ssh keys

ssh keys can be configured to enhance security, with password-less logins. no password is typed or transmitted.

the basic steps are:
- generate your keys at local end
- secure your private key
- gather your public key
- add public key to remote end

we will look at my two preferred tools:
(1) putty
(2) dropbear

i don't seem to prefer openssh, the seemingly defacto standard, as i consider it bloatware. too big does obscure/obfuscate vulnerabilities. look at my preferred alternatives - so tiny, so beautiful :-)

putty-tools are rather quirky to get right the first time. but once you have them setup right, and understand what you are doing, you'll love 'em. i like them also because they are much smaller and efficient than openssh-client, the supposedly defacto standard. putty, though, is very much the defacto choice on windows.

generate your rsa key file on the ssh client
$ puttygen -t rsa -b 4096 -o puttygen_rsa

do not modify puttygen_rsa. copy the Public-Lines from the key file to another file, say

ensure all is one word on one line, i.e. join all lines together, with no spaces in between.

now insert "ssh-rsa" and a space in front. you may optionally add your id at the end, ie a space and "ssh-user@ssh-client". there should be a space in between each of these three items. and this file still contains everything on one line only - your public key.

send your to ssh servers
$ pscp -v ~/.ssh/ ssh-user@ssh-server:/home/ssh-user/.ssh/

at the ssh-server
$ cd .ssh
$ cat >> authorized_keys

ssh config is now complete, and we can test it from the client.
$ plink -v -i .ssh/puttygen_rsa ssh-user@ssh-server
$ plink -v -X -i .ssh/puttygen_rsa ssh-user@ssh-server
$ pscp -v -i .ssh/puttygen_rsa source-files ssh-user@ssh-server:/destination-directory

dbclient is much simpler, generate your rsa key file on the ssh client
$ cd ~/.ssh
$ dropbearkey -t rsa -s 4096 -f dropbearkey_rsa

copy/paste the generated Public key portion to and send it to the remote end.
$ scp -S dbclient ssh-user@ssh-server:/home/ssh-user/.ssh/

at the remote end, add your public key to ~/.ssh/authorized_keys.
$ cd ~/.ssh
$ cat >> authorized_keys

now you can ssh from your client
$ dbclient -i ~/.ssh/dropbearkey_rsa ssh-user@ssh-server
$ scp -S dbclient -i ~/.ssh/dropbearkey_rsa source-file ssh-user@ssh-server:/directory

No comments:

Post a Comment

most popular posts