Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
en:linux:ssh [2023/10/18 22:41] – angelegt psycoreen:linux:ssh [2024/02/05 16:49] (current) – old revision restored (2024/01/24 11:23) psycore
Line 1: Line 1:
-====== Back up the sshd ======+{{tag>english linux debian sshd it-security}} 
 +====== Backing up the sshd ======
  
-The pre-installed SSH daemon (sshd) is insecure in the basic configuration. To ensure greater protection, it is necessary to integrate a [[wpde>Asymmetrisches_Kryptosystem|key authentication]].+The pre-installed SSH daemon (sshd) is insecure in the basic configuration. To ensure greater protection, it is necessary to integrate a [[wpde>Asymmetrisches_Kryptosystem|to integrate key authentication]].
  
  
-===== Create key pair =====+===== Generate key pair =====
  
-First, we create a key pair under Linux:+Firstly, we create a key pair under Linux:
  
 <code bash> <code bash>
Line 19: Line 20:
 35:9f:6e:c2:46:62:09:2d:dc:dd:1e:79:cc:56:d9:2b root@v05-s42 35:9f:6e:c2:46:62:09:2d:dc:dd:1e:79:cc:56:d9:2b root@v05-s42
 </code> </code>
-**Be sure to enter a password, otherwise you can access the server just by possessing the private key!**+**Be sure to enter a password, otherwise you can access the server simply by possessing the private key!**
  
-We rename id_rsa.pub to authorised_keys and download id_rsa locally to our computer. **It is important to delete id_rsa securely afterwards!** (if necessary install wipe with //apt-get install wipe//)+We rename id_rsa.pub to authorised_keys and download id_rsa locally to the computer. **It is important to delete id_rsa securely afterwards!** (If necessaryinstall wipe with //apt-get install wipe//)
  
 <code bash>$ wipe id_rsa <code bash>$ wipe id_rsa
Line 39: Line 40:
 ===== Putty Private Key ===== ===== Putty Private Key =====
  
-Now we download [[http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html|puttygen.exe]] down. We open puttygen.exe and navigate in the menu to >> Conversion / Import Key <<An dieser Stelle wählen wir den generierten private key aus, den wir uns auf unseren Computer geladen habenNun noch ein passendes Kommentar hinzufügen und wir können auf >> save private key << klicken.+Now we download [[http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html|puttygen.exe]] down. We open puttygen.exe and navigate in the menu to **Conversion / Import Key**At this point, we select the generated private key that we have downloaded to our computerNow add a suitable comment and we can click on **save private key** button.
  
-Diesen Key mit der .ppk Endung brauchen wir zum späteren Login für putty. **Diesen Key niemals auf den Server laden!**+We will need this key with the .ppk extension to log in to putty later. **Never upload this key to the server!**
  
  
-===== Login Test =====+===== Login test =====
  
-Nun testen wir, ob die Verbindung mit dem erzeugten Schlüssel zustande kommtDazu öffnen wir putty.exe und tragen wie gewohnt den Hostnamen einBevor wir nun auf >> open << klicken, wechseln wir links in der Baumansicht auf >> Connection / SSH / Auth << und geben unter >> private key file for authentication << den Pfad zu unserem ppk file anNun auf >> open << klickenWenn der Login erfolgreich warund ohne Fehlermeldungkönnen wir die Passwort Autenthifizierung in unserem sshd komplett deaktivieren.+Now we test whether the connection is established with the generated keyTo do this, we open putty.exe and enter the host name as usualBefore we now click on **open** we switch to the left in the tree view to **Connection / SSH / Auth** and under **private key file for authentication** and enter the path to our ppk file. Now click on **open** buttonIf the login was successfuland without error messagewe can completely deactivate the password authentication in our sshd.
  
-===== sshd Konfiguration =====+===== sshd configuration =====
  
-Nun bearbeiten wir die sshd Konfigurationsdatei <code text>/etc/ssh/sshd_config</code>+Now we edit the sshd configuration file <code text>/etc/ssh/sshd_config</code>
  
 <code text> <code text>
Line 82: Line 83:
 <code bash>/etc/init.d/ssh restart</code> <code bash>/etc/init.d/ssh restart</code>
  
-==== Note ====+==== Hint ====
  
-The current SSH session is not closed. **To correct configuration errors, the current session should remain open until everything is working properly!** +The current SSH session is not closed. **To correct configuration errors, the current session should remain open until everything is working correctly!**
- +
-===== Copyright and notes ===== +
- +
-© by [[psycore]] 2020 +
- +
-The author accepts no liability for any damage resulting from the use of this tutorial. This tutorial is written to the best of my knowledge and belief. The distribution of this tutorial is only allowed if the original text including copyright remains untouched.+