Thursday, 25 September 2008

SSH configuration with certificates

Quickly now.....

### /etc/ssh/sshd_config ###
Port 22
Protocol 2
SyslogFacility LOCAL1
PermitRootLogin no
StrictModes yes
PubkeyAuthentication yes
IgnoreRhosts yes
PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication no
GSSAPIAuthentication no
GSSAPICleanupCredentials no
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding no
UsePrivilegeSeparation yes
Banner /etc/ssh/banner
Subsystem       sftp    /usr/libexec/openssh/sftp-server

these are openSUSE specifics:
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL

### Creating SSH certs ###
ssh-keygen -b 2048 -t rsa -f certkeyfile

enter a key at the prompt (can be left blank)
this will create 2 files certkeyfile and certkeyfile.pub
cat certkeyfile.pub >> /home/target_user/.ssh/authorized_keys

copy certkeyfile to /home/source_user/.ssh/id_rsa

both files should be 600 owned by the user.

Tunneling:

ssh -p <ssh_port> -L <src_port>:hostname:<dest_port> username@ssh_server_host

Thanks for playing :)

No comments:

Post a Comment