Monday, June 8, 2015

SSH - Key-based Authentication

SSH has many way to authenticate user, and commonly, password based authentication is used.

Password based authentication is easy to setup and use, however, it poses a lot of security challenges.

An alternate way to log into SSH enabled system is key-based authentication. Key based authenticate makes use of public key infrastructure where a public and private key pair is used for authentication. While the private key should be held in secret by the user, the public key will be uploaded to the SSH remote server for authentication.

Below are the steps to enable key based authentication for a User A to log into remote server via SSH as User B

1. As User A, use ssh-keygen to generate a pair of authentication key without a pass phase

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/userA/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/userA/.ssh/id_rsa.
Your public key has been saved in /home/userA/.ssh/id_rsa.pub.
The key fingerprint is:
62:41:ee:b9:a4:da:ed:d8:11:a4:9f:ea:15:2a:22:7e userA@abc.example.com

2. Create a .ssh folder for User B (You will be required to log in with User B password)

$ ssh userB@abc.example.com mkdir -p .ssh
userB@abc.example.com's password:

3. Append User A new public key to User B .ssh/authorized_keys (You will be required to log in with User B password)

$ cat ~/.ssh/id_rsa.pub | ssh userB@abc.example.com 'cat >> .ssh/authorized_keys'
userB@abc.example.com's password:

4. Test key based authentication SSH login for user B (if setup successfully, no password is required to be entered)

$ ssh userB@abc.example.com
Last login: Mon Dec 21 12:31:16 2014 from abc.example.com
$

Windows 7 - STOP 0x0000007B (0xFFFFF880009A97E8 0xFFFFFFFFC0000034 0x0000000000 0x0000000000)

If you encounter STOP 0x0000007B (0xFFFFF880009A97E8 0xFFFFFFFFC0000034 0x0000000000 0x0000000000) blue screen of death. This is very like...