If you are not using TrueCrypt, you can still follow the steps in this section provided your private key file is in a secure location. Follow the steps below to connect to an SSH server using public key authentication with a private key file stored in a TrueCrypt container.
Using the Shell/Command line method -Terminal:
1. Get the path of the private key file to the TrueCrypt container, or any secure folder you are using. This will look like this:
In the above example, truecrypt10 is the name of the truecrypt container when mounted in Ubuntu.
2. Launch terminal and issue this command:
ssh -i <path_to_private_key_file> email@example.com
ssh -i /media/truecrypt10/SSHKEYS/id_rsa firstname.lastname@example.org
If you are not using port 22, then you should also specify port -p parameter. For example, if you are using port 5678:
ssh -i /media/truecrypt10/SSHKEYS/id_rsa -p 5678 email@example.com
3. Press enter to connect to your SSH server. You will need to enter the pass phrase.
1. Launch Filezilla.
2. Go to Edit –> Settings.
3. Click “SFTP.”
4. Click “Add Keyfile.”
5. Browse to the private key file stored in your TrueCrypt container. Select it and open.
6. If you receive a “convert keyfile,” select yes. Enter your pass phrase.
7. Save it to the same path, but with a different filename (no file extension), for example privatekeyforfilezilla.
8. Click OK.
9. Go to Filezilla Site Manager:
10. Now try connecting to your remote SSH server using Filezilla and public key authentication. You should be able to connect without providing any password.
Disable Password Authentication on your SSH Hosting Server
Now that you are sure your public authentication is fully working in both the command line and Filezilla (GUI), you can safely disable password authentication.
For virtual dedicated hosting:
1. Log in to your SSH server using command line method. Login as root su-
2. Locate your sshd_config file. This is usually found in /etc/ssh/, so try going to that path. If you have problems locating this file, you can ask your web host for support.
3. Open sshd_config file and make sure:
Is changed TO:
4. Also check that the following parameters are set as below:
5. Save changes to sshd_config file and then restart SSH:
sudo /etc/init.d/ssh restart
6. Try logging in with a password-based authentication only and not using public/private key. It should be denied.
7. For more security, you can even restrict the SSH access by IP address. You can read that here: http://bit.ly/q3afxE
For Shared Hosting
Unfortunately, not all shared hosting allows you to disable password authentication after you have completely set up public key authentication. A good example is GoDaddy shared hosting. Even though you can configure your SSH server to use public key authentication, you cannot disable password authentication without using their virtual dedicated hosting.
But some hosting services, such as Ubiquity hosting, default to public key authentication if you use SSH. And by default, I mean that they disable password authentication also. So all you need to do is create public and private keys, as illustrated in this tutorial. Then import the public key through their Cpanel and access the remote server using either Filezilla or command line.
blog comments powered by Disqus