Showing posts with label SSH. Show all posts
Showing posts with label SSH. Show all posts

Thursday, December 21, 2023

Creating a Password-Free Connection Between Two Servers with Proper Permissions

Creating a Password-Free Connection Between Two Servers with Proper Permissions

Setting up a password-free SSH connection between two servers, A and B, enhances security and efficiency. This guide will walk you through establishing a secure, key-based connection, ensuring all permissions are correctly set to 600 for safety.

Step 1: Generate SSH Keys

  • On Both Server A and B:

    1. Run ssh-keygen to create a pair of keys: id_rsa (private) and (public).
    2. Ensure the permissions of these keys are set to 600.

Step 2: Exchange Public Keys

  • On Server A:
    1. Copy the of Server A to the authorized_keys file of Server B.
  • On Server B:
    1. Similarly, copy the of Server B to the authorized_keys file of Server A.

Connecting Using Private Key:

  • To connect to Server A from B (or vice versa), use the private key (id_rsa) with the following command:
    ssh -i <path-to-private-key>
    Replace with the actual server IP and specify the correct path to your private key.

Additional Tips:

  • From any other server (say Server Z with IP zzz.zzz.zzz.zzz), you can use the ssh-copy-id command to easily copy your public key to Servers A or B:
    ssh-copy-id root@zzz.zzz.zzz.zzz
  • Reverse the process to allow the opposite connection.

Important Notes:

  • Always ensure your keys' permissions are set to 600 to prevent unauthorized access.
  • Regularly update and rotate your keys for enhanced security.

By following these steps, you'll establish a secure, password-free connection between two servers, ensuring efficient and safe operations.

Thursday, May 8, 2014

Tcp Wrapper's Security

TCP wrapper based access List Rules can be included in the two files
/etc/hosts.allow and
/etc/hosts.deny .

Work precedence:

if allow will not check 2
if not found then go to 2
/etc/hosts.deny .
if not found allow access.

Points to remember

You can have only one rule per service in hosts.allow and hosts.deny file.
Any changes to hosts.allow and hosts.deny file takes immediate effect.
The last line in the files hosts.allow and hosts.deny must be a new line character. Or else the rule will fail.

in.telnetd : : deny
in.telnetd : : allow

Friday, April 19, 2013

Conver Putty ppk key to SSH key

In many occasions I needed to convert a Putty ppk private key nack to open ssh key to be able to use it directly from a linux box command line. It is fairly simple to do but I always need to look it up so here it is for easy reference :

Install putty using yum in Fedora.
If you are using Ubuntu you need to install putty-tools as well

From the command line give

puttygen xxxxx2.ppk -O private-openssh -o key.ssh

Enter passphrase to load key:

Then log onto your system using

ssh root@ -p 8057 -i key.ssh