Ubuntu Security :: Setting Up Public Key For Passwordless Ssh Login
Sep 8, 2010
I can't get this to work on my machines.
So far I have:
1. created a key with ssh-keygen on the server to be logged in to
2. copied the .pub key to my local machine
3. chmod 700 ~/.ssh on both machines
4. chomd 600 ~/.ssh/ic_rsa on the server, and on known_hosts on my local machine
5. added the .pub key to ~/known_hosts on my local machine
my local machine doesn't have an "authorized_keys" file which is what everything is telling me I should append my .pub key to. The only thing that was in my .ssh folder was known_hosts, so I tried that. I also tried making an authorized_hosts file to no avail, changing permissions appropriatly on all files.
Should I/Can I reset ssh in some way? Is there are reason I don't have an authorized_keys file or is my known_hosts file my authorized_keys file?
Would it be better just to uninstall/reinstall ssh?
View 2 Replies
ADVERTISEMENT
Jan 13, 2011
Our local community wants to provide broadband access for people who don't own a computer. I have been given the task of setting this up and I am going to use Ubuntu. Internet access will be via a usb dongle to a T-Mobile 3.5g network. Initially we are intending to limit access to just Internet browsing. Most users will probably be older people, rather than teenage hackers. configuring/securing a default Ubuntu install for this sort of use.
View 3 Replies
View Related
Aug 26, 2010
I have a problem with my ubuntu account. I am running 4 virtual machines, based on jeos-8.04 and I am using a public key authentication to login to my account (via ssh). This is not the problem, I have the key and the passphrase. But when I am logged in, I can't sudo, because I forgot the password for the accout.
View 6 Replies
View Related
Sep 2, 2010
How can I configure ssh to do the passwordless logins between the users in a Linux server?I am using RHEL4.6 version. I have created some users in this server and I would like to login from one user to the other users in the same server without a password prompt by using SSH. I was using rsh for this purpose before, but since it is against our security policy , I have to switch to SSH.I have done the ssh configuration by creating the keys and copying the public keys to the file .ssh/authorized_keys of the other users in the same server.But unfortunately still I am not able to login to other users in the same system WITHOUT a Password.I did the following settings.From user1:
mkdir ~/.ssh
chmod 755 ~/.ssh
/usr/bin/ssh-keygen -t rsa
[code]...
View 1 Replies
View Related
Apr 12, 2011
I got this from a website (cant remember URL).
Be warned if someone actually does manage to login as root on your computer or server.
Edit .bash_profile for root. How do I do this?
Code:
echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" your@email.com
Replace your@email.com with your own email. Save the file and exit.
View 9 Replies
View Related
Feb 12, 2010
I have been trying to establish a connection between two pcs via the ssh channel. I successfully made the connection as a root user, but when i tried as a non root user i had to type in the password the make contact with the other pc. how exactly does this passwordless login actually work?
View 3 Replies
View Related
Oct 6, 2010
I'm trying to configure a process triggered by an SVN post-commit hook which will log into a different host and carry out an SVN update on a file path on that host before exiting. An earlier attempt mounted the remote filepath on the SVN host using sshfs and performed the update locally. This worked but it was incredibly slow (minutes to complete an SVN update).
So, Plan B was to set-up a passwordless login for the user the script runs as and then use pam-script to script a checkout from a repository using the same credentials. The problem is, passwordless SSH login using private/public keys appears to bypass the PAM authentication system or at least interact with it in a way that no environment variables (including the SSH user's name and pass) are resolved by the authentication script being used by pam-script.
I've tested the pam-script behaviour for normal log-ins and it exposes these variables fine. This leaves me in a Catch-22 with trying to script access on one host to perform actions on another while avoiding user/pass prompts or the need to store plaintext passwords on the remote host.
Anyone know if there's a way to resolve a user account password via PAM when using passwordless SSH or, another approach I could take to perform scripted tasks on the remote system requiring authentication? Ideally without storing the passwords on the remote system (at least in unencrypted form).
View 1 Replies
View Related
Mar 18, 2010
I wanted to set up Computer Lab. loading Fedora 11 OS and one system acting as a Server to store Users(Student) Login Informations. When students do a programs, all programs (eg, C++ programs) files should be saved in the local fedora system but when login to the system, the login should be validate by a Server System.
View 5 Replies
View Related
Aug 22, 2009
I have an rsync server and am now setting up cwrsync on my windows machine. I want to be able to run cwrsync over ssh with public private keys. I followed a tutorial over here to set this up. It, however, still prompts me for server password and works only if I provide the password. For some reason the public/private key process is not working.
- I generated a key using the command: ssh-keygen -t rsa -N '' (I verified the key gets generated on my Windows machine)
- I uploaded the generated file id_rsa.pub to server /root/.ssh/authorized_keys
I am also prompted for a password if from command prompt I run this command to log into server: ssh -i c:docume~1user.sshid_rsa root@<server_ip_address> On server I have changed the configuration file (/etc/ssh/ssh_config) to say:
RSAAuthentication yes
PubkeyAuthentication yes
I then restarted the sshd service, however, to no avail.
View 4 Replies
View Related
Jul 8, 2010
I recently got a nice, lightly used IBM Thinkpad laptop. It has wireless capability for the Internet. Linux is the only OS in the laptop. At home, I don't have wireless-- I have a wired DSL connection for my laptop and for my IBM desktop (which also only has Linux as OS).
When I took the laptop to the public library, wireless is provided there for free and I had no trouble connecting to the system there. But since I'm new to wireless, what do I need to have installed to have a secure laptop when in the public library (or when I'm anywhere else that offers free wifi) using the wireless connection? [I use Firestarter as my firewall in the laptop and in the desktop.] Do I have to install some software to make sure my laptop is secured from spying and invasions when in the library or is the Firestarter enough? If Firestarter is not enough, what is that wifi security software by name?
[My OS is MEPIS 8.5, a Debian-based distro.]
View 2 Replies
View Related
Mar 7, 2010
I am trying to figure out the best way to set up 1-1 NAT for three public ips to three private ips through a ubuntu gateway machine.
I am running ubuntu server 9.10 and the set up is:
Internet/ISP modem -> NIC 1 Ubuntu Gateway Machine NIC 2 -> Three PCs with Private IPs
I had a few questions on how to do this correctly and securely.
1) What packages do I need to install (aside from the basic ubuntu server installation and possibly DHCP3-Server)
2) How do I assign all three public IPs to the NIC connected to the ISP modem? All addresses will be static, will I need the DHCP3-Server package?
3) Once I have the three public IPs assigned how do I map each specific public IP to the private IP address associated with it and provide the correct loopback? I want to make sure each response from the internal machines are sent out as their specific public IP.
4) Aside from allowing all connections, how should IP tables be configured to allow web services to one internal machine, mail to another internal machine and DNS to the other internal machine?
View 14 Replies
View Related
Jan 30, 2010
I'm trying to give some windows users a permanent connection to a samba share behind a firewall over the public Internet. I know I can give them access with something like winscp (which they have done) but really I'd like to do it with a VPN so it seems seamless to the user. However I have no idea how to set up the server to support this and am finding the documentation a bit confusing. The samba share is on a Debian box and the firwewall is a Linksys WRT54GL.
View 1 Replies
View Related
Jun 6, 2011
I've got a p12 certificate (I own the secret key), and I would like to export the public key to gpg keyservers. How to achieve this?It works flawlessly inside gpgsm and kleopatra, but I cannot send keys:
Code:
$ gpgsm --send-keys 0xDA4E5DD0
gpgsm: this command has not yet been implemented
View 1 Replies
View Related
Oct 18, 2010
I have an encrypted document (with my key) which I should decrypt. After the generation of my key, my computer is formated and new reinstalled. Now GnuPG find my key public and I can't use it for decryption!
View 9 Replies
View Related
Jul 17, 2011
how safe is it to run Ubuntu updates when I'm connecting via a public network (wireless or wired) from a hotel (or other public settings). I'm not familiar with the internals but is there an additional validation mechanism for the package servers other than the URL ?
View 4 Replies
View Related
Aug 17, 2009
Run a script on ServerA which uses a ssh-connection to ServerB to execute a few commands on ServerB. As ServerB only allows login with username+password the whole stuff gets more complex. SSH provides key authentication enabling passwordless login as you probably know. So as stated in many tutorials I did the following:
Quote:
ssh-keygen -t dsa
ssh-copy-id .ssh/id_dsa.pub osr@10.17.120.207
Trying to connect with
ssh osr@10.17.120.207
should now be passwordless but I'm somehow still getting the prompt for the password.here the output from ssh -vvv osr@10.17.120.207
Quote:
OpenSSH_4.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
[code]....
interesting are probably the following lines:
Quote:
debug3: Not a RSA1 key file /users/osr/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
View 11 Replies
View Related
Apr 12, 2010
I want to connect to anothere server from my current server through SSH command.
when I am using the command in the terminal like-- ssh username@ip it is asking me to give password. This is working fine in the terminal. but I want to do it automatic through a shell script.
How can I be able to provide userid and password through shell script?
I was trying to achieve it by creating a public key and copy it to the destination .ssh file. but I dont have the permission to create any file in the destination server.
View 2 Replies
View Related
Dec 2, 2010
looking at my router logs i've noticed for the past while a range of source ports from 60000 to about 65000 from my source external ip to destination external ip always on port 80. I have 3 boxes on this network and this only seems to happen when i connect the one laptop. I even reinstalled the distro downloaded from trusted source but the router is still logging this.. netstat -ntulp shows nothing operating in this range. chkrootkit shows nothing.. Was thinking maybe someone was spoofing the external address but it's been happening on network startup for a month now
View 4 Replies
View Related
Mar 26, 2010
At the moment we have one SSH server with the private key being on a usb flash drive, and the public key being on the server in authorized_keys2. Now that three more servers are coming online, should we generate new keys, so we have muliple private and public keys (one pair for each server), or use the same two keys to access all the servers
View 5 Replies
View Related
Mar 31, 2010
I am using Nautilus to connect to an external server. Currently, I use password authentication, and all works fine. I just type sftp://SERVER and the connection is established after providing the login credentials. However, I changed the server to only accept Public Key Authentication and disabled password authentication, and as a consequence I could not login using Nautilus anymore. Is there some way to make this work?
View 9 Replies
View Related
Nov 4, 2010
I'd like to know if this is common security flaw or normal to open up FTP to the public which is of course protected with password for 3rd party access to maintain our public facing / production website ?
If yes, what sort of FTP application to install in Ubuntu ?
View 1 Replies
View Related
May 1, 2011
I am working currently on my server on an issue, I configured the SSH Deamon that only people who have a valid ssh-key can login on to the server, and kicked the password option. Now I've added a user account git. I navigate to his home folder created the folder ".ssh" and created in that folder the file "authorized_keys" I copied my public key in there. Now on my local machine I added that identity (via ssh-add) and I wanted to connect to my server. but when I'm trying to login myself I can't the only message I get is "Permission denied (publickey)."
View 1 Replies
View Related
Jul 22, 2010
I have to make sym link of phpmyadmin in /var/www in order to run phpmyadmin. I read that links can't be chmod-ed. The link ot folder phpmyadmin has 777 permissions. When browse in it every file has only read and for the root read/write access.
Is that a problem (777 access rights on sym link phpmyadmin on /var/www folder)?
View 1 Replies
View Related
Dec 22, 2010
I've tried to ssh in as the root user w/o a password (RSA keys) but I've had no luck as the root user. I've tried the exact same commands with Debian 5 and Centos 5.5, without a problem. Fedora 13 and 14 won't work! I can only log in w/o a password as a normal user, never as the root user! It always asks for the password if I try as root. I've even tried copying Debian's and Centos's sshd_config file and restarting sshd, but it still won't work.
Code:
mkdir ~/.ssh ~username/.ssh
chmod 0700 ~/.ssh ~username/.ssh
echo "ssh-rsa AAAAB............Jw8V03loeZ username@thehostname" > ~/.ssh/authorized_keys
[code]....
View 6 Replies
View Related
Mar 24, 2010
I have trouble with rsa authentication:
I did create an rsa certificate with ssh-keygen using my root account on a client: ssh-keygen -t rsa -b 2048 no passphrase I did copy the rsa pub_key from my client to the server scp id_rsa sampleuser@sampleserver:/home/sampleuser/.ssh/authorized_keys
I did change the ownership to the "sampleuser" of the pub key file on the server: I trayd to connect:
ssh sampleuser@sapleserver
I get that: permission denied (public key)... I know I do smth wrong but I don't know what.
View 2 Replies
View Related
Feb 18, 2010
In my ~/.ssh I have a number of public keys and one private key (id_rsa). How can I verify which one makes a pair with the private one.Or, can one generate the public one from the private key (in reasonable time)?
View 4 Replies
View Related
Feb 14, 2011
Within the documentation of example OpenVPN setups there is a setup that shows an OpenVPN Server with two network interfaces. One interfaces is plugged into the public internet network and the second interface is plugged into the private network.
Normally I assume that it would be best to place the OpenVPN system inside the network behind the router and firewall and open only the ports needed on the router to allow access to the OpenVPN system. All other router ports would be closed. This is the first example they show. To see what I am talking about see page(s) 6-7 here -> [URL]
If one were to use the two interface public facing setup, when would that setup best be justified? I guess if you didn't want to open any ports on the router/firewall then this could be justified but then you have to lock down this public system individually instead of having it protected by the network firewall.
View 1 Replies
View Related
Mar 13, 2010
I'm trying to find a secure way to backup files on my Prod Server to Backup Server. It must be automated, so I will need to run a command with cron which will login to Prod Server from Backup Server and backup data. 1. Do you think it would be secure enough to do this by creating an passwordless RSA private key on Backup Server and adding it's public key to authorized_hosts file on Prod Server? I can't think of a way to Automate this without having to enter any passwords without passwordless RSA key. Is there another. more secure way? 2. Should I create a special user for backup, which will only have read access to all files in the directory that I am backing up? If so, How can I run a check that this new backup user indeed has read access to ALL files in the folder that I intent to back up? How can I ensure the backup process will not skip files due to some permission problem? 3. I'm thinking of using rsnapshot tool, which uses rsync.
View 10 Replies
View Related
Nov 4, 2010
I'd like to know if this is common security flaw or normal to open up FTP to the public which is of course protected with password for 3rd party access to maintain our public facing / production website ? If yes, what sort of FTP application to install in your Linux webserver?
View 7 Replies
View Related
Aug 2, 2011
I'm trying to write a p2p file sharing program using python's built-in libraries. Everything is going well. The only thing is that i'd like to be able to use openssl public and private keys so only a host with the public key could access/decrypt the filesharing. I've gotten these libraries (httplib, basehttpserver, ssl, os) to work using just a pem file containing both the public and private keys but no success with them seperately. Can someone point me in the right direction or offer an alternative? PS, the goal of the project is to create an anonymous, decentralized, secure file sharing program. I want to be able to upload this to sourceforge so everyone can use it, if that's any incentive
View 2 Replies
View Related
