How to increase security with SSH
0 likes118 views
The document provides an extensive overview of Secure Shell (SSH), detailing its purpose, functionalities, and applications, including remote login and command execution. It includes instructions on generating SSH key pairs, password management, and transferring keys to servers as well as using SSH keys with PuTTY on Windows. Additionally, it covers specifics such as creating, checking, and uploading keys, enhancing the security in system login processes.
![SSH
HOW TO CREATE A KEY PAIR
▸ The simplest way to generate a key pair is to run ssh-keygen without arguments.
In this case, it will prompt for the file in which to store keys. Here's an example:
vsbook (11:39) ~>ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vitalii/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/vitalii/.ssh/id_rsa.
Your public key has been saved in /home/vitalii/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Up6KjbnEV4Hgfo75YM393QdQsK3Z0aTNBz0DoirrW+c vitalii@vsbook
The key's randomart image is:
+---[RSA 2048]----+
| . ..oo..|
| . . . . .o.X.|
| . . o. ..+ B|
| . o.o .+ ..|
| ..o.S o.. |
| . %o= . |
| @.B... . |
| o.=. o. . . .|
| .oo E. . .. |
+----[SHA256]-----+
vsbook (11:40) ~>](https://image.slidesharecdn.com/sshpresentation-180807030944/85/How-to-increase-security-with-SSH-4-320.jpg)
![SSH
HOW TO CHANGE THE PASSWORD OF “ID_RSA” FILE
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
-P passphrase
Provides the (old) passphrase.
-p
Requests changing the passphrase of a private key file instead of creating
a new private key. The program will prompt for the file containing the
private key, for the old passphrase, and twice for the new passphrase.
Example:
ssh-keygen -p -f ~/.ssh/knowledge_base_key -P "oldpass" -N “newpass"](https://image.slidesharecdn.com/sshpresentation-180807030944/85/How-to-increase-security-with-SSH-5-320.jpg)
How to increase security with SSH
- 1. SSH HOW TO INCREASE SECURITY Vitalii Sharavara
- 2. WHAT IS SSH SECURE SHELL ▸ Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. The best known example application is for remote login to computer systems by users. ▸ SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login and remote command execution, but any network service can be secured with SSH. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2.
- 3. THE SSH PROTOCOL An SSH key is an access credential in the SSH protocol. Its function is similar to that of user names and passwords, but the keys are primarily used for automated processes and for implementing single sign- on by system administrators and power users.
- 4. SSH HOW TO CREATE A KEY PAIR ▸ The simplest way to generate a key pair is to run ssh-keygen without arguments. In this case, it will prompt for the file in which to store keys. Here's an example: vsbook (11:39) ~>ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/vitalii/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/vitalii/.ssh/id_rsa. Your public key has been saved in /home/vitalii/.ssh/id_rsa.pub. The key fingerprint is: SHA256:Up6KjbnEV4Hgfo75YM393QdQsK3Z0aTNBz0DoirrW+c vitalii@vsbook The key's randomart image is: +---[RSA 2048]----+ | . ..oo..| | . . . . .o.X.| | . . o. ..+ B| | . o.o .+ ..| | ..o.S o.. | | . %o= . | | @.B... . | | o.=. o. . . .| | .oo E. . .. | +----[SHA256]-----+ vsbook (11:40) ~>
- 5. SSH HOW TO CHANGE THE PASSWORD OF “ID_RSA” FILE ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile] -P passphrase Provides the (old) passphrase. -p Requests changing the passphrase of a private key file instead of creating a new private key. The program will prompt for the file containing the private key, for the old passphrase, and twice for the new passphrase. Example: ssh-keygen -p -f ~/.ssh/knowledge_base_key -P "oldpass" -N “newpass"
- 6. SSH HOW COPY THE KEY TO A SERVER ssh-copy-id -i ~/.ssh/id_rsa devops@devops.deltavn.vn “AUTHORIZED_KEYS” The authorized_keys file in SSH specifies the SSH keys that can be used for logging into the user account for which the file is configured. SSH-RSA AAAAB3NZAC1YC2EAAAABIWAAAIEA0KJDLOIIXJ9XDMXICT9KVAKFUXFQI+CIIKLAN5HHSNGYOU7TIJQYONEU5FONLOAO/ CSHLA+KUARGYTRTIZWCP4TPCTXZHHJRM0GUDJRAGW7SMVIS/5XJBGAYHKJ1YUMGO7+NJTMSCLX6PFOLQYVEURIIVVCCZERGCLH+UTSXK3Z+L7HX9NIDG3/ YLOLC3F3SLXRJKN0GMTGK7BHJFXO4PGUUPJWZLVDUDX+XKIQTT2N4ISYS6N9QVFG3ZUGNLEJZM47NK/YTAC0MAX98PK+QNZSUAQOO/ ISHJ1TOW5WWSCFLPARVJ2AYROQAE7CFQG7Q12I9OLASFD3U5NAZFZCTYAVWA1KZ9UZEWLJ1BR1XOKPQOLEMM8KCP/PXZZ8H0KISKMIJI0/ QUIZOPEBSKLSZXJLALCXR8MG1UIZVWY48I9JHEYXYJ1TOCJ6CPSCPGFHP3DAGSLKKBE1EFAVFEEYGANHESLNDDG3GQ5XSSB9OKQM3V5T8GPFAJBV68BXQ4BK6HJ21A3CINV4LD V3HR/OBUBDG2ECI+ZKRDJLPJUU4YU= VITALII@FECREDIT.COM.VN SSH-RSA AAAAB3NZAC1YC2EAAAABIWAAAIEAYWWHRWQ4FJHT+UUWZCZEPXTJTZOENFPOJUFYCAYSO2NTLZNWNAQEQRFBQSUXKVTOTGXGAPIKUVJRIJNBDJE6IOZVBXZHHJRM0GUDJRAG W7SMVIS/5XJBGAYHKJ1YUMGO7+NJTMSCLX6PFOLQYVEURIIVVCCZERGCLH+UTSXK3Z+L7HX9NIDG3/ YLOLC3F3SLXRJKN0GMTGK7BHJFXO4PGUUPJWZLVDUDX+XKIQTT2N4ISYS6N9QVFG3ZUGNLEJZM47NK/YTAC0MAX98PK+QNZSUAQOO/ ISHJ1TOW5WWSCFLPARVJ2AYROQAE7CFQG7Q12I9OLASFD3U5NAZFZCTYAVWA1KZ9UZEWLJ1BR1XOKPQOLEMM8KCP/PXZZ8H0KISKMIJI0/ QUIZOPEBSKLSZXJLALCXR8MG1UIZVWY48I9JHEYXYJ1TOCJ6CPSCPGFHP3DAGSLKKBE1EFAVFEEYGANHESUXC9WKSEFZCEYMJ+RGJXMKBXNZMYYCBWSSQAEGJPMEUDLWZU2 GD0OBBZ0HXQG9J1XALLOP5AVDKFESZZCC= SHARAVARA@FECREDIT.COM.VN
- 7. SUMMARY How to create a new id_rsa file ssh-keygen -t rsa -b 4096 -C "iaroslav.kupriianov@fecredit.com.vn" -f iaroslav.kupriianov_id_rsa How to check key identity ssh-keygen -l -i iaroslav.kupriianov_id_rsa How to change the password ssh-keygen -p -f iaroslav.kupriianov_id_rsa -P "12345678" -N "12345" How to upload pulic key to the server ssh-copy-id -i iaroslav.kupriianov_id_rsa.pub devops@devops01.deltavn.vn How to connect to the server ssh -i iaroslav.kupriianov_id_rsa devops@devops01.deltavn.vn
- 8. USE SSH KEYS WITH PUTTY ON WINDOWS USE EXISTING PUBLIC AND PRIVATE KEYS Launch PuTTYgen from the Windows Programs list 1. Click Conversions from the PuTTY Key Generator menu and select Import key. 2. Navigate to the OpenSSH private key and click Open. 3. Under Actions / Save the generated key, select Save private key. 4. Choose an optional passphrase to protect the private key. 5. Save the private key to the desktop as id_rsa.ppk.
- 9. USE SSH KEYS WITH PUTTY ON WINDOWS CONNECT TO SERVER WITH PRIVATE KEY 1. Enter the remote server Host Name or IP address under Session. 2. Navigate to Connection > SSH > Auth. 3. Click Browse... under Authentication parameters / Private key file for authentication. 4. Locate the id_rsa.ppk private key and click Open. 5. Finally, click Open again to log into the remote server with key pair authentication.