Defcon1-Header
Tool-BarfreeBSD ArticlesSearch Our SiteHOMEfreeBSD LinksContribute to FreeBSD HelpFreeBSD FilesFreeBSD Script Corner

HowTo setup DSA / SSH2 Authentication with OpenSSH


This howto will guide you to setup DSA key for ssh authentication:

Step 1:
as root become the user on the box you want to setup these keys for:
su username

Step 2:
Once you are the user you want to use keys for, on the command line simply
type: ssh-keygen -d, a few options come up where to save these files simply
hit enter, for default.. it then asks for passphrase.. hit enter for none.
if you so choose to not use one, other wise type one? ;)

Step 3:
now become root on the server and cd /home/username/.ssh
(into the users directory you just did this for).

Step 4:
You will see 2 files id_dsa and id_dsa.pub next type: mv id_dsa.pub
authorized_keys

Step 5:
now you have the id_dsa file still there, this is the file for the user
to use to connect to the server with, and they
should gaurd this file with there life and hide it on there box. once
you are sure they have this file on there machine
DELETE IT IMMEDIATELY from the directory /home/username/.ssh so it
doesnt exist on the server any longer.

Step 6:
Server side configuration is now completed. if you are on windows just
load this file (may need to rename identity.pub
for secure crt). Simply choose the appropriate protocol, ssh2 , enter
username and point the public key option to this
file you've saved. Connect to the server (this is roughly for secure crt
only on windows)
For unix, simply type: ssh hostname.com -2 -l username -i /path/to/id_dsa

and now your using a DSA authentication method for ssh2/sshd connections.

I believe with OpenSSH3.0.1p1 protcol 2 is used first, (dont quote me on
this)
 if not used defaulted to ssh1, to change this to never use ssh1 simply
vi your
sshd_config and at the top Protocol 2,1 change to Protocol 2 strictly to
only use ssh2.
either way reguardless of whats default this will only allow ssh2
connections..

ps:
if you wish to "only" use DSA authentication in sshd_config change
PasswordAuthentication yes -> to PasswordAuthentication no and -HUP the
sshd.

For more information on key bit size and other information: man ssh-keygen
"this was a basic quick 10 minute howto" the manuals will get you into
more detail.

Done.

Written by: Didjital1

© 1997 - 20013 Defcon1, www.defcon1.org , Copyrights for all materials on this web site are held by the individual authors, artists, photographers or creators. Materials may not be reproduced or otherwise distributed without permission of www.defcon1.org and the content's original author.

Defcon1-Header2
Tool-Bar-2Defcon1  Webmail