Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
tutorials:ssh-sdf [2012/02/15 12:14] – Fix link memnontutorials:ssh-sdf [2012/02/15 15:41] (current) – Improvements recommended by wliao memnon
Line 45: Line 45:
 Logging in with SSH key authentication means that you do not have to use your SDF account password. Instead, you generate a 'key' -- which is two long strings of characters stored in a pair of files -- and these files are used to verify that you are who you say you are. Since your key can reliably identify you, you can authorize the user of this key (you, hopefully) to log in to your SDF account. You can authorize any key you wish, and adding someone's key would allow them to log in to your SDF account, without even using or knowing your password. Logging in with SSH key authentication means that you do not have to use your SDF account password. Instead, you generate a 'key' -- which is two long strings of characters stored in a pair of files -- and these files are used to verify that you are who you say you are. Since your key can reliably identify you, you can authorize the user of this key (you, hopefully) to log in to your SDF account. You can authorize any key you wish, and adding someone's key would allow them to log in to your SDF account, without even using or knowing your password.
  
-This may sound insecure or easily exploitable. In fact though, due to much research and theory, it can be very secure. Notice "can be" in that last sentence. The key files are taking the place of a password in proving to the server that you're really you. Just like you have to keep passwords secret, the strength of this method relies on you following certain guidelines. You will generate a pair of mathematically related keys: one public and the other private. **You should never give out your private key, nor should you make the file that contains it readable by any other user. This would be like storing your password in a world-readable file.** Only your *public* key will be listed on the server. Ensuring that your private key remains private is the most important of the guidelines that I mentioned. On to the instructions:+This may sound insecure or easily exploitable. In fact though, due to much research and theory, it can be very secure. Notice "can be" in that last sentence. The key files are taking the place of a password in proving to the server that you're really you. Just like you have to keep passwords secret, the strength of this method relies on you following certain guidelines. You will generate a pair of mathematically related keys: one public and the other private. :!:**You should never give out your private key, nor should you make the file that contains it readable by any other user. This would be like storing your password in a world-readable file.**:!: Only your *public* key will be listed on the server. Ensuring that your private key remains private is the most important of the guidelines that I mentioned. On to the instructions:
  
 === Windows instructions === === Windows instructions ===
Line 57: Line 57:
 You can then add a passphrase to your key, and use just that one passphrase whenever you log in to an ssh server using your key. Alternately you can use no passphrase. Be aware though that if //you// don't have to use a password to login from your computer, then //neither would anyone else that sits down at your computer// or otherwise accesses your local account. You can then add a passphrase to your key, and use just that one passphrase whenever you log in to an ssh server using your key. Alternately you can use no passphrase. Be aware though that if //you// don't have to use a password to login from your computer, then //neither would anyone else that sits down at your computer// or otherwise accesses your local account.
  
-The key comment is for your personal convenience,reccomend youruser@yourlocalmachine and maybe the date, but of course it's up to you. Now save both the private and public key file somewhere (My Documents is a good choice, but pick somewhere that only *you* will have read access to.)+The key comment is for your personal convenience,recommend youruser@yourlocalmachine and maybe the date, but of course it's up to you. Now save both the private and public key file somewhere (My Documents is a good choice, but pick somewhere that only *you* will have read access to.)
  
 Next, you need to configure PuTTY to use this key. Fire up PuTTY and load your session or create a new one. Then in the Category list on the left, select "Connection" -> "SSH" -> "Auth". Browse for your key and load it up. Also, you'll want to allow changes of username if your SDF account name is different from your local one. Next, you need to configure PuTTY to use this key. Fire up PuTTY and load your session or create a new one. Then in the Category list on the left, select "Connection" -> "SSH" -> "Auth". Browse for your key and load it up. Also, you'll want to allow changes of username if your SDF account name is different from your local one.
Line 64: Line 64:
  
 0. Copy the contents in the Key Generator window ("Public key for pasting into OpenSSH authorized_keys file") 0. Copy the contents in the Key Generator window ("Public key for pasting into OpenSSH authorized_keys file")
 +Note that we can also extract from existing PuTTYgen-type private keys: just load into it, and the public key should be there.
  
 1. Log in as normal and run the following commands. 1. Log in as normal and run the following commands.
Line 80: Line 81:
  
 You should now be able to log in using SSH Key Authentication. You should now be able to log in using SSH Key Authentication.
- 
----- 
- 
-I succeeded somewhat differently. In my trial, public key should be rather copied not from the saved public key, but from **Public key for pasting into OpenSSh authorized_keys file:** textbox in the PuTTYgen window. Note that we can also extract from existing PuTTYgen-type private keys (just load into it, and the public key should be there.). 
  
 === OpenSSH instructions === === OpenSSH instructions ===
Line 115: Line 112:
 === What is port tunneling good for === === What is port tunneling good for ===
  
-Port tunneling is the ability to tunnel from your internet point for presence back to SDF[-EU] servers and use the SDF[-EU] servers like a [[http://en.wikipedia.org/wiki/SOCKS|Socks 4 Proxy]]. This allows your connection to be encrypted via SSL between your internet access point and SDF[-EU]. This allows your traffic to be more secure if you are on a public internet access point+Port tunneling is the ability to tunnel from your internet point for presence back to SDF[-EU] servers and use the SDF[-EU] servers like a [[http://en.wikipedia.org/wiki/SOCKS|Socks 4 Proxy]]. This allows your connection to be encrypted via SSH between your internet access point and SDF[-EU]. This allows your traffic to be more secure if you are on a public internet access point
  
 === What tools are needed === === What tools are needed ===
Line 131: Line 128:
   ssh -D 1080 -p 465 username@odin.sdf-eu.org   ssh -D 1080 -p 465 username@odin.sdf-eu.org
  
-Alternatively, you can use an external program known as 'connect'. 
-All the details for using this program are documented on its webpage at https://bitbucket.org/gotoh/connect/ 
  
 === How to set up PuTTY === === How to set up PuTTY ===
Line 147: Line 142:
  Then go back to session and name and save the session. Click connect and the tunnel should become active.  Then go back to session and name and save the session. Click connect and the tunnel should become active.
  
-Finally, configure your browser to use the SOCKS proxy on "localhost" using port 9999 as shown [[#How to use the Tunnel you just enabled|below]] using Firefox.+Finally, configure your browser to use the SOCKS proxy on "localhost" using port 1080 as shown [[#How to use the Tunnel you just enabled|below]] using Firefox.
  
 === How to use the Tunnel you just enabled === === How to use the Tunnel you just enabled ===
Line 178: Line 173:
   * Port number to connect to (default is 1080)   * Port number to connect to (default is 1080)
   * Your username and password   * Your username and password
 +
 +=== Commandline ===
 +
 +To connect to a socks proxy on the commandline, you can use an external program known as 'connect'.
 +All the details for using this program are documented on its webpage at https://bitbucket.org/gotoh/connect/
  
 === SSH(C) – SSH Communications Security Corp === === SSH(C) – SSH Communications Security Corp ===
Line 198: Line 198:
 {{ tutorials:ssh-putty-config.png }} {{ tutorials:ssh-putty-config.png }}
   - Connect as normal! (You may want to save these details for future use)   - Connect as normal! (You may want to save these details for future use)
 +