Re: [Dfey-nw-discuss] Dogfish

[Tim Dobson]

Isabell Long wrote:
> On 18/07/2009, Tim Dobson <address@hidden> wrote:
> > I suggest that we strongly encourage use of ssh public key
> > authentication to log into the machine due to the number of compromises
> > that occur due to weak passwords.
>
> SSH public key authentication?  What is that?

Sorry to get really verbose;
I've just copied and pasted and modified a little, a howto I use at work,

Cheers

Tim

If you are unfamiliar with SSH public key authentication, I’m happy to 
support you learning it – its easier and more secure than passwords! :-)

You need to generate a SSH key for yourself. Using OpenSSH on GNU/Linux 
or Mac OS X:

0. In the unlikely event you don’t have OpenSSH installed, install it
1. Run “ssh-keygen -t dsa”
2. Accept the default file and enter a passphrase
3. Print the public key data and copy and paste it into your reply to 
this email

For example:

$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_dsa):
Created directory ’/home/username/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_dsa.
Your public key has been saved in /home/username/.ssh/id_dsa.pub.
The key fingerprint is:
f3:31:a8:c6:82:18:c8:0f:dd:6b:fb:27:98:83:3d:3b address@hidden
$ cat .ssh/id_dsa.pub
ssh-dss 
AAAAB3NzaC1kc3MAAACBANDe4j3VF6p3T1O25wjphQhkJposn65npbTkmR4I3PJBjq9ybNpFyPUTT+LOkCLV02QqKceAVZiwo14WCCdFv1Wm+PMo6RW0uJa+pXA69gdS7ck6lJRLnfoHH2L49WTdynhmrMzQq2i2aqiNyvnRDWsTtvcyD+PV1rEhi7K5T2iZAAAAFQCJSZ++/fxxiheBBDvGVSifoJvsHwAAAIEApAkKYLZkiXrWr3qeWU3j8d8XvzJf/NP4nyqahc63S6EAfc90T6n4casdha78hsd9a7hsd7ahsdpJwltK2agrMAe5gQ4kAVR1UN7qynDj+iUAzUZsTFYZlyGLsTTrZ6pFuLRAj/c8/dwXUSaIGEhsXFelb/SjAPtDQyR6V80AAACARfLnjV8YgTzMXtBSeslc6LAzx2ZRwZXW91S/ohhi7+xkXg/Y/u+7NDBuHVo8E9b4rn2QnqfCacG8KpZ6sJgUgZZYzpgE+tW6ddtVo7MG35E1Y4P/AhJDBhltnkAE9xaEI3mQsKvxVE2ZqHlVapTT/ESAbhJFDWfMC4DJ6zlRHdA=
address@hidden
$

To generate a SSH key using PuTTY on Windows:

0. Download and install the PuTTY suite of OpenSSH tools from 
http://www.chiark.greenend.org.uk/sgtatham/putty/download.html
1. Run “PUTTYGEN.EXE”
2. Select “SSH2 DSA” in the “Parameters” section
3. Click “Generate”
4. Move the mouse over the blank area of the program until puttygen has 
enough entropy
5. Click “Save private key” button and save the private key as 
“DfeyDogfish.ppk”
6. Copy the “Public key for pasting into OpenSSH authorized_keys2 file” 
data email it to address@hidden

When I have your public key, I’ll copy it to the your user’s 
/.ssh/authorized_keys on your machine, and you’ll then be able to log in 
over ssh as root from any Unix machine with your private key in 
/.ssh/id_dsa or on a Windows machine with a PuTTY ‘saved session’ 
configured to use the Private Key that you saved.

If you’re curious about all this, the PuTTY documentation at 
http://the.earth.li/~sgtatham/putty/0.55/htmldoc/Chapter8.html is 
excellent, as is the http://www.openssh.org/ site.

Also I recommend using OpenSSH for file transfer as well as remote 
login, instead of insecure legacy protocols like FTP.