PuTTY is a GTK-based GUI client-interface for SSH connections and eases the setup for port forwarding, SSH public key authentication, and automated login.
sudo apt-get install putty
A user would run Putty to create the SSH tunnel (instead of the ssh command) and then run Krdc. Note that PuTTY security keys are not generally compatible with SSH security keys. I was not able to get PuTTY to work with Krdc.
Connect using SSH Agent
With SSH Agent you can automate the use of public key authentication and open an XDM or VNC session using a script. See this tutorial.
Setup an SSH server
Install the OpenSSH server:
sudo apt-get install openssh-server
Note: The OpenSSH server can also be installed when doing a server installation as an option from the LiveCD.
Note: An OpenSSH server can also be set up on a Windows server using Cygwin. See these instructions.
Limit authorized SSH users
See How to limit the user accounts that can connect through SSH.
OpenSSH Public Key Authentication
See this OpenSSH Public Key Authentication Tutorial.
In brief, it is necessary to generate a public / private key pair. On your client machine, generate the pair:
ssh-keygen
A prompt asks for a passphrase. If you wish to use SSH without a password from a secure client (to which no one but you has access), leave the passphrase blank. If you enter a passphrase, you will be asked for this passphrase each time you use the SSH client. By default, a 2048-bit RSA key pair is generated and stored in the /home/user/.ssh folder. The private key is named id_rsa and is meant to stay in that folder. The public key is id_rsa.pub and is meant to be copied to the SSH server. On the SSH server, there is a similar folder /home/user/.ssh (for whichever user is hosting the SSH server). In that folder is a file called authorized_keys2. The contents of id_rsa.pub must be copied into that authorized_keys2 file. (You can use a text editor or can concatenate the files with the cat command).
To keep keys private, they should be accessible only to user, the owner of the file. For example,
chmod 600 /home/user/.ssh/id_rsa
This makes the file only accessible to user. You could also make the entire .ssh folder accessible only to user:
chmod 700 /home/user/.ssh
No comments:
Post a Comment