SSH keys

SSH Keying through Linux, Mac OS X

SSH keys are fairly simple to setup and can be done so even simpler when using a native terminal application, such as the terminal in OSX. Here's how!
In terminal, type the following command:

ssh-keygen -t dsa

This will ask you a few questions, the defaults for which are just fine, no passcode is necessary. This will generate a key in the ~/.ssh/ directory. Now we just need to get that file up to the server.
You can do this using scp or rsync, I'll give rsync as an example here.

rsync -av -e "ssh" ~/.ssh/id_dsa.pub root@IP_address:.ssh/authorized_keys

In the event your server uses a non-standard port for ssh, you can specify this inside the quotes around ssh, an example for port 2222 is below.

rsync -av -e "ssh -p 2222" ~/.ssh/id_dsa.pub root@ip.add.ress.here:.ssh/authorized_keys

Once running this command you will be prompted for your root password as rsync creates an SSH connection to transfer the file to your server. Once the password is entered, the file will be synced up to the server.
Now we want to ensure that all is well on the recipient server. SSH into your server and run the following commands.

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chown root. ~/.ssh/authorized_keys

That's it! You should be all set! Now to access your server you need only do the following:

ssh root@domain.com

The server should automatically accept your key and push you into the root shell.

How to disable password authentication

Once this has all been configured, you can add some extra security to your server by disabling password authentication for SSH. (Note that if you do lose your private key, this will make the server inaccessible.)
To disable this setting, you can do the following:

nano /etc/ssh/sshd_config

In this file, set the following settings to the following values. If these settings are already in the file, set them to "no" rather than add new lines.

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

Once this is done, restart the SSH daemon to apply the settings.

/etc/init.d/sshd restart

Its done. :)

Comments

  1. Anonymous10/23/2012 8:52 pm

    Hi Avi,


    For Mac 10.8, X11 package is not coming inbuilt. So needed to install it manually, or else what ever we do, X term will not work. Thnx for the post.

    ReplyDelete

Post a Comment

Popular posts from this blog

SVN: File remains in conflict

This error occurs when you didn't update the SVN and try to commit changes or, someone has made changes to this file that are conflicting with your changes. There are two ways to handle this situation. Either, you can revert back the changes you want to commit and then, update the SVN and after that make the changes again and commit. The other way is, you need to resolve the conflicted files one by one. You can keep all the conflicted files in a folder and resolved it at once. >> Revert the changes steps: svn revert . -R svn up >> Resolve the conflicted files: svn resolved <file_name>
Read more

12 tweakings for WHM/cPanel to speed up WordPress

   1. Turning Mailman off – WHM >> Server Configuration >>  Tweak Settings and turning it off    2. Number of minutes between mail server queue runs (default is 60) – Setting it 120    3. Default catch-all/default address behavior for new accounts” to fail    4. Boxtrapper Spam Trap and SpamAssassin Spam Box delivery – off    5. Analog Stats – off    6. Conserve Memory at the expense of using more cpu/diskio – turn on    7. WHM >> Service Configuration >> FTP Server Configuration – Check ‘no’ to ‘allow anonymous logins and ‘no’ to ‘anonymous uploads’    8. WHM >> cPanel >> Manage Plugins – install spamdconf – then go to ‘Setup Spamd Startup Configuration’ – select option 2 ‘Maximum Children” to 2′    9. Run your cron jobs at off peak hours.   10. Install e Accelerator PHP accelerator (Recompile Apache with eAccelerator)   11. ...
Read more

HowTo: Enable extended logging for exim

When troubleshooting mail or attempting to discover the source of spam originating from your server, it is often useful to enable extended Exim logging. You can enable extended logging for exim though your shell prompt as well as through WHM interface. I am giving the steps for both ways one by one: 1. Through shell prompt: 1. Open exim.conf 2) Find this: hostlist auth_relay_hosts = * 3) After hostlist auth_relay_hosts = * add the following: log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn 4) The final result should look like this hostlist auth_relay_hosts = * log_selector = +address_rewrite +all_parents +arguments +connecti...
Read more