Home arrow Site Administration arrow Page 2 - Optimizing Security: SSH Public Key Authentication

Connecting securely to SSH server with private key in TrueCrypt - Administration

The main benefit of SSH Public Key authentication is that your website will be protected against brute force attacks, and enjoy the benefits of encrypted communication. Brute force attacks are automated random guessing of passwords in your SSH server in an attempt to access it illegally. This tutorial will show you how to use public key authentication.

TABLE OF CONTENTS:
  1. Optimizing Security: SSH Public Key Authentication
  2. Connecting securely to SSH server with private key in TrueCrypt
By: Codex-M
Rating: starstarstarstarstar / 0
November 08, 2011

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

If you are not using TrueCrypt, you can still follow the steps in this section provided your private key file is in a secure location. Follow the steps below to connect to an SSH server using public key authentication with a private key file stored in a TrueCrypt container.

Using the Shell/Command line method -Terminal:

1. Get the path of the private key file to the TrueCrypt container, or any secure folder you are using. This will look like this:

/media/truecrypt10/SSHKEYS/id_rsa

In the above example, truecrypt10 is the name of the truecrypt container when mounted in Ubuntu.

2. Launch terminal and issue this command:

ssh -i <path_to_private_key_file> your_ssh_username@yourdomain.com
 
Using the path example above, it will be:

ssh -i /media/truecrypt10/SSHKEYS/id_rsa your_ssh_username@yourdomain.com

If you are not using port 22, then you should also specify port -p parameter. For example, if you are using port 5678:

ssh -i /media/truecrypt10/SSHKEYS/id_rsa -p 5678 your_ssh_username@yourdomain.com

3. Press enter to connect to your SSH server. You will need to enter the pass phrase.

Using Filezilla:

1. Launch Filezilla.

2. Go to Edit –> Settings.

3. Click “SFTP.”

4. Click “Add Keyfile.”

5. Browse to the private key file stored in your TrueCrypt container. Select it and open.

6. If you receive a “convert keyfile,” select yes. Enter your pass phrase.

7. Save it to the same path, but with a different filename (no file extension), for example privatekeyforfilezilla.

8. Click OK.

9. Go to Filezilla Site Manager:

  • Make sure Logontype is set to “Normal.”
  • Put in your SSH host, port number and username.
  • Leave the password field BLANK.

10. Now try connecting to your remote SSH server using Filezilla and public key authentication. You should be able to connect without providing any password.

Disable Password Authentication on your SSH Hosting Server

Now that you are sure your public authentication is fully working in both the command line and Filezilla (GUI), you can safely disable password authentication.

For virtual dedicated hosting:

1. Log in to your SSH server using command line method. Login as root su-

2. Locate your sshd_config file. This is usually found in /etc/ssh/, so try going to that path. If you have problems locating this file, you can ask your web host for support.

3. Open sshd_config file and make sure:

#PasswordAuthentication yes

Is changed TO:

PasswordAuthentication no

4. Also check that the following parameters are set as below:

PubkeyAuthentication yes
RSAAuthentication yes

5. Save changes to sshd_config file and then restart SSH:

sudo /etc/init.d/ssh restart

6. Try logging in with a password-based authentication only and not using public/private key. It should be denied.

7. For more security, you can even restrict the SSH access by IP address. You can read that here: http://bit.ly/q3afxE

For Shared Hosting

Unfortunately, not all shared hosting allows you to disable password authentication after you have completely set up public key authentication. A good example is GoDaddy shared hosting. Even though you can configure your SSH server to use public key authentication, you cannot disable password authentication without using their virtual dedicated hosting.

But some hosting services, such as Ubiquity hosting, default to public key authentication if you use SSH. And by default, I mean that they disable password authentication also. So all you need to do is create public and private keys, as illustrated in this tutorial. Then import the public key through their Cpanel and access the remote server using either Filezilla or command line.



 
 
>>> More Site Administration Articles          >>> More By Codex-M
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

SITE ADMINISTRATION ARTICLES

- Coding: Not Just for Developers
- To Support or Not Support IE?
- Administration: Networking OSX and Win 7
- DotNetNuke Gets Social
- Integrating MailChimp with Joomla: Creating ...
- Integrating MailChimp with Joomla: List Mana...
- Integrating MailChimp with Joomla: Building ...
- Integrating MailChimp with Joomla
- More Top WordPress Plugins for Social Media
- Optimizing Security: SSH Public Key Authenti...
- Patches and Rejects in Software Configuratio...
- Configuring a CVS Server
- Managing Code and Teams for Cross-Platform S...
- Software Configuration Management
- Back Up a Joomla Site with Akeeba Backup

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: