Blame
Date:
Fri Dec 16 05:00:21 2022
UTC
Message:
Daily backup
11
2022-04-02
text=(:title SSH: Passwordless Authentication:)%0a%0assh is an amazing protocol, and the beauty of it lies not only in its cryptographic security but also in ease of usage. One of the most unique features of ssh is to use it without using password, generally referred to as [@passwordless authentication@] or [@Key based authentication@]%0a%0aThis in general provides, a better security model as the keys cannot be bruteforced (they can be but bruteforcing them would need a very powerful machine and a VERY long time.)%0a%0a!!! Uses%0a%0a1. Allows Secure way of logging into your machine%0a %0a2. Prevents password misuse or remembering of the passwords in general%0a %0a3. Eases the process of utilizing ssh for scripting from client side%0a %0a4. Enhances Security in the long run.%0a %0a%0a!!! Enabling Passwordless Authentication%0a%0aSo suppose that the machine you want to securely authenticate with is:%0a%0a[@testuser@testuser.host.ircnow.org@] and password is [@test123@]%0a%0athen from the client machine (your machine through which you are connecting to vps) there are in general three ways to transfer your ssh keys:%0a%0a1. Using [@ssh-copy-id@] command ('''Only works on few linux distros''')%0a %0a For this, all you need to do is [@ssh-copy-id testuser@testuser.host.ircnow.org@] and then enter your password, and ssh again and it will not ask password again.%0a %0a2. Copying using ssh%0a %0a Well, this is slightly manual method, but basically you copy paste it to the remote machine and provide password.%0a %0a [@cat ~/.ssh/id_rsa.pub | sshtestuser@testuser.host.ircnow.org "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"@]%0a %0a3. Manually Copying by sshing into the server%0a %0a Technically same method as above, but instead of a string of pipes and ssh, you manually copy paste the passwords in `~/.ssh/authorized_keys`%0a %0a%0a!!! Disabling Password authentication%0a%0aThis is important as so far, we have enabled password less auth, but we have not disabled the password login, this basically defeats the purpose of security as the others can still try to brute force your passwords.%0a%0aSo as to do that, edit [@/etc/ssh/ssh_config@] and add%0a%0a[@%0aPasswordAuthentication no%0aChallengeResponseAuthentication no%0aUsePAM no%0a@]%0a%0a[@%0akill -HUP `cat /var/run/sshd.pid`%0a# Notice the ` before cat and after pid.%0a@]
16
2022-04-02
diff:1648672051:1648671953:minor=26c26%0a%3c 1. Using [@ssh-copy-id@] command ('''Only works on few linux distros''')%0a---%0a> 1. Using [@ssh-copy-id@] command%0a
20
2022-04-02
diff:1648671953:1648671869:minor=3c3%0a%3c ssh is an amazing protocol, and the beauty of it lies not only in its cryptographic security but also in ease of usage. One of the most unique features of ssh is to use it without using password, generally referred to as [@passwordless authentication@] or [@Key based authentication@]%0a---%0a> ssh is an amazing protocol, and the beauty of it lies not only in its cryptographic security but also in ease of usage. One of the most unique features of ssh is to use it without using passowrd, generally referred to as [@passwordless authentication@] or [@Key based authentication@]%0a
24
2022-04-02
diff:1648671869:1648671733:=1,2c1,2%0a%3c (:title SSH: Passwordless Authentication:)%0a%3c %0a---%0a> '''SSH: Passwordless Authentication'''%0a> %0a7,8c7,8%0a%3c !!! Uses%0a%3c %0a---%0a> '''Uses'''%0a> %0a18,19c18,19%0a%3c !!! Enabling Passwordless Authentication%0a%3c %0a---%0a> '''Enabling Passwordless Authentication'''%0a> %0a26c26%0a%3c 1. Using [@ssh-copy-id@] command%0a---%0a> 1. Using [@ssh-copy-id@] command ('''Only works on few linux distros''')%0a41c41%0a%3c !!! Disabling Password authentication%0a---%0a> '''Disabling Password authentication'''%0a
27
2022-04-02
diff:1648671733:1648668516:=26c26%0a%3c 1. Using [@ssh-copy-id@] command ('''Only works on few linux distros''')%0a---%0a> 1. Using [@ssh-copy-id@] command%0a
31
2022-04-02
diff:1648668516:1648668516:=1,56d0%0a%3c '''SSH: Passwordless Authentication'''%0a%3c %0a%3c ssh is an amazing protocol, and the beauty of it lies not only in its cryptographic security but also in ease of usage. One of the most unique features of ssh is to use it without using passowrd, generally referred to as [@passwordless authentication@] or [@Key based authentication@]%0a%3c %0a%3c This in general provides, a better security model as the keys cannot be bruteforced (they can be but bruteforcing them would need a very powerful machine and a VERY long time.)%0a%3c %0a%3c '''Uses'''%0a%3c %0a%3c 1. Allows Secure way of logging into your machine%0a%3c %0a%3c 2. Prevents password misuse or remembering of the passwords in general%0a%3c %0a%3c 3. Eases the process of utilizing ssh for scripting from client side%0a%3c %0a%3c 4. Enhances Security in the long run.%0a%3c %0a%3c %0a%3c '''Enabling Passwordless Authentication'''%0a%3c %0a%3c So suppose that the machine you want to securely authenticate with is:%0a%3c %0a%3c [@testuser@testuser.host.ircnow.org@] and password is [@test123@]%0a%3c %0a%3c then from the client machine (your machine through which you are connecting to vps) there are in general three ways to transfer your ssh keys:%0a%3c %0a%3c 1. Using [@ssh-copy-id@] command%0a%3c %0a%3c For this, all you need to do is [@ssh-copy-id testuser@testuser.host.ircnow.org@] and then enter your password, and ssh again and it will not ask password again.%0a%3c %0a%3c 2. Copying using ssh%0a%3c %0a%3c Well, this is slightly manual method, but basically you copy paste it to the remote machine and provide password.%0a%3c %0a%3c [@cat ~/.ssh/id_rsa.pub | sshtestuser@testuser.host.ircnow.org "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"@]%0a%3c %0a%3c 3. Manually Copying by sshing into the server%0a%3c %0a%3c Technically same method as above, but instead of a string of pipes and ssh, you manually copy paste the passwords in `~/.ssh/authorized_keys`%0a%3c %0a%3c %0a%3c '''Disabling Password authentication'''%0a%3c %0a%3c This is important as so far, we have enabled password less auth, but we have not disabled the password login, this basically defeats the purpose of security as the others can still try to brute force your passwords.%0a%3c %0a%3c So as to do that, edit [@/etc/ssh/ssh_config@] and add%0a%3c %0a%3c [@%0a%3c PasswordAuthentication no%0a%3c ChallengeResponseAuthentication no%0a%3c UsePAM no%0a%3c @]%0a%3c %0a%3c [@%0a%3c kill -HUP `cat /var/run/sshd.pid`%0a%3c # Notice the ` before cat and after pid.%0a%3c @]%0a\ No newline at end of file%0a