen
    Generate your RSA-key
  • Using a passphrase or not, save your private key to a safe place.
    Save your private-key to your computer
  • Save the public key to the respective user's home directory (mc)
Save your public key on the remote server
  • Include your private-key file in your putty connection details under Connection/SSH/Auth
Tell putty to send your private key on connect
  • If you set a passphrase, enter it upon entering your username 'mc', or if no passphrase, you're immediately logged in!
    Enter in your passphrase and you're logged in

Disabling plain-text passwords

Finally, if you wish to disable plain-text passwords altogether, edit /etc/ssh/sshd_config as root:

<syntaxhighlight>

  1. To disable tunneled clear text passwords, change to no here!
  2. PasswordAuthentication yes

</syntaxhighlight>

to

<syntaxhighlight>

  1. To disable tunneled clear text passwords, change to no here!

PasswordAuthentication no </syntaxhighlight>

Restarting the SSHD Service

Any changes to /etc/ssh/sshd_config will only take effect after the service is restarted (which also happens on reboot). After saving your changes, execute the following command:

Note! If you are currently connected to your server via PuTTY, you will be disconnected! This is normal behavior and you simply have to reconnect with a new session. This makes it very important to double-check your changes for errors, or else you will need to log in at the main console to revert them.