Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
tutorials:ssh-sdf [2012/02/15 13:33] – Remove obsolete paragraph. memnontutorials:ssh-sdf [2012/02/15 15:41] (current) – Improvements recommended by wliao memnon
Line 45: Line 45:
 Logging in with SSH key authentication means that you do not have to use your SDF account password. Instead, you generate a 'key' -- which is two long strings of characters stored in a pair of files -- and these files are used to verify that you are who you say you are. Since your key can reliably identify you, you can authorize the user of this key (you, hopefully) to log in to your SDF account. You can authorize any key you wish, and adding someone's key would allow them to log in to your SDF account, without even using or knowing your password. Logging in with SSH key authentication means that you do not have to use your SDF account password. Instead, you generate a 'key' -- which is two long strings of characters stored in a pair of files -- and these files are used to verify that you are who you say you are. Since your key can reliably identify you, you can authorize the user of this key (you, hopefully) to log in to your SDF account. You can authorize any key you wish, and adding someone's key would allow them to log in to your SDF account, without even using or knowing your password.
  
-This may sound insecure or easily exploitable. In fact though, due to much research and theory, it can be very secure. Notice "can be" in that last sentence. The key files are taking the place of a password in proving to the server that you're really you. Just like you have to keep passwords secret, the strength of this method relies on you following certain guidelines. You will generate a pair of mathematically related keys: one public and the other private. **You should never give out your private key, nor should you make the file that contains it readable by any other user. This would be like storing your password in a world-readable file.** Only your *public* key will be listed on the server. Ensuring that your private key remains private is the most important of the guidelines that I mentioned. On to the instructions:+This may sound insecure or easily exploitable. In fact though, due to much research and theory, it can be very secure. Notice "can be" in that last sentence. The key files are taking the place of a password in proving to the server that you're really you. Just like you have to keep passwords secret, the strength of this method relies on you following certain guidelines. You will generate a pair of mathematically related keys: one public and the other private. :!:**You should never give out your private key, nor should you make the file that contains it readable by any other user. This would be like storing your password in a world-readable file.**:!: Only your *public* key will be listed on the server. Ensuring that your private key remains private is the most important of the guidelines that I mentioned. On to the instructions:
  
 === Windows instructions === === Windows instructions ===
Line 112: Line 112:
 === What is port tunneling good for === === What is port tunneling good for ===
  
-Port tunneling is the ability to tunnel from your internet point for presence back to SDF[-EU] servers and use the SDF[-EU] servers like a [[http://en.wikipedia.org/wiki/SOCKS|Socks 4 Proxy]]. This allows your connection to be encrypted via SSL between your internet access point and SDF[-EU]. This allows your traffic to be more secure if you are on a public internet access point+Port tunneling is the ability to tunnel from your internet point for presence back to SDF[-EU] servers and use the SDF[-EU] servers like a [[http://en.wikipedia.org/wiki/SOCKS|Socks 4 Proxy]]. This allows your connection to be encrypted via SSH between your internet access point and SDF[-EU]. This allows your traffic to be more secure if you are on a public internet access point
  
 === What tools are needed === === What tools are needed ===
Line 128: Line 128:
   ssh -D 1080 -p 465 username@odin.sdf-eu.org   ssh -D 1080 -p 465 username@odin.sdf-eu.org
  
-Alternatively, you can use an external program known as 'connect'. 
-All the details for using this program are documented on its webpage at https://bitbucket.org/gotoh/connect/ 
  
 === How to set up PuTTY === === How to set up PuTTY ===
Line 144: Line 142:
  Then go back to session and name and save the session. Click connect and the tunnel should become active.  Then go back to session and name and save the session. Click connect and the tunnel should become active.
  
-Finally, configure your browser to use the SOCKS proxy on "localhost" using port 9999 as shown [[#How to use the Tunnel you just enabled|below]] using Firefox.+Finally, configure your browser to use the SOCKS proxy on "localhost" using port 1080 as shown [[#How to use the Tunnel you just enabled|below]] using Firefox.
  
 === How to use the Tunnel you just enabled === === How to use the Tunnel you just enabled ===
Line 175: Line 173:
   * Port number to connect to (default is 1080)   * Port number to connect to (default is 1080)
   * Your username and password   * Your username and password
 +
 +=== Commandline ===
 +
 +To connect to a socks proxy on the commandline, you can use an external program known as 'connect'.
 +All the details for using this program are documented on its webpage at https://bitbucket.org/gotoh/connect/
  
 === SSH(C) – SSH Communications Security Corp === === SSH(C) – SSH Communications Security Corp ===
Line 195: Line 198:
 {{ tutorials:ssh-putty-config.png }} {{ tutorials:ssh-putty-config.png }}
   - Connect as normal! (You may want to save these details for future use)   - Connect as normal! (You may want to save these details for future use)
 +