Archive

Posts Tagged ‘authentication’

SSH Private & Public Key Howto

January 6th, 2009
No comments
This is a very simple howto (for Linux/Mac users) on setting up both SSH client side and server side keys. Using private and public keys for ssh, scp, and sftp is great for a series of reasons.

  1. You can give someone your public key to put on their server so you have access. I just did this the other night. As soon as I was done he simply removed my key - no passwords had to be shared.
  2. It allows for better security so you don’t have someone trying to guess passwords or dealing with someone who can’t remember the password and does the “sticky note with password on monitor” trick.
  3. If you choose to not use a passphrase on your keys, you can use it with automated processes that require using scp.
That being said, here are the simple steps.

On the client: 
mkdir -p ~/.ssh
chmod 700 ~/.ssh
ssh-keygen -q -f ~/.ssh/id_rsa -t rsa
# here you'll be asked to create a passphrase, optionally it can be left blank
scp ~/.ssh/id_rsa.pub yourserver.com:

On the server: 
mkdir -p ~/.ssh
chmod 700 ~/.ssh
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
rm -f ~/id_rsa.pub

Also you should note some important settings in your server’s sshd_config file: 
PubkeyAuthentication yes            # yes to allow priv/pub key auth
PasswordAuthentication no           # no to ONLY allow priv/pub key auth
ChallengeResponseAuthentication no  # no to ONLY allow priv/pub key auth

If you make any changes to your sshd_config file, you’ll need to restart the SSH server.

OpenSSH , , , ,

Easy Apache Basic Authentication

January 1st, 2009
No comments
This is a really handy set of instructions for when you need to restrict access to a website or a directory under a website.  You will need to have access to both the Apache config for your site and the .htaccess file you need to create/modify.

1. In the httpd.conf file put the following for the domain or directory (you can have other options, this is the minimal): 
<Directory "/full/path/to/the/directory/to/restrict">
  AllowOverride AuthConfig
  Order deny,allow
  Deny from all
</Directory>

2. In the root of the domain or directory put an .htaccess file with:
AuthType Basic
AuthUserFile /full/path/to/your/new/password/file
AuthName "What You Want The Popup Login Window To Say"
require valid-user
satisfy any

3. Make the password file (you will be prompted to create the password):
/usr/local/apache/bin/htpasswd -c /full/path/to/your/new/password/file username

Apache ,