SSH PubKey

**Daniel_DBS** · 12-06-2007, 06:38 PM

Does anyone use PubKeyAuthentication with SSH?? I am thinking about giving it a shot, but if I understand correctly, if I am at work or something and do not have the key file, I cannot access SSH

**Frank Broughton** · 12-06-2007, 07:08 PM

See Thisisit's signature - I believe he uses it and has some write up on it.

**Daniel_DBS** · 12-06-2007, 07:11 PM

I just checked and I didnt see anything about it... i am just concerned about if I NEED to access SSH and I don't have the private key file with me

**wuurp** · 12-06-2007, 07:32 PM

You can use both if you don't disable password authentication.

**Daniel_DBS** · 12-06-2007, 07:42 PM

Originally Posted by wuurp

You can use both if you don't disable password authentication.

That really defeats the purpose of PubKey... If you use PubKey and disable password, essentially, your server is virtually unhackable on SSH, unless that key escapes your possession of course.

**wuurp** · 12-06-2007, 08:05 PM

PubKeys have other purposes, but if you want password authentication disabled, I think your only option if you find yourself without your key, is to access the server through a control panel, or even vzpp if on vps, edit the sshd_config to reenable password authentication, and restart sshd.

So, are you using a passphrase with your pubkey?

**Daniel_DBS** · 12-06-2007, 08:12 PM

Currently I am simply using a passkey to access SSH without any sort of pub/priv key sig... I am running SSH on an altered port instead of 22, but I am paranoid and wanted to see if anyone uses pub/priv key instead and what they recommend... What I am concerned about really is if I was not using my desktop or laptop and needed to SSH into the server, I would need the private key file to authenticate... I do not want to store the key file on my Flash Drive because if I were to 'lose' my flash drive, then my SSH key is floating around!

**wuurp** · 12-06-2007, 08:25 PM

Losing your flash drive is why you would use a passphrase with your PubKey. It's like another password that is just used for authentication when using the PubKey. So, if someone finds your flash, they still would have to crack the passphrase to get in your account.

Oh, you've probably already done this, but as long as we are talking security, you should disable root logins, and only allow protocol 2.

**thisisit3** · 12-07-2007, 02:50 AM

if ~/.ssh doesn't exist create it with "mkdir ~/.ssh"

then

cd ~/.ssh

ssh-keygen -t rsa
(when asked to enter a password, hit enter if you don't want any, this means you'll get automatic logins, this is what i'm using, but you should keep your ssh private key to yourself)

copy the generated "id_rsa.pub" into the remote server's ~/.ssh/ and rename it as "authorized_keys", if the file already exists then overwrite it or append to it.

on the remote server, edit the file /etc/ssh/sshd_config and make sure you have these options set:
ChallengeResponseAuthentication no
PasswordAuthentication no
PubkeyAuthentication yes
UsePAM yes

LinkBack

Thread Tools

Display

SSH PubKey

Bookmarks

Bookmarks

Posting Permissions