Tag: pki

Posted on

How to Setup SSH public-key or password-less authentication in Ubuntu

Here’s how to setup public-key (or passwordless) authentication in Ubuntu or any other Linux based operating system that use OpenSSH.

First make sure you’ve remote SSH server running and accepting connection. Then you need to generate ssh key on local server (I prefer RSA). You can enter passphrase for added security, or leave it blank for passwordless authentication.

local:~$ ssh-keygen -t rsa
Enter passphrase (empty for no passphrase):

The command will generate id_rsa and id_rsa.pub files. The files will be save in ~/.ssh/ directory. Then copy id_rsa.pub file to the remote server using SCP. Read How to use SCP on Linux or other UNIX-based Environment for more information about SCP

local:~$ scp id_rsa.pub username@remote.host:~/

Then you have to connect to the remote host and append the id_rsa.pub public key file to the list of “authorized_keys“. Don’t forget to chmod the authorized_keys file and .ssh directory, or OpenSSH won’t work correctly

local:~$ ssh username@remote.host

#now we are on remote server!
remote:~$ cat id_rsa.pub >> ~/.ssh/authorized_keys
remote:~$ chmod 644 ~/.ssh/authorized_keys
remote:~$ chmod 700 ~/.ssh

Make sure you have edited the “/etc/ssh/sshd_config” file to allow Public key authentication and RSA authentication.

#sshd_config file

PermitRootLogin no
...snip...
RSAAuthentication yes
PubkeyAuthentication yes
...snip..

Save and restart sshd server daemon by running the following command.

remote:~$ sudo /etc/init.d/ssh restart

After that, logout from the remote host to test the Public-key authentication


remote:~$ exit
local:~$

Testing the SSH public-key authentication
To test the public-key authentication, simply connect to remote server normally using ssh, and if things have gone smoothly you’ll be prompted to enter your passphrase, instead of password.


local:~$ ssh username@remote.host
Enter passphrase for key '/home/username/.ssh/id_rsa':

Note that you will not be prompted to enter passphrase/password if you’ve generated a key with “blank passphrase“, effectively making your login “passwordless”. For added security, it is advised that you disable normal interactive-keyboard password option and rely fully on public-key authentication by changing sshd_config line from:

PasswordAuthentication yes

to


PasswordAuthentication no

p/s: this tutorial was adapted from Shortest passwordless ssh tutorial, ever with updated notes for latest OpenSSH release

Posted on

How to use GNU Privacy Guard (GPG) – Encrypt, Decrypt, Sign and Verifying identities

GPG or the GNU Privacy Guard is a free and open source software that implements OpenPGP public-key cryptography message format (RFC4880). You can use GPG to encrypt, decrypt, sign and verify files or emails. To use GPG, you need to generate the public-key/private-key pairs in your computer by running this command, and choose the default option


gpg --gen-key

The application will ask you to enter your ID and passphrase, make sure you choose a strong passphrase to guarantee the safety and security of your keys.

Encrypting and Decrypting Files
You can use GPG to encrypt files, it can be only decrypted by those who have your public-key. The command that can be used to encrypt file is :

gpg --out encrypted_file.txt --encrypt original_file.txt

Run this command to decrypt. Files encrypted with private key can only be decrypted with public key and vice-versa.

gpg --out decrypted.txt --decrypt encrypted_file.txt

Signing Email or body of texts
Alternatively, you can chose to sign emails/texts instead of encrypting them. Signing files is a way to ensure that the message/texts/emails are from the right sender and its content has not been tempered with. You can run this command to sign email or texts :

gpg --clearsign original_text.txt

This will produce a signature file which content the original text with PGP signature embedded at the bottom of the message.

To verify it (assuming you have the public key), you need to run this command:

gpg --verify original_text.txt.asc

Continue reading “How to use GNU Privacy Guard (GPG) – Encrypt, Decrypt, Sign and Verifying identities”