Your browser does not seem to support CSS. If images appear below, please disregard them.
Topic Options
Rate This Topic
#4487 - 10/23/04 06:17 AM SSH Keys
Joined: Jun 2003
Posts: 807
Ghost Offline
UGN Super Poster
Ghost Offline
UGN Super Poster

Joined: Jun 2003
Posts: 807
Wisconsin
I figured i'd post on this just incase not everyone knew about this already. All my knowledge on this topic can be credited to Gizmo as he first introduced me to it.

SSH Keys allow you to login to a remote machine via SSH by authenticating with a key instead of a username and password combination. You can still setup password authentication on your end if you wish, but it is not required. In my opinion this is WAY more secure, how are you going to guess someone's 3072 bit RSA key to login with? Yeah, exactly. Anyways, here is how you set it up:

Go to http://www.ssh.com and download the offical SSH client. Extract and compile, or install it, whichever your platform requires. After you have done that, start it up. Now, having never done this with *nix, the steps might be a little different, but here is how you go about generating a key. Edit>Preferences> +Global Settings>+User Authentication>+Keys>Generate New. Select the size and type of key, Might i suggest RSA 3072. After you've done that, you need to create an authorized keys file, and upload it to the server you wish to login to. After you've generated your key, open the key file (Edit>Preferences> +Global Settings>+User Authentication>+Keys>View). Get the key, the actual key starts with an 'A' and ends in a '='. If you're using windows, open this with wordpad, not notepad (you'll need to find the file, should be in C:\Documents and Settings\[Your User Name]\Application Data\SSH\UserKeys\). After you have the key, open your text editor, and paste the key to the file. Make sure your text editor is not wrapping the text. After this, add "ssh-rsa" (or "ssh-dsa" if you used DSA, which you shouldn't do) to the front of the key. It should look like...
Code:
ssh-rsa AAAAA=
of course, "AAAAA=" should acctually be your key. After you have done that, you need to upload your authorized keys file. Save the file as "authorized_keys2". Login to your account on the machine you want to connect to, create ".ssh" in the home directory, change to this directory, and upload the authorized_keys2 file. After you have done that, chmod .ssh and authorized_keys2 700. After that, go back to your SSH window, Click "Quick Connect" enter your information, and select public key to the authentication method. Click Connect, and wait for the password prompt (if you set a password for your key). Now, i'm not going to go into many other details about the SSH client, but there is a bunch of other fun stuff you can do. If you have any trouble doing the above, please feel free to post a question.

Top
Sponsored Links
#4488 - 10/23/04 06:20 AM Re: SSH Keys
Joined: Feb 2002
Posts: 7,195
Gremelin Offline
Community Owner
Gremelin Offline

Community Owner

Joined: Feb 2002
Posts: 7,195
Portland, OR; USA
Don't forget, you can have a 1 word comment after the key, so it would look like:
Code:
ssh-rsa [key] [comment]
Make sure it's all on one line also... If you do it wrong you'll lock SSH for your account and you won't be able to login at all ...


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Top
#4489 - 10/23/04 07:48 AM Re: SSH Keys
Joined: Mar 2004
Posts: 419
Spyrios Offline
UGN Member
Spyrios Offline
UGN Member

Joined: Mar 2004
Posts: 419
VA
The new Navy Marine Corps Intranet system uses a system to log on that sounds similar but it uses what they call PKI certificates is this what it basically is? They place the certificates on a CAC card (an id card with an embeded microchip which contains all my medical, dental, and emeergency info on it, along with the certificates) I stick the card into a card reader on the keyboard and then i am free to view a lot of websites and info i would not be allowed to if i didn't have the certificate.


D, world destruction
Over and overture
N, do I need
Apostrophe T, need this torture?-They Might Be Giants
Top
#4490 - 10/23/04 06:53 PM Re: SSH Keys
Joined: Dec 2002
Posts: 3,255
§intå× Offline
§intå× Offline



Joined: Dec 2002
Posts: 3,255
Maryland
Wow they have come a long way... I rember viewing porn from my Commo office in the army. They have moved to the smart chip cards as well. They were just starting to "BLOCK" access to certain sites and places when I left. I remember getting into places I shouldn't have on the network because they had almost zero security.


My New site OpenEyes
Top
#4491 - 10/24/04 11:10 AM Re: SSH Keys
Joined: Feb 2002
Posts: 7,195
Gremelin Offline
Community Owner
Gremelin Offline

Community Owner

Joined: Feb 2002
Posts: 7,195
Portland, OR; USA
The SSH keys use RSA; I like using 3072 bit but you can use lesser if you want (don't know why you'd want to but you can)


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Top
#4492 - 10/24/04 07:20 PM Re: SSH Keys
Joined: Dec 2002
Posts: 3,255
§intå× Offline
§intå× Offline



Joined: Dec 2002
Posts: 3,255
Maryland
less bandwidth...


My New site OpenEyes
Top
#4493 - 10/25/04 07:50 AM Re: SSH Keys
Joined: Feb 2002
Posts: 7,195
Gremelin Offline
Community Owner
Gremelin Offline

Community Owner

Joined: Feb 2002
Posts: 7,195
Portland, OR; USA
I haven't had any isssues connecting at 28.8KBPS lol...


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Top

Member Spotlight
Crime

Crime
SC, usa
Posts: 506
Joined: March 2002
Show All Member Profiles 
Sponsored Links
Forum Statistics
Forums46
Topics46,436
Posts81,606
Members2,157
Most Online1,567
Apr 25th, 2010
Latest Postings
Top Posters(All Time)
UGN Security 39,600
Gremelin 7,195
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860