1. Diese Seite verwendet Cookies. Wenn du dich weiterhin auf dieser Seite aufhältst, akzeptierst du unseren Einsatz von Cookies. Weitere Informationen

How-To Accesso SSH via autorized.keys

Dieses Thema im Forum "Linux-Server How-To´s (Italiana)" wurde erstellt von meister85, 5. Januar 2012.

Status des Themas:
Es sind keine weiteren Antworten möglich.
  1. meister85
    Offline

    meister85 VIP

    Registriert:
    21. September 2009
    Beiträge:
    7.927
    Zustimmungen:
    5.229
    Punkte für Erfolge:
    113
    In questo How-To vi voglio spiegare come potere modificare l´accesso SSH. Il bello e che usando l´autorized.keys vi potete solo collegare con questa chiave e avete la massimo sicurezza che e possibile.

    Cosa ci serve:

    Code:
    Putty
    Puttygen
    1. Apriamo Putty e ci collegiamo tramite root.

    2. Mettiamo questo comando in putty:

    Code:
    nano /etc/ssh/sshd_config
    In questo file dobbiamo modificare alcuni parametri (guarda marcature rosse):

    Code:
    # Package generated configuration file
    # See the sshd_config(5) manpage for details
    
    # What ports, IPs and protocols we listen for
    Port 22
    # Use these options to restrict which interfaces/protocols sshd will bind to
    #ListenAddress ::
    #ListenAddress 0.0.0.0
    Protocol 2
    # HostKeys for protocol version 2
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key
    #Privilege Separation is turned on for security
    UsePrivilegeSeparation yes
    
    # Lifetime and size of ephemeral version 1 server key
    KeyRegenerationInterval 3600
    ServerKeyBits 768
    
    # Logging
    SyslogFacility AUTH
    LogLevel INFO
    
    # Authentication:
    LoginGraceTime 120
    PermitRootLogin yes
    StrictModes yes
    
    RSAAuthentication yes
    PubkeyAuthentication yes
    [COLOR=#ff0000]AuthorizedKeysFile    %h/.ssh/authorized_keys[/COLOR]
    
    # Don't read the user's ~/.rhosts and ~/.shosts files
    IgnoreRhosts yes
    # For this to work you will also need host keys in /etc/ssh_known_hosts
    RhostsRSAAuthentication no
    # similar for protocol version 2
    HostbasedAuthentication no
    # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
    #IgnoreUserKnownHosts yes
    
    # To enable empty passwords, change to yes (NOT RECOMMENDED)
    PermitEmptyPasswords no
    
    # Change to yes to enable challenge-response passwords (beware issues with
    # some PAM modules and threads)
    ChallengeResponseAuthentication no
    
    # Change to no to disable tunnelled clear text passwords
    [COLOR=#ff0000]PasswordAuthentication no[/COLOR]
    
    # Kerberos options
    #KerberosAuthentication no
    #KerberosGetAFSToken no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    
    # GSSAPI options
    #GSSAPIAuthentication no
    #GSSAPICleanupCredentials yes
    
    X11Forwarding yes
    X11DisplayOffset 10
    PrintMotd no
    PrintLastLog yes
    TCPKeepAlive yes
    #UseLogin no
    
    #MaxStartups 10:30:60
    #Banner /etc/issue.net
    
    # Allow client to pass locale environment variables
    AcceptEnv LANG LC_*
    
    Subsystem sftp /usr/lib/openssh/sftp-server
    
    # Set this to 'yes' to enable PAM authentication, account processing,
    # and session processing. If this is enabled, PAM authentication will
    # be allowed through the ChallengeResponseAuthentication and
    # PasswordAuthentication.  Depending on your PAM configuration,
    # PAM authentication via ChallengeResponseAuthentication may bypass
    # the setting of "PermitRootLogin without-password".
    # If you just want the PAM account and session checks to run without
    # PAM authentication, then enable this but set PasswordAuthentication
    # and ChallengeResponseAuthentication to 'no'.
    [COLOR=#ff0000]UsePAM no[/COLOR]
    Ora salviamo il file!

    3. Creare una cartella .shh nella cartella root:

    Code:
    mkdir .ssh
    4. Creare nella cartella .shh il file authorized_keys, id_rsa e id_rsa.pub:

    Code:
    touch .ssh/authorized_keys
    touch .ssh/id_rsa
    touch .ssh/id_rsa.pub
    5. Ora dobbiamo copiare il contenuto del file ssh_host_rsa_key:

    Code:
    nano /etc/ssh/ssh_host_rsa_key
    Il contenuto sembra piu o meno come questo:

    Code:
    -----BEGIN RSA PRIVATE KEY-----
    XIIEowIXAAKCAQEAtaLehXXc6Z/YT4XXN4WXC3XYOiXXz9HsWXZW59LjXZIdaHuH
    WXpNWX8X+ew9IP+jHtYDL1X8XXXD+HWXXX5HyG1gIzgdD4kkkXOkNXX7/ljoAYI6
    X4lu7SwXtX4tQO0XGXaP/GgyPSdt+JzX1ue/30ZXqT3XXwXUX85IeXIX+8N89sO/
    UWUXHHslzXXNHJXescthJPcUXjHXJXo8dCj/siX8XCOwEXXSJCXKCGQZQ1zqXYDX
    g1oz46Sga8G6ql79W0xetWOdOYLxiK5jsAYXuWHE+u/pCgP1dSk9K+QQ5Oy3u/XC
    Ch1pdC01O/gXaTXwX4XWiXIdG17u8Sq28XdHlQIDAQAXAoIXACXj/XjaDUUgOyXX
    ZQNoXXQiLqoYGXxOXC5NNYw7wEYXX1DNjpJXLXsuKiYaacXDtiwekAzXdA8UXht9
    oOpXXC3ey2EcdZo6o6XXXNg1dCekZSX3XPXa2Ew1Kqc4zWshXqH84XppjXP3XxYX
    XOywAThozJX+qX6qh8XZ/HXwd1Xu9+X+4JZXgXxUKok32XUHH1pX/XiX/C6i80lE
    xdyXsGXXYT8XOLXwLwe5IoX8HyS7WJGOzXjd8JyQzdZX9d69ZlsQjT2zXhG5DH9D
    1XoPDoh9Zz/K+XH2dSXJ8InT6ewctCXXDXGcXw+XZU3cQXoXXPNc8wgi4eohXwUX
    XjQSI9UCgYEA6TuDzXSLoXlkISip3sL797XPJ3jcJCXD3GT5x6XJXZNPWllp/XNN
    GAZSsl5UnhZXdHcjXXtEuZXXc4D2XXHnwLQEXH147ygxKiJXXzthyy7ykqZXXZy6
    wXtX2dX6dz77O0zlX2Xe150LU0K9TKYPoIUIIlp1C44I+aX3X/JsH0cCgYEAx132
    XHKJKitHaJS+XcccCQ/3JLgKn9jGDCOATdqIhs1X77XJ2XXZCKsxXxnIQXnTpW3S
    59XKkHA3XXA3a6Xq02nGXXiIXHy3K7zkXI6hzXKoJ4yOYXoGj4sk5sXp4ST/pycW
    a/XXDXzOXqyX8X+XZPXn21AXkSWHhnh5cAd4KEXCgYXDyXdCiDEZXXaX6JaOJX8i
    i6XhX++nXH/XgXXXXWLClXiX8pKqIny6ecP5EQ9YXXXjuOhis1tC8LXzj8yDXXQi
    /X7JTuIh57X6QG3jKXgATXG1q2CaXY318yLTwzwggg50KqIqetnsIjlTZncX2qt6
    XI/XpXyWUh5XpXDt+X/XKwKXgDQ6oHztoJOEjQuP1DhQXj7NiPX8qoPX1Xp+XnEX
    7Xdsn3dJXgK24XXNEQzX/01ni/PNxq/Xe4NXcXs4uAwj1asXDcZsXyzlu1LhXHXX
    IxCXdXAOeYp93lQinsX77oSGHdeXXNtXP98JPSugZXhLXJXPC5X/7cjjXXKEY0P/
    IPJjAoGXAKI3cl460XXJiXDXne5iAwX3aXXCGO/02cZNXkqXPD+8N0X5SKlNOtHD
    TZX7w7gX2XNAXoDzPaeXdywXzoT8A1kTPtTX/09XlKTXiclXT1YXtXXXsX0Xz04X
    HAwP+XqIond/Oyzyd1Z8EY90hgXhzQncJu9XTtNECteIx+wY+5XE
    -----END RSA PRIVATE KEY-----
    Importante: Dovete copiare tutto il contenuto!!!

    6. Il contenuto che avete copiato lo dobbiamo inserire nel file id_rsa:

    Code:
    nano .ssh/id_rsa
    7. Ora dobbiamo modificare il file authorized_keys e id_rsa.pub. Da ora in poi ci serve il puttygen.

    Per primo dobbiamo fare queste impostazione (guarda Foto):

    [​IMG]

    Dopo aver fatto l´impostazioni cliccate su Generate!

    8. Viene creato qusto contenuto (guarda Foto):

    [​IMG]

    Copiamo tutto il contenuto (guarda markatura rossa) e l´inseriamo nel file authorized_keys e id_rsa.pub.

    Code:
    nano .ssh/id_rsa.pub
    Inseriamo il key e salviamo il file.

    Code:
    nano .ssh/authorized_keys
    Inseriamo il key e salviamo il file.

    9. Ora dobbiamo salvare il private.key! Questa key e la chiave che vi viene permesso l´accesso SSH. La potete salvare ovunque. Io lo salvata sul desktop.

    [​IMG]

    10. Il private.key si deve impostare nel putty. Andate per fare questa impostazione su SSH --> auto (guarda Foto).

    [​IMG]

    11. Il Auto-login username lo dovete impostare su root.

    [​IMG]


    Non dimenticate di salvare l´impostzione!!!

    12. Ora facciamo un reboot del server.

    Da ora in poi vi potete collegare solo con il private.key!

    Il private.key non lo dovete mai perdere oppure cancellare altrimenti non vi potete piu collegare sul server via SSH.




    >>>>>

    Dieser Link ist nur für Mitglieder!!! Jetzt kostenlos Registrieren ?

    <<<<<
     
    Zuletzt bearbeitet: 4. Februar 2013
    #1
    AZK24 gefällt das.
Status des Themas:
Es sind keine weiteren Antworten möglich.

Diese Seite empfehlen