Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
tutorials:ssh-sdf [2012/02/15 12:14] – Fix link memnontutorials:ssh-sdf [2012/02/15 15:19] memnon
Line 45: Line 45:
 Logging in with SSH key authentication means that you do not have to use your SDF account password. Instead, you generate a 'key' -- which is two long strings of characters stored in a pair of files -- and these files are used to verify that you are who you say you are. Since your key can reliably identify you, you can authorize the user of this key (you, hopefully) to log in to your SDF account. You can authorize any key you wish, and adding someone's key would allow them to log in to your SDF account, without even using or knowing your password. Logging in with SSH key authentication means that you do not have to use your SDF account password. Instead, you generate a 'key' -- which is two long strings of characters stored in a pair of files -- and these files are used to verify that you are who you say you are. Since your key can reliably identify you, you can authorize the user of this key (you, hopefully) to log in to your SDF account. You can authorize any key you wish, and adding someone's key would allow them to log in to your SDF account, without even using or knowing your password.
  
-This may sound insecure or easily exploitable. In fact though, due to much research and theory, it can be very secure. Notice "can be" in that last sentence. The key files are taking the place of a password in proving to the server that you're really you. Just like you have to keep passwords secret, the strength of this method relies on you following certain guidelines. You will generate a pair of mathematically related keys: one public and the other private. **You should never give out your private key, nor should you make the file that contains it readable by any other user. This would be like storing your password in a world-readable file.** Only your *public* key will be listed on the server. Ensuring that your private key remains private is the most important of the guidelines that I mentioned. On to the instructions:+This may sound insecure or easily exploitable. In fact though, due to much research and theory, it can be very secure. Notice "can be" in that last sentence. The key files are taking the place of a password in proving to the server that you're really you. Just like you have to keep passwords secret, the strength of this method relies on you following certain guidelines. You will generate a pair of mathematically related keys: one public and the other private. :!:**You should never give out your private key, nor should you make the file that contains it readable by any other user. This would be like storing your password in a world-readable file.**:!: Only your *public* key will be listed on the server. Ensuring that your private key remains private is the most important of the guidelines that I mentioned. On to the instructions:
  
 === Windows instructions === === Windows instructions ===
Line 57: Line 57:
 You can then add a passphrase to your key, and use just that one passphrase whenever you log in to an ssh server using your key. Alternately you can use no passphrase. Be aware though that if //you// don't have to use a password to login from your computer, then //neither would anyone else that sits down at your computer// or otherwise accesses your local account. You can then add a passphrase to your key, and use just that one passphrase whenever you log in to an ssh server using your key. Alternately you can use no passphrase. Be aware though that if //you// don't have to use a password to login from your computer, then //neither would anyone else that sits down at your computer// or otherwise accesses your local account.
  
-The key comment is for your personal convenience,reccomend youruser@yourlocalmachine and maybe the date, but of course it's up to you. Now save both the private and public key file somewhere (My Documents is a good choice, but pick somewhere that only *you* will have read access to.)+The key comment is for your personal convenience,recommend youruser@yourlocalmachine and maybe the date, but of course it's up to you. Now save both the private and public key file somewhere (My Documents is a good choice, but pick somewhere that only *you* will have read access to.)
  
 Next, you need to configure PuTTY to use this key. Fire up PuTTY and load your session or create a new one. Then in the Category list on the left, select "Connection" -> "SSH" -> "Auth". Browse for your key and load it up. Also, you'll want to allow changes of username if your SDF account name is different from your local one. Next, you need to configure PuTTY to use this key. Fire up PuTTY and load your session or create a new one. Then in the Category list on the left, select "Connection" -> "SSH" -> "Auth". Browse for your key and load it up. Also, you'll want to allow changes of username if your SDF account name is different from your local one.
Line 64: Line 64:
  
 0. Copy the contents in the Key Generator window ("Public key for pasting into OpenSSH authorized_keys file") 0. Copy the contents in the Key Generator window ("Public key for pasting into OpenSSH authorized_keys file")
 +Note that we can also extract from existing PuTTYgen-type private keys: just load into it, and the public key should be there.
  
 1. Log in as normal and run the following commands. 1. Log in as normal and run the following commands.
Line 80: Line 81:
  
 You should now be able to log in using SSH Key Authentication. You should now be able to log in using SSH Key Authentication.
- 
----- 
- 
-I succeeded somewhat differently. In my trial, public key should be rather copied not from the saved public key, but from **Public key for pasting into OpenSSh authorized_keys file:** textbox in the PuTTYgen window. Note that we can also extract from existing PuTTYgen-type private keys (just load into it, and the public key should be there.). 
  
 === OpenSSH instructions === === OpenSSH instructions ===