One of the interesting uses of ssh is to secure access to a (linux) machine. When all access is done through ssh (or ssh tunnels), then all communication is encrypted and cannot be snooped. Of course, this means that login also needs to be secure. As the integrity of login/password is too easily broken, it is better to use public key infrastructure. For the highest level of security this should be done using a smartcard or other device which contains the private key (and does not allow reading the key). However, using a public/private key pair is already quite secure.
The following explanation has been applied and tested on Ubuntu, but should also work on other linux variants.
To use this, you have to install OpenSSH, then assure the following are set in /etc/ssh/sshd_config
PermitRootLogin no PasswordAuthentication yes ChallengeResponseAuthentication no RSAAuthentication yes PubkeyAuthentication yes
Each user which should be granted access to the system should generate their key pair. This can (also on windows) easily be done using PuTTY. After installation, run the PuTTYgen utility to generate a “SSH-2 RSA” key pair. Save the private key file in a safe place. This will be needed to connect with the server. The public key (as indicated at the top) should be sent to the administrator as this is needed to grant access.
In the user’s home directory, create a “.ssh” directory and in there a “authorized_keys2” file and paste the public key in there. Note that the key should be on one line and there should be an empty line at the end of the file.
You have to assure the rights for these are set correctly, if the user was “test” this can be done using
cd /home/test chmod -R 0700 .ssh chown -R test:test .ssh
After you restart ssh