Changes

Jump to navigation Jump to search
585 bytes added ,  20:47, 11 March 2009
no edit summary
[[Image:Application-pgp-keys.svg|right|128px|Security]]
 
 
There are a lot of things you can do with computers to create security, that's why '''Security is a process, not a product'''. One such thing is to use SSH Keys to authenticate with a remote host, rather than typing in your password all the time. Of course, using SSH Authentication keys is convenient as well.
== Secure Shell Key Authentication ==
Setting up SSH Key Authentication allows a user account to connect from one server to another without requiring a password login. This can be utilized for applications (e.g. Nagios monitoring other servers), as well as for publish scripts that move files around servers as well as individual users.
 
== Desktop Applications ==
Graphical desktop tools such as [http://projects.gnome.org/seahorse/ Seahorse] or [http://utils.kde.org/projects/kgpg/ KGpg] can make this simpler for users, but it's worth understanding the command-line instructions for greater utility. The added features of a desktop encryption tool is that they allow you to encrypt files in your file manager via a simple right-click menu.
 
Assuming you have generated a key, you can use Seahorse to "configure key for Secure Shell" with a simple right-click.
== Procedure ==
## <code>sudo su ''user''</code>
# Ensure the user has a <code>~/.ssh/</code> directory with appropriate permissions. It must allow the user access for RWX, and group and other permissions must not be writable. Typically, 755 is a good setup. If they don't have one, then <source lang="bash">mkdir ~/.ssh/ && chmod 755 ~/.ssh</source> Note that the actual identity files should NOT be readable by anyone but the user because <code>ssh-add</code> ignores identity files if they are accessible by others. That means files like id_rsa should be 600 and id_rsa.pub should be 644
# Create a new private/public key pairing for the user. Type: RSA, Bits: 1024, File:~/.svnssh/identity[.pub]
## <source lang="bash">ssh-keygen -t rsa -b 1024 -f ~/.ssh/identity</source>
# Copy the contents of ~/.ssh/identity.pub so you can paste it in a file on the remote server.
4,558

edits

Navigation menu