Using keys: Difference between revisions
fixes incorrect link |
No edit summary |
||
| Line 1: | Line 1: | ||
[[Image:Application-pgp-keys.svg|right|128px|Security]] | |||
There are a lot of things you can do with computers to create security, that's why '''Security is a process, not a product'''. One such thing is to use SSH Keys to authenticate with a remote host, rather than typing in your password all the time. Of course, using SSH Authentication keys is convenient as well. | There are a lot of things you can do with computers to create security, that's why '''Security is a process, not a product'''. One such thing is to use SSH Keys to authenticate with a remote host, rather than typing in your password all the time. Of course, using SSH Authentication keys is convenient as well. | ||
| Line 7: | Line 10: | ||
== Secure Shell Key Authentication == | == Secure Shell Key Authentication == | ||
Setting up SSH Key Authentication allows a user account to connect from one server to another without requiring a password login. This can be utilized for applications (e.g. Nagios monitoring other servers), as well as for publish scripts that move files around servers as well as individual users. | Setting up SSH Key Authentication allows a user account to connect from one server to another without requiring a password login. This can be utilized for applications (e.g. Nagios monitoring other servers), as well as for publish scripts that move files around servers as well as individual users. | ||
== Desktop Applications == | |||
Graphical desktop tools such as [http://projects.gnome.org/seahorse/ Seahorse] or [http://utils.kde.org/projects/kgpg/ KGpg] can make this simpler for users, but it's worth understanding the command-line instructions for greater utility. The added features of a desktop encryption tool is that they allow you to encrypt files in your file manager via a simple right-click menu. | |||
Assuming you have generated a key, you can use Seahorse to "configure key for Secure Shell" with a simple right-click. | |||
== Procedure == | == Procedure == | ||
| Line 12: | Line 20: | ||
## <code>sudo su ''user''</code> | ## <code>sudo su ''user''</code> | ||
# Ensure the user has a <code>~/.ssh/</code> directory with appropriate permissions. It must allow the user access for RWX, and group and other permissions must not be writable. Typically, 755 is a good setup. If they don't have one, then <source lang="bash">mkdir ~/.ssh/ && chmod 755 ~/.ssh</source> Note that the actual identity files should NOT be readable by anyone but the user because <code>ssh-add</code> ignores identity files if they are accessible by others. That means files like id_rsa should be 600 and id_rsa.pub should be 644 | # Ensure the user has a <code>~/.ssh/</code> directory with appropriate permissions. It must allow the user access for RWX, and group and other permissions must not be writable. Typically, 755 is a good setup. If they don't have one, then <source lang="bash">mkdir ~/.ssh/ && chmod 755 ~/.ssh</source> Note that the actual identity files should NOT be readable by anyone but the user because <code>ssh-add</code> ignores identity files if they are accessible by others. That means files like id_rsa should be 600 and id_rsa.pub should be 644 | ||
# Create a new private/public key pairing for the user. Type: RSA, Bits: 1024, File:~/. | # Create a new private/public key pairing for the user. Type: RSA, Bits: 1024, File:~/.ssh/identity[.pub] | ||
## <source lang="bash">ssh-keygen -t rsa -b 1024 -f ~/.ssh/identity</source> | ## <source lang="bash">ssh-keygen -t rsa -b 1024 -f ~/.ssh/identity</source> | ||
# Copy the contents of ~/.ssh/identity.pub so you can paste it in a file on the remote server. | # Copy the contents of ~/.ssh/identity.pub so you can paste it in a file on the remote server. | ||