SlideShare une entreprise Scribd logo

SSH how to 2011

Chris Hales
Chris Hales

Internal knowledge share on SSH setup and usage. Includes some helpful config file options to save time and how to create and use SSH keys for better security and productivity.

Technologie
1  sur  22
Télécharger pour lire hors ligne
SSH Keys and Configurations Chris Hales
What is SSH? Secure Shell aka SSH is a secure encrypted communication protocol designed to replace older insecure protocols like telnet, rsh, and ftp.
What is SSH? Secure Shell aka SSH is a secure encrypted communication protocol designed to replace older insecure protocols like telnet, rsh, and ftp. SSH authentication can be done with a username and password combination which is the default. Here's the most simplistic usage we might encounter. $ ssh user@secureserver After you connect to secureserver you are normally asked for your password to complete the login.
What is SSH? Secure Shell aka SSH is a secure encrypted communication protocol designed to replace older insecure protocols like telnet, rsh, and ftp. SSH authentication can be done with a username and password combination which is the default. Here's the most simplistic usage we might encounter. $ ssh user@secureserver After you connect to secureserver you are normally asked for your password to complete the login. When you start doing this over and over again for many systems with various paswords it can become pretty tedious. What if there was a way to simplify the process? Time for SSH Keys to save the day!
Enter SSH Keys! SSH can be configured to use key pairs so that you don't have to type your password in every time you need to log into a commonly accessed system. Your public key is placed on all systems you wish to access using your private key.
Enter SSH Keys! SSH can be configured to use key pairs so that you don't have to type your password in every time you need to log into a commonly accessed system. Your public key is placed on all systems you wish to access using your private key. There's a lot of technical details surrounding public-key cryptography but for our purposes all you really need to know is that it's a really secure way of proving who you are to a third party system. Let's begin with creating your key pair if you don't already have one. Mac and Linux setup is basically identical. For Windows you will need Putty and PuTTYgen installed.
Key Creation for Windows For Windows users I'm cheating and sending you to an excellent PuTTYgen how-to which includes key pair creation. http://theillustratednetwork.mvps.org/Ssh/Private-publicKey.html
Key Creation for Mac/Linux On unix like systems (Ubuntu, OSX, etc.) we'll need to go through a few steps. Fortunately it's likely you already have an SSH directory because if you have ever used SSH one was created for you. Open up a terminal window and check your home directory for a hidden . ssh directory. $ cd ~/.ssh
Key Creation for Mac/Linux On unix like systems (Ubuntu, OSX, etc.) we'll need to go through a few steps. Fortunately it's likely you already have an SSH directory because if you have ever used SSH one was created for you. Open up a terminal window and check your home directory for a hidden . ssh directory. $ cd ~/.ssh If you receive a "no such file or directory" type of error message you have not used SSH and certainly don't have a key installed on your system. Next we'll create a set of keys which will create the file structure we need for us automatically.
Key Creation for Mac/Linux When you create an SSH key pair you want to enter a strong passphrase when prompted to do so*. While you could skip the passphrase it would allow anyone who can access it the ability to use it. Your key is valuable and it should be protected at all costs.
Key Creation for Mac/Linux When you create an SSH key pair you want to enter a strong passphrase when prompted to do so*. While you could skip the passphrase it would allow anyone who can access it the ability to use it. Your key is valuable and it should be protected at all costs. Let's create a strong 2048 bit RSA key with your email address included. $ ssh-keygen -t rsa -b 2048 -C"user@domain.com" You will be asked for a few options and you can leave those as their defaults but when asked for a passphrase choose a solid one. * A common practice when using SSH keys is to omit a passphrase because the default setup requires that you enter your passphrase each time you use your key which is seemingly the same as typing a password at login each time. Further in we'll cover how to work around this so you only need to enter your passphrase once per session.
Key Creation for Mac/Linux Once your key is created you should see some new files which were indicated during your key generation. $ cd ~/.ssh $ ls ~/.ssh/id_rsa This is your private key file that ssh will read by default when a login attempt is made. You can have multiple keys, i.e. id_otherkey. ~/.ssh/id_rsa.pub This is your public key file for authentication. The contents of this file should be added to ~/.ssh/authorized_keys on all machines where you wish to login using key authentication. There is no need to keep the contents of this file secret.
Key Creation for Mac/Linux To use your shiny new key on a server you need to copy your public key over the the authorized_keys file. It's usually not safe to try to do a simple copy/paste since even a stray return will break a key file and OSX doesn't contain the ssh-copy-id utility so we'll have to do some magic. $ ssh user@174.143.170.119 -p 7022 "umask 077; cat >> .ssh/authorized_keys" < ~/.ssh/id_rsa.pub
Key Creation for Mac/Linux To use your shiny new key on a server you need to copy your public key over the the authorized_keys file. It's usually not safe to try to do a simple copy/paste since even a stray return will break a key file and OSX doesn't contain the ssh-copy-id utility so we'll have to do some magic. $ ssh user@174.143.170.119 -p 7022 "umask 077; cat >> .ssh/authorized_keys" < ~/.ssh/id_rsa.pub Now you should be able to authenticate to the server with your key. $ ssh user@174.143.170.119 -p 7022 If all is right in the world you will be asked for your key passphrase and not your server password.
Key Creation for Mac/Linux To use your shiny new key on a server you need to copy your public key over the the authorized_keys file. It's usually not safe to try to do a simple copy/paste since even a stray return will break a key file and OSX doesn't contain the ssh-copy-id utility so we'll have to do some magic. $ ssh user@174.143.170.119 -p 7022 "umask 077; cat >> .ssh/authorized_keys" < ~/.ssh/id_rsa.pub Now you should be able to authenticate to the server with your key. $ ssh user@174.143.170.119 -p 7022 If all is right in the world you will be asked for your key passphrase and not your server password. Success! :)
Key Creation for Mac/Linux To use your shiny new key on a server you need to copy your public key over the the authorized_keys file. It's usually not safe to try to do a simple copy/paste since even a stray return will break a key file and OSX doesn't contain the ssh-copy-id utility so we'll have to do some magic. $ ssh user@174.143.170.119 -p 7022 "umask 077; cat >> .ssh/authorized_keys" < ~/.ssh/id_rsa.pub Now you should be able to authenticate to the server with your key. $ ssh user@174.143.170.119 -p 7022 If all is right in the world you will be asked for your key passphrase and not your server password. Success! :) Failure :( contact Chris.
SSH Agent Entering your passphrase on every login defeats the intent of using keys. ssh-agent will take care of the pesky prompts. Under OSX it runs by default so you will even get a popup asking you to save your passphrase to the keychain. Once you save it you will never be asked again on your local system.
SSH Agent Entering your passphrase on every login defeats the intent of using keys. ssh-agent will take care of the pesky prompts. Under OSX it runs by default so you will even get a popup asking you to save your passphrase to the keychain. Once you save it you will never be asked again on your local system. For Linux it's little more complex. You will need to add a script to your ~/. profile file or you can execute a couple of short commands. The following will start up the ssh-agent and then allow ssh-add to pickup on the variables and it will hold your key for an entire session. Please note the back ticks around ssh-agent. $ eval `ssh-agent` $ ssh-add You will be prompted for your passphrase one time but not again during the same session.
SSH Config We've got new keys and we can access some servers with them. We're still doing a lot of typing though. e.g. $ ssh user@174.143.170.119 -p 7022 Wouldn't it be nice if we could convert that into a short simple easy to remember command like the following? $ ssh staging
SSH Config We've got new keys and we can access some servers with them. We're still doing a lot of typing though. e.g. $ ssh user@174.143.170.119 -p 7022 Wouldn't it be nice if we could convert that into a short simple easy to remember command like the following? $ ssh staging We can! Using a user configurable ssh config file you can create aliases for commonly access systems. Just create a config file using your favorite editor and adding it to your .ssh directory. $ nano -w ~/.ssh/config Host staging User <your-username> Hostname 174.143.170.119 Port 7022
SSH Config There are a number of things you can do inside the ssh config file but aliases/bookmarks are probably the most common entries you will run into or need for yourself. Here's the basic entry for our staging example. Host staging User <your-username> Hostname 174.143.170.119 Port 7022 This creates an alias to the 174.143.170.119 server with our user and port options. The "Host" line is the alias name we assign. Now calling the following will start an ssh session for ssh user@174.143.170.119 -p 7022. $ ssh staging
The End That's it. You are now an ssh wizard and can work both conveniently and securely. Keep your keys safe but if they are ever lost or you suspect an issue notify an admin quickly. To be really useful you will want to add your current private key or create a new key for staging. Because of permission issues however you may need a hand setting things up correctly.

Recommandé

Ssh cookbook
Ssh cookbookSsh cookbook
Ssh cookbookJean-Marie Renouard
 
How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7VCP Muthukrishna
 
Webinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and moreWebinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and morepanagenda
 
Rasperry pi Part 12
Rasperry pi Part 12Rasperry pi Part 12
Rasperry pi Part 12Techvilla
 
Service intergration
Service intergration Service intergration
Service intergration 재민 장
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios
 
API-openssl-apache.ppt
API-openssl-apache.pptAPI-openssl-apache.ppt
API-openssl-apache.pptwebhostingguy
 
Hammr Project Update: Machine Images and Docker Containers for your Cloud, OW...
Hammr Project Update: Machine Images and Docker Containers for your Cloud, OW...Hammr Project Update: Machine Images and Docker Containers for your Cloud, OW...
Hammr Project Update: Machine Images and Docker Containers for your Cloud, OW...OW2
 

Recommandé

Ssh cookbook
Ssh cookbookSsh cookbook
Ssh cookbookJean-Marie Renouard
 
How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7VCP Muthukrishna
 
Webinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and moreWebinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and morepanagenda
 
Rasperry pi Part 12
Rasperry pi Part 12Rasperry pi Part 12
Rasperry pi Part 12Techvilla
 
Service intergration
Service intergration Service intergration
Service intergration 재민 장
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios
 
API-openssl-apache.ppt
API-openssl-apache.pptAPI-openssl-apache.ppt
API-openssl-apache.pptwebhostingguy
 
Hammr Project Update: Machine Images and Docker Containers for your Cloud, OW...
Hammr Project Update: Machine Images and Docker Containers for your Cloud, OW...Hammr Project Update: Machine Images and Docker Containers for your Cloud, OW...
Hammr Project Update: Machine Images and Docker Containers for your Cloud, OW...OW2
 
Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Bob Novas
 
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpracticesConf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpracticesBrentMatlock
 
Getting started with RDO Havana
Getting started with RDO HavanaGetting started with RDO Havana
Getting started with RDO HavanaDan Radez
 
APACHE 2 HTTPS.ppt
APACHE 2 HTTPS.pptAPACHE 2 HTTPS.ppt
APACHE 2 HTTPS.pptwebhostingguy
 
Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"Francesco Prior
 
Importance of SSHFP for Network Devices
Importance of SSHFP for Network DevicesImportance of SSHFP for Network Devices
Importance of SSHFP for Network DevicesAPNIC
 
Importance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devicesImportance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devicesMuhammad Moinur Rahman
 
ironing out Docker
ironing out Dockerironing out Docker
ironing out Dockernindustries
 
Zi nginx conf_2015
Zi nginx conf_2015Zi nginx conf_2015
Zi nginx conf_2015Zi Lin
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Jen Andre
 
Linux configer
Linux configerLinux configer
Linux configerMD. AL AMIN
 
Installing spark 2
Installing spark 2Installing spark 2
Installing spark 2Ahmed Mekawy
 
Mining Ruby Gem vulnerabilities for Fun and No Profit.
Mining Ruby Gem vulnerabilities for Fun and No Profit.Mining Ruby Gem vulnerabilities for Fun and No Profit.
Mining Ruby Gem vulnerabilities for Fun and No Profit.Larry Cashdollar
 
Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...wensheng wei
 
Linuxserver harden
Linuxserver hardenLinuxserver harden
Linuxserver hardenGregory Hanis
 
Tecnicas monitoreo reportes con Asterisk
Tecnicas monitoreo reportes con AsteriskTecnicas monitoreo reportes con Asterisk
Tecnicas monitoreo reportes con AsteriskNicolás Gudiño
 
How To Connect To Active Directory PowerShell
How To Connect To Active Directory PowerShellHow To Connect To Active Directory PowerShell
How To Connect To Active Directory PowerShellVCP Muthukrishna
 
Redis学习笔记
Redis学习笔记Redis学习笔记
Redis学习笔记yongboy
 
Metasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkMetasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkRob Fuller
 
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy TerraformPrzemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraformjzielinski_pl
 
Hong Kong Drupal User Group - Sep 13th
Hong Kong Drupal User Group - Sep 13thHong Kong Drupal User Group - Sep 13th
Hong Kong Drupal User Group - Sep 13thWong Hoi Sing Edison
 
A Drush Primer - DrupalCamp Chattanooga 2013
A Drush Primer - DrupalCamp Chattanooga 2013A Drush Primer - DrupalCamp Chattanooga 2013
A Drush Primer - DrupalCamp Chattanooga 2013Chris Hales
 

Contenu connexe

Tendances

Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Bob Novas
 
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpracticesConf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpracticesBrentMatlock
 
Getting started with RDO Havana
Getting started with RDO HavanaGetting started with RDO Havana
Getting started with RDO HavanaDan Radez
 
Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"Francesco Prior
 
Importance of SSHFP for Network Devices
Importance of SSHFP for Network DevicesImportance of SSHFP for Network Devices
Importance of SSHFP for Network DevicesAPNIC
 
Importance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devicesImportance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devicesMuhammad Moinur Rahman
 
ironing out Docker
ironing out Dockerironing out Docker
ironing out Dockernindustries
 
Zi nginx conf_2015
Zi nginx conf_2015Zi nginx conf_2015
Zi nginx conf_2015Zi Lin
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Jen Andre
 
Installing spark 2
Installing spark 2Installing spark 2
Installing spark 2Ahmed Mekawy
 
Mining Ruby Gem vulnerabilities for Fun and No Profit.
Mining Ruby Gem vulnerabilities for Fun and No Profit.Mining Ruby Gem vulnerabilities for Fun and No Profit.
Mining Ruby Gem vulnerabilities for Fun and No Profit.Larry Cashdollar
 
Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...wensheng wei
 
Tecnicas monitoreo reportes con Asterisk
Tecnicas monitoreo reportes con AsteriskTecnicas monitoreo reportes con Asterisk
Tecnicas monitoreo reportes con AsteriskNicolás Gudiño
 
How To Connect To Active Directory PowerShell
How To Connect To Active Directory PowerShellHow To Connect To Active Directory PowerShell
How To Connect To Active Directory PowerShellVCP Muthukrishna
 
Redis学习笔记
Redis学习笔记Redis学习笔记
Redis学习笔记yongboy
 
Metasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkMetasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkRob Fuller
 
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy TerraformPrzemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraformjzielinski_pl
 

Tendances (20)

Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Ssh and sshfp dns records v04
Ssh and sshfp dns records v04
 
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpracticesConf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
 
Getting started with RDO Havana
Getting started with RDO HavanaGetting started with RDO Havana
Getting started with RDO Havana
 
APACHE 2 HTTPS.ppt
APACHE 2 HTTPS.pptAPACHE 2 HTTPS.ppt
APACHE 2 HTTPS.ppt
 
Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"
 
Importance of SSHFP for Network Devices
Importance of SSHFP for Network DevicesImportance of SSHFP for Network Devices
Importance of SSHFP for Network Devices
 
Importance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devicesImportance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devices
 
ironing out Docker
ironing out Dockerironing out Docker
ironing out Docker
 
Zi nginx conf_2015
Zi nginx conf_2015Zi nginx conf_2015
Zi nginx conf_2015
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'
 
Linux configer
Linux configerLinux configer
Linux configer
 
Installing spark 2
Installing spark 2Installing spark 2
Installing spark 2
 
Mining Ruby Gem vulnerabilities for Fun and No Profit.
Mining Ruby Gem vulnerabilities for Fun and No Profit.Mining Ruby Gem vulnerabilities for Fun and No Profit.
Mining Ruby Gem vulnerabilities for Fun and No Profit.
 
Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...
 
Linuxserver harden
Linuxserver hardenLinuxserver harden
Linuxserver harden
 
Tecnicas monitoreo reportes con Asterisk
Tecnicas monitoreo reportes con AsteriskTecnicas monitoreo reportes con Asterisk
Tecnicas monitoreo reportes con Asterisk
 
How To Connect To Active Directory PowerShell
How To Connect To Active Directory PowerShellHow To Connect To Active Directory PowerShell
How To Connect To Active Directory PowerShell
 
Redis学习笔记
Redis学习笔记Redis学习笔记
Redis学习笔记
 
Metasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkMetasploit magic the dark coners of the framework
Metasploit magic the dark coners of the framework
 
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy TerraformPrzemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
 

En vedette

Hong Kong Drupal User Group - Sep 13th
Hong Kong Drupal User Group - Sep 13thHong Kong Drupal User Group - Sep 13th
Hong Kong Drupal User Group - Sep 13thWong Hoi Sing Edison
 
A Drush Primer - DrupalCamp Chattanooga 2013
A Drush Primer - DrupalCamp Chattanooga 2013A Drush Primer - DrupalCamp Chattanooga 2013
A Drush Primer - DrupalCamp Chattanooga 2013Chris Hales
 
Drupal Security Basics for the DrupalJax January Meetup
Drupal Security Basics for the DrupalJax January MeetupDrupal Security Basics for the DrupalJax January Meetup
Drupal Security Basics for the DrupalJax January MeetupChris Hales
 
DrupalCon Chicago 2011 Recap
DrupalCon Chicago 2011 RecapDrupalCon Chicago 2011 Recap
DrupalCon Chicago 2011 RecapChris Hales
 
Automated testing with Drupal
Automated testing with DrupalAutomated testing with Drupal
Automated testing with DrupalPromet Source
 
Scaling Drupal & Deployment in AWS
Scaling Drupal & Deployment in AWSScaling Drupal & Deployment in AWS
Scaling Drupal & Deployment in AWS永对 陈
 
The Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post FormatsThe Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post FormatsBarry Feldman
 

En vedette (7)

Hong Kong Drupal User Group - Sep 13th
Hong Kong Drupal User Group - Sep 13thHong Kong Drupal User Group - Sep 13th
Hong Kong Drupal User Group - Sep 13th
 
A Drush Primer - DrupalCamp Chattanooga 2013
A Drush Primer - DrupalCamp Chattanooga 2013A Drush Primer - DrupalCamp Chattanooga 2013
A Drush Primer - DrupalCamp Chattanooga 2013
 
Drupal Security Basics for the DrupalJax January Meetup
Drupal Security Basics for the DrupalJax January MeetupDrupal Security Basics for the DrupalJax January Meetup
Drupal Security Basics for the DrupalJax January Meetup
 
DrupalCon Chicago 2011 Recap
DrupalCon Chicago 2011 RecapDrupalCon Chicago 2011 Recap
DrupalCon Chicago 2011 Recap
 
Automated testing with Drupal
Automated testing with DrupalAutomated testing with Drupal
Automated testing with Drupal
 
Scaling Drupal & Deployment in AWS
Scaling Drupal & Deployment in AWSScaling Drupal & Deployment in AWS
Scaling Drupal & Deployment in AWS
 
The Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post FormatsThe Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post Formats
 

Similaire à SSH how to 2011

How to set up ssh keys on ubuntu
How to set up ssh keys on ubuntuHow to set up ssh keys on ubuntu
How to set up ssh keys on ubuntucollegeinit
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSHVitalii Sharavara
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
Creating SSH Key.pptx
Creating SSH Key.pptxCreating SSH Key.pptx
Creating SSH Key.pptxSaumya876452
 

Similaire à SSH how to 2011 (20)

SSH.pdf
SSH.pdfSSH.pdf
SSH.pdf
 
How to set up ssh keys on ubuntu
How to set up ssh keys on ubuntuHow to set up ssh keys on ubuntu
How to set up ssh keys on ubuntu
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSH
 
Ssh cookbook v2
Ssh cookbook v2Ssh cookbook v2
Ssh cookbook v2
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSH
 
OpenSSH tricks
OpenSSH tricksOpenSSH tricks
OpenSSH tricks
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
 
Sshstuff
SshstuffSshstuff
Sshstuff
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Secure SHell
Secure SHellSecure SHell
Secure SHell
 
Cent os 5 ssh
Cent os 5 sshCent os 5 ssh
Cent os 5 ssh
 
Ssh
SshSsh
Ssh
 
Rhel5
Rhel5Rhel5
Rhel5
 
secure php
secure phpsecure php
secure php
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdf
 
Setting up github and ssh keys.ppt
Setting up github and ssh keys.pptSetting up github and ssh keys.ppt
Setting up github and ssh keys.ppt
 
Creating SSH Key.pptx
Creating SSH Key.pptxCreating SSH Key.pptx
Creating SSH Key.pptx
 

Dernier

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Dernier (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

SSH how to 2011

  • 1. SSH Keys and Configurations Chris Hales
  • 2. What is SSH? Secure Shell aka SSH is a secure encrypted communication protocol designed to replace older insecure protocols like telnet, rsh, and ftp.
  • 3. What is SSH? Secure Shell aka SSH is a secure encrypted communication protocol designed to replace older insecure protocols like telnet, rsh, and ftp. SSH authentication can be done with a username and password combination which is the default. Here's the most simplistic usage we might encounter. $ ssh user@secureserver After you connect to secureserver you are normally asked for your password to complete the login.
  • 4. What is SSH? Secure Shell aka SSH is a secure encrypted communication protocol designed to replace older insecure protocols like telnet, rsh, and ftp. SSH authentication can be done with a username and password combination which is the default. Here's the most simplistic usage we might encounter. $ ssh user@secureserver After you connect to secureserver you are normally asked for your password to complete the login. When you start doing this over and over again for many systems with various paswords it can become pretty tedious. What if there was a way to simplify the process? Time for SSH Keys to save the day!
  • 5. Enter SSH Keys! SSH can be configured to use key pairs so that you don't have to type your password in every time you need to log into a commonly accessed system. Your public key is placed on all systems you wish to access using your private key.
  • 6. Enter SSH Keys! SSH can be configured to use key pairs so that you don't have to type your password in every time you need to log into a commonly accessed system. Your public key is placed on all systems you wish to access using your private key. There's a lot of technical details surrounding public-key cryptography but for our purposes all you really need to know is that it's a really secure way of proving who you are to a third party system. Let's begin with creating your key pair if you don't already have one. Mac and Linux setup is basically identical. For Windows you will need Putty and PuTTYgen installed.
  • 7. Key Creation for Windows For Windows users I'm cheating and sending you to an excellent PuTTYgen how-to which includes key pair creation. http://theillustratednetwork.mvps.org/Ssh/Private-publicKey.html
  • 8. Key Creation for Mac/Linux On unix like systems (Ubuntu, OSX, etc.) we'll need to go through a few steps. Fortunately it's likely you already have an SSH directory because if you have ever used SSH one was created for you. Open up a terminal window and check your home directory for a hidden . ssh directory. $ cd ~/.ssh
  • 9. Key Creation for Mac/Linux On unix like systems (Ubuntu, OSX, etc.) we'll need to go through a few steps. Fortunately it's likely you already have an SSH directory because if you have ever used SSH one was created for you. Open up a terminal window and check your home directory for a hidden . ssh directory. $ cd ~/.ssh If you receive a "no such file or directory" type of error message you have not used SSH and certainly don't have a key installed on your system. Next we'll create a set of keys which will create the file structure we need for us automatically.
  • 10. Key Creation for Mac/Linux When you create an SSH key pair you want to enter a strong passphrase when prompted to do so*. While you could skip the passphrase it would allow anyone who can access it the ability to use it. Your key is valuable and it should be protected at all costs.
  • 11. Key Creation for Mac/Linux When you create an SSH key pair you want to enter a strong passphrase when prompted to do so*. While you could skip the passphrase it would allow anyone who can access it the ability to use it. Your key is valuable and it should be protected at all costs. Let's create a strong 2048 bit RSA key with your email address included. $ ssh-keygen -t rsa -b 2048 -C"user@domain.com" You will be asked for a few options and you can leave those as their defaults but when asked for a passphrase choose a solid one. * A common practice when using SSH keys is to omit a passphrase because the default setup requires that you enter your passphrase each time you use your key which is seemingly the same as typing a password at login each time. Further in we'll cover how to work around this so you only need to enter your passphrase once per session.
  • 12. Key Creation for Mac/Linux Once your key is created you should see some new files which were indicated during your key generation. $ cd ~/.ssh $ ls ~/.ssh/id_rsa This is your private key file that ssh will read by default when a login attempt is made. You can have multiple keys, i.e. id_otherkey. ~/.ssh/id_rsa.pub This is your public key file for authentication. The contents of this file should be added to ~/.ssh/authorized_keys on all machines where you wish to login using key authentication. There is no need to keep the contents of this file secret.
  • 13. Key Creation for Mac/Linux To use your shiny new key on a server you need to copy your public key over the the authorized_keys file. It's usually not safe to try to do a simple copy/paste since even a stray return will break a key file and OSX doesn't contain the ssh-copy-id utility so we'll have to do some magic. $ ssh user@174.143.170.119 -p 7022 "umask 077; cat >> .ssh/authorized_keys" < ~/.ssh/id_rsa.pub
  • 14. Key Creation for Mac/Linux To use your shiny new key on a server you need to copy your public key over the the authorized_keys file. It's usually not safe to try to do a simple copy/paste since even a stray return will break a key file and OSX doesn't contain the ssh-copy-id utility so we'll have to do some magic. $ ssh user@174.143.170.119 -p 7022 "umask 077; cat >> .ssh/authorized_keys" < ~/.ssh/id_rsa.pub Now you should be able to authenticate to the server with your key. $ ssh user@174.143.170.119 -p 7022 If all is right in the world you will be asked for your key passphrase and not your server password.
  • 15. Key Creation for Mac/Linux To use your shiny new key on a server you need to copy your public key over the the authorized_keys file. It's usually not safe to try to do a simple copy/paste since even a stray return will break a key file and OSX doesn't contain the ssh-copy-id utility so we'll have to do some magic. $ ssh user@174.143.170.119 -p 7022 "umask 077; cat >> .ssh/authorized_keys" < ~/.ssh/id_rsa.pub Now you should be able to authenticate to the server with your key. $ ssh user@174.143.170.119 -p 7022 If all is right in the world you will be asked for your key passphrase and not your server password. Success! :)
  • 16. Key Creation for Mac/Linux To use your shiny new key on a server you need to copy your public key over the the authorized_keys file. It's usually not safe to try to do a simple copy/paste since even a stray return will break a key file and OSX doesn't contain the ssh-copy-id utility so we'll have to do some magic. $ ssh user@174.143.170.119 -p 7022 "umask 077; cat >> .ssh/authorized_keys" < ~/.ssh/id_rsa.pub Now you should be able to authenticate to the server with your key. $ ssh user@174.143.170.119 -p 7022 If all is right in the world you will be asked for your key passphrase and not your server password. Success! :) Failure :( contact Chris.
  • 17. SSH Agent Entering your passphrase on every login defeats the intent of using keys. ssh-agent will take care of the pesky prompts. Under OSX it runs by default so you will even get a popup asking you to save your passphrase to the keychain. Once you save it you will never be asked again on your local system.
  • 18. SSH Agent Entering your passphrase on every login defeats the intent of using keys. ssh-agent will take care of the pesky prompts. Under OSX it runs by default so you will even get a popup asking you to save your passphrase to the keychain. Once you save it you will never be asked again on your local system. For Linux it's little more complex. You will need to add a script to your ~/. profile file or you can execute a couple of short commands. The following will start up the ssh-agent and then allow ssh-add to pickup on the variables and it will hold your key for an entire session. Please note the back ticks around ssh-agent. $ eval `ssh-agent` $ ssh-add You will be prompted for your passphrase one time but not again during the same session.
  • 19. SSH Config We've got new keys and we can access some servers with them. We're still doing a lot of typing though. e.g. $ ssh user@174.143.170.119 -p 7022 Wouldn't it be nice if we could convert that into a short simple easy to remember command like the following? $ ssh staging
  • 20. SSH Config We've got new keys and we can access some servers with them. We're still doing a lot of typing though. e.g. $ ssh user@174.143.170.119 -p 7022 Wouldn't it be nice if we could convert that into a short simple easy to remember command like the following? $ ssh staging We can! Using a user configurable ssh config file you can create aliases for commonly access systems. Just create a config file using your favorite editor and adding it to your .ssh directory. $ nano -w ~/.ssh/config Host staging User <your-username> Hostname 174.143.170.119 Port 7022
  • 21. SSH Config There are a number of things you can do inside the ssh config file but aliases/bookmarks are probably the most common entries you will run into or need for yourself. Here's the basic entry for our staging example. Host staging User <your-username> Hostname 174.143.170.119 Port 7022 This creates an alias to the 174.143.170.119 server with our user and port options. The "Host" line is the alias name we assign. Now calling the following will start an ssh session for ssh user@174.143.170.119 -p 7022. $ ssh staging
  • 22. The End That's it. You are now an ssh wizard and can work both conveniently and securely. Keep your keys safe but if they are ever lost or you suspect an issue notify an admin quickly. To be really useful you will want to add your current private key or create a new key for staging. Because of permission issues however you may need a hand setting things up correctly.