More and more sites are moving from telnet to ssh and they should. Since networks are connected to other networks it is a bit hard to speak about a network that is 'safe'. It's very easy to use a sniffer to read passwords that are passed in plaintext during logon using old protocols like telnet and ftp.
Here is where ssh or openssh comes in. Many of us are caught on a windows desktop that default does not have the tools needed to do the job. Currently there are several options like cygwin and putty.
cygwin
has the advantage of giving a complete unix environment on a windows system but is a bit tall to install. To my taste it is worth the trouble. Cygwin has a complete openssh client (with agent and keychain), server and x-server in the distribution that works very unix or macosX like.putty
is an other option that also works perfectly with filezilla. On the mac filezilla works perfectly well with ssh-agent. If you are not allowed to install software on your system, filezilla has a version that works standalone, even from an usb-stick, just like the putty tools. One drawback of filezilla is that it does not convert unix2dos. This is a feature that winscp has. Winscp also works with the putty agent and has a standalone version available.using key pairs
Security provided by a username with password is to be considered low. Passwords tend to change seldom and have to be memorizable. Default they are short and easy to guess. Here is where ssh keypairs find their place. In the ideal world the password authentication is disabled making the system less vulnerable for password guessing. In those situations you need someone to add your publick keyfile contents to the $HOME/.ssh/authorized_keys file on the server where you want to connect to. When the key is in place it is easy to connect using ssh username@server. At this point ssh requests the passphrase of the private key and will do this each and every time you use ssh to connect.ssh-agent
is the tool that prevents us from going mad. During the startup of the desktop system ssh-agent can be started and loaded with the private key. during this load ssh asks about the passphrase for the private key that you specified during the generation of the key pair using ssh-keygen. Once the credentials are loaded into the agent, it's the agent that completes the connect dialog for you.putty vs openssh
are both ssh clients but have slightly different format for their private key files. When you already have a normal [open]ssh private key file it is easy to convert that to a putty key file using puttygen. to convert just load the ssh key and save it as putty key. Where ssh uses ssh-agent putty uses pagent. It works very similar to ssh-agent but more windows alike. Start pagent and it settles in the dock. Find it (look for the small black hat) and right-click the agent so a little menu pops-up.
Load the putty key file in by selecting 'add-key' and from that point filezilla will be able to use pagent for authentication. Just give it a try and connect using sftp://username@server where you do not specify a password and you are in. (assuming the public key is in place and has proper permissions on it (600)).using putty with ssh agent step for step
- first download puttygen and generate a keypair (or have somebody generate a keypair for you)
- place the public key in the ./ssh/authorized_keys file on the server were you want to connect to (or have somebody place it there for you)
- Download pagent, the putty agent
- Start putty agent (it settles in the lower right corner of the task bar)
- right click on the putty agent icon (in the task bar (th efunny terminal with black hat)) and select 'Add Key'
- in the file selector choose the generated private key file (*.ppk) and enter the pass phrase when asked for it
- download putty
- right click the putty agent and choose 'New Session' (this start putty)
- Enter the connection entries and don't forget to save the session (you only need to put the servername in the config file)
Putty has many options for the session, including X11 tunneling in the tunneling section. You might need this if you want to use x-tools from the server. Most common are the server with username (enter username@servername.domain if you always connect to the same account). Since you run from the agent there is no need to specify the keyfile you are using or to enter a password. The steps are basically the same as when using open-ssh. I hope this will get you up and running.
0 reacties:
Een reactie plaatsen