User Tools

Site Tools


documentation:setup_and_user_guide:password-less_key_authentication

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:setup_and_user_guide:password-less_key_authentication [2012/11/11 20:52]
killermist
documentation:setup_and_user_guide:password-less_key_authentication [2019/04/17 16:15] (current)
ms49434 name change
Line 1: Line 1:
-====== ​NAS4Free ​- SSH Password-less / Key Authentication ====== +====== ​XigmaNAS ​- SSH Password-less / Key Authentication ====== 
-**Installed Version - NAS4Free-x64-LiveCD-9.0.0.1.43.ISO**+**Installed Version - XigmaNAS-x64-LiveCD-12.0.0.4.6625.ISO**
  
 ===== Introduction ===== ===== Introduction =====
Line 26: Line 26:
 You can also look them up on [[http://​www.freebsd.org/​cgi/​man.cgi|FreeBSD.org'​s Man Pages]]. You can also look them up on [[http://​www.freebsd.org/​cgi/​man.cgi|FreeBSD.org'​s Man Pages]].
  
-==== Install ​NAS4Free, if you already haven'​t ==== +==== Install ​XigmaNAS, if you already haven'​t ==== 
-See [[documentation:​setup_and_user_guide:​installing_nas4free_on_disk|SUG Section 2.3-Installing ​NAS4Free ​on disk]].+See [[documentation:​setup_and_user_guide:​installing_xigmanas_on_disk|SUG Section 2.3-Installing ​XigmaNAS ​on disk]].
  
 Or you may run it from the CDROM as required for testing. Or you may run it from the CDROM as required for testing.
  
-[[documentation:​setup_and_user_guide:​using_nas4free_with_the_cdrom_and_a_removable_disk_livecd_mode|SUG Section 2.2-Using ​NAS4Free ​with the CDROM and a removable disk]] (LiveCD mode).+[[documentation:​setup_and_user_guide:​using_xigmanas_with_the_cdrom_and_a_removable_disk_livecd_mode|SUG Section 2.2-Using ​XigmaNAS ​with the CDROM and a removable disk]] (LiveCD mode).
  
 ==== Configure SSH Server and Client ==== ==== Configure SSH Server and Client ====
Line 39: Line 39:
  
 ===== Configure Password-less / Key Authentication ===== ===== Configure Password-less / Key Authentication =====
-This provides the best level of security while using SSH. The following, high level procedure assumes you have basic knowledge of *nix and have already configured your SSH client and NAS4Free ​SSH server.+This provides the best level of security while using SSH. The following, high level procedure assumes you have basic knowledge of *nix and have already configured your SSH client and XigmaNAS ​SSH server.
  
-We are __starting with a clean NAS4Free ​server and clean Linux client that have never connected with each other before and have never been configured for Password-less / Key Authentication__. We will configure Password-less / Key Authentication for the server'​s root account.+We are __starting with a clean XigmaNAS ​server and clean Linux client that have never connected with each other before and have never been configured for Password-less / Key Authentication__. We will configure Password-less / Key Authentication for the server'​s root account.
  
 This simple, easy, 7 step procedure will work assuming you faithfully follow the instructions,​ enter commands exactly as shown in the example session and have not screwed things up already by previously failing with another procedure. Why is this so? Because the folders and files you may already have created will not have proper permissions and the commands must use the existing folders rather than create new, correct ones for you. This simple, easy, 7 step procedure will work assuming you faithfully follow the instructions,​ enter commands exactly as shown in the example session and have not screwed things up already by previously failing with another procedure. Why is this so? Because the folders and files you may already have created will not have proper permissions and the commands must use the existing folders rather than create new, correct ones for you.
   - Open a terminal session.   - Open a terminal session.
-  - Connect to NAS4Free ​server via SSH as root using keyboard interactive authentication. This automatically creates ~/.ssh directory and ~/​.ssh/​known_hosts file on your client with correct permissions ( Windows users may have to create and secure ~/.ssh manually if their SSH client software is not properly configured ).+  - Connect to XigmaNAS ​server via SSH as root using keyboard interactive authentication. This automatically creates ~/.ssh directory and ~/​.ssh/​known_hosts file on your client with correct permissions ( Windows users may have to create and secure ~/.ssh manually if their SSH client software is not properly configured ).
   - Execute ssh-keygen command accepting all defaults. This automatically creates ~/.ssh directory and 2048bit public/​private keys.   - Execute ssh-keygen command accepting all defaults. This automatically creates ~/.ssh directory and 2048bit public/​private keys.
   - Rename your public key to authorized_keys.   - Rename your public key to authorized_keys.
   - Exit your SSH session.   - Exit your SSH session.
-  - Copy your private key from NAS4Free ​server root ~/.ssh directory to your client user's ~/.ssh directory. Use whatever secure, encrypted method you like for this, I prefer SCP. If your *nix distribution does not include SCP by default, then you may have to install it.   +  - Copy your private key from XigmaNAS ​server root ~/.ssh directory to your client user's ~/.ssh directory. Use whatever secure, encrypted method you like for this, I prefer SCP. If your *nix distribution does not include SCP by default, then you may have to install it.   
-  - Connect to your NAS4Free ​server via SSH, note that this time you are not asked for a password.+  - Connect to your XigmaNAS ​server via SSH, note that this time you are not asked for a password.
  
 <note important>​This walkthrough needs cleanup/​repair because it destroys the client machine'​s ID (becoming the ID just generated on the NAS), which invalidates all the key authentication already in place from the client to other hosts.</​note>​ <note important>​This walkthrough needs cleanup/​repair because it destroys the client machine'​s ID (becoming the ID just generated on the NAS), which invalidates all the key authentication already in place from the client to other hosts.</​note>​
Line 68: Line 68:
  The Regents of the University of California. ​ All rights reserved.  The Regents of the University of California. ​ All rights reserved.
  
-Welcome to NAS4Free!+Welcome to XigmaNAS!
  
-nas4free01:~# +xigmanas:~# 
-nas4free01:~# ssh-keygen+xigmanas:~# ssh-keygen
 Generating public/​private rsa key pair. Generating public/​private rsa key pair.
 Enter file in which to save the key (/​root/​.ssh/​id_rsa):​ Enter file in which to save the key (/​root/​.ssh/​id_rsa):​
Line 80: Line 80:
 Your public key has been saved in /​root/​.ssh/​id_rsa.pub. Your public key has been saved in /​root/​.ssh/​id_rsa.pub.
 The key fingerprint is: The key fingerprint is:
-f3:​16:​93:​6a:​65:​73:​b8:​38:​ab:​0a:​38:​e7:​92:​8f:​07:​20 root@nas4free01.mzhome+f3:​16:​93:​6a:​65:​73:​b8:​38:​ab:​0a:​38:​e7:​92:​8f:​07:​20 root@xigmanas.local
 The key's randomart image is: The key's randomart image is:
 +--[ RSA 2048]----+ +--[ RSA 2048]----+
Line 94: Line 94:
 +-----------------+ +-----------------+
  
-nas4free01:~# echo STEP#4+xigmanas:~# echo STEP#4
 STEP#4 STEP#4
-nas4free01:~# mv ~/​.ssh/​id_rsa.pub ~/​.ssh/​authorized_keys +xigmanas:~# mv ~/​.ssh/​id_rsa.pub ~/​.ssh/​authorized_keys 
-nas4free01:~# echo STEP#5+xigmanas:~# echo STEP#5
 STEP#5 STEP#5
-nas4free01:~# exit+xigmanas:~# exit
 logout logout
 Connection to 192.168.1.233 closed. Connection to 192.168.1.233 closed.
Line 114: Line 114:
  The Regents of the University of California. ​ All rights reserved.  The Regents of the University of California. ​ All rights reserved.
  
-Welcome to NAS4Free!+Welcome to XigmaNAS!
  
-nas4free01:~# +xigmanas:~# 
 </​code>​ </​code>​
  
Line 123: Line 123:
  
   * [[http://​www.ibm.com/​developerworks/​library/​l-keyc.html|OpenSSH Key Management by Daniel Robbins]]. Good, basic explanation.   * [[http://​www.ibm.com/​developerworks/​library/​l-keyc.html|OpenSSH Key Management by Daniel Robbins]]. Good, basic explanation.
-  * [[https://sourceforge.net/​apps/​phpbb/​freenas/​viewtopic.php?​f=48&​t=3201&​start=0|Setting up SSH with a private key]]+  * //--dead link **{Setting up SSH with a private key}** --//
-  * [[https://sourceforge.net/​apps/​phpbb/​freenas/​viewtopic.php?​f=48&​t=581&​start=0|Users passwordless ssh login]]+  * //--dead link **{Users passwordless ssh login}** --//
-  * [[https://sourceforge.net/​apps/​phpbb/​freenas/​viewtopic.php?​f=48&​t=84&​start=0|SSH Security certificate]]+  * //--dead link **{SSH Security certificate}** --//
-  * [[https://sourceforge.net/​apps/​phpbb/​freenas/​viewtopic.php?​f=48&​t=1740&​start=0|server is refusing key]]+  * //--dead link **{server is refusing key}** --//
-  * [[https://sourceforge.net/​apps/​phpbb/​freenas/​viewtopic.php?​f=48&​t=5525&​start=0|SSH keygen.com does nothing?]] +  * //--dead link **{SSH keygen.com does nothing?}** --// 
-  * [[http://​www.freebsd.org/​cgi/​man.cgi?​query=ssh&​apropos=0&​sektion=0&​manpath=FreeBSD+7.3-RELEASE&​format=html|OpenSSH Client Documentation]] - Where you will find information about the SSH client used in NAS4Free. This is useful for learning how to start a session at the terminal or CLI.+  * [[http://​www.freebsd.org/​cgi/​man.cgi?​query=ssh&​apropos=0&​sektion=0&​manpath=FreeBSD+7.3-RELEASE&​format=html|OpenSSH Client Documentation]] - Where you will find information about the SSH client used in XigmaNAS. This is useful for learning how to start a session at the terminal or CLI.
   * [[http://​www.openssh.org/​manual.html|OpenSSH Manual pages]] - Where you will find all the documentation.   * [[http://​www.openssh.org/​manual.html|OpenSSH Manual pages]] - Where you will find all the documentation.
   * [[http://​svnweb.freebsd.org/​ports/​head/​security/​ssh-copy-id/​files/​ssh-copy-id?​revision=300897&​view=markup]]   * [[http://​svnweb.freebsd.org/​ports/​head/​security/​ssh-copy-id/​files/​ssh-copy-id?​revision=300897&​view=markup]]
  
documentation/setup_and_user_guide/password-less_key_authentication.1352667155.txt.gz · Last modified: 2018/07/08 16:48 (external edit)