3 - CYGWIN ssh

Using ssh in CYGWIN to Connect to a Host WITHOUT Using a Password or Passphrase

Remember the the rules about "readme" files.

Assumptions:

You have Cygwin installed
You have the open-ssh and open-ssl packages installed
You have my OLB (/olb) "package" (i.e. tar file) installed
You know how to use or are using the "xt" and/or "ssx" and/or "sshlh" and/or "sshrh" provided via OLB routines and/or ssh to connect to a user/host

Of course using OLB, ssx / xt / sshlh ... is not required, but these are the routines that are used here to support ssh-xterm connections, so all instructions revolve around them being present and used.

With the above being true, then, if you have been using the "OLB" routines or ssh then you have been using ssh to connect, but you have been using a password.

These instructions will guide you through setting up public/private ssh key pairs to use for authentication in place of passwords.

Procedure:

A - Create the ssh key-pairs:
- 1 - Start Cygwin and go to / stay in your home directory
  - display your Cygwin username and host name.

If you are using the OLB prompt, then you can see your username and host name as part of the prompt.

2 - Enter the command: genkey or keygen (they are the same)
- a - at the prompt, press the "Enter" key
  - you will get the message:

Generating public/private rsa ro ecdsa key pair

b - and the prompt:
c - press "Enter" at this prompt (leave the file name empty and use the default name)
d - you will get the message:

Generating public/private rsa key pair.

e - you MAY get the following, but if you haven't done this before, you should not:

/home/<username>/.ssh/id_rsa already exists. Overwrite (y/n)?

enter "y" for this prompt, create a new key overwriting the old key

f - you will get messages like:

Your identification has been saved in id_rsa. Your public key has been saved in id_rsa.pub. The key fingerprint is: 71:ac:c3:12:bf:ff:10:dc:20:fe:6d:ba:7e:c4:77:02 pschladt@debian Key generation step has finished

g - and the prompt:

Press ENTER key to continue with the remaining steps of the process

press the "enter" key

For secure-shell (ssh) commands to work in the fashion where you do NOT need to renter your password, your unix/linux home directory permissions must be set so that ONLY you have update permission to the directory.

i - and the prompt:

Do you want to set your home directory permissions to "755" (rwxr-xr-x) (y/n)?

enter "y" for this prompt

j - you will get messages like:

permissions changed If a problem occurred during this process then do the following to finish the key generation and file update process: cd /home/<username>/.ssh Add the public file that was just created, usually named: id_rsa.pub, to "authorized_keys" cat id_rsa.pub >>authorized_keys

Do NOT forget to check/change (chmod) the permissions for your home directory and .ssh directory and the private key file(s)

B - Configure PuTTY to support X-Windows (xterm sessions)
- Install your public key on the remote host
  - 1 - Connect to the remote host and ensure that the directory ~/.ssh exists

This means YOUR home directory must have a sub-directory named .ssh

Also ensure that the permissions for your home directory are no more open than 755

chmod 755 /home/<username>

Also ensure that the permissions for your .ssh directory are no more open than 755

chmod 755 /home/<username>/.ssh

2 - In CYGWIN, on your windows PC, enter the command:

cd to ~/.ssh

enter the following command to send your public key to the remote host:

scp id_rsa.pub <remotehost_userid>@<remotehost>:~/.ssh/id_rsa.<username>@<current_host>.pub

Now you know why you need to know your username and hostname. More on this later.
Accept the RSA Fingerprint for the remote host - if prompted.
Enter your password when prompted.
3 - Connect or switch to the remote host and
- enter the command:

cat id_rsa.<username>@<current host>.pub >> authorized_keys

This puts your public key in the key file on the remote host.

4 - Test your connection:

xt <remote host>

You MAY get a "one-time" message and prompt like:

The authenticity of host 'rhost44 (201..121.33.5)' can't be established. RSA key fingerprint is 31:10:30:ba:71:32:3b:58:12:9a:d5:83:12:90:22:32. Are you sure you want to continue connecting (yes/no)?

Enter "yes" for the prompt
This will update the ~/.ssh/known_hosts file

you should be logged on to the remote host.

5 - Repeat steps B.1 - B.4 for each remote host that you want to connect to.
6 - I interconnect a minimum of 17 different host systems.
- All the connections are maintained via ssh using rsa public/private keys.
- I keep one master authorized_keys where I store and distribute my public keys.
- create rsa and/ecdsa key-pairs on each host.
- scp each id_rsa.pub file to a common host (my cygwin windows pc) and rename the file during the scp operation.
  - This is the reason for renaming the file during the scp.
  - It helps track the origin of the key and prevents overwriting the keys as I gather them together.
- cat (append) each id_rsa.??.??.pub file to authorized_keys
- scp the master authorized_keys file to each host ( ~/.ssh on each host)

WARNING:
- If someone gains access to your session (especially your CYGWIN session),
- they may be able to access all of your hosts, posing as you.

KEEP YOUR PC LOCKED WHEN YOU WALK AWAY.
KEEP YOUR PASSWORD SECRET
USE A STRONG PASSWORD.

C - Maintenance Notes:
- 1 - There are times when you suddenly will not be able to log onto a remote host.

This is a common situation if the remote host has be be moved to a new machine or certain other changes have been made to the remote host.

cd ~/.ssh
edit file: known_hosts
- delete the line for the host having the problem.
reconnect
- You will be prompted to accept the RSA key fingerprint of the remote host.
- If this was the problem, then all is now well.

2 - Do you like PuTTY as an interface to AIX/UNIX/LINUX?

Google Sites

Report abuse