ServerBuddies Support Blog

SSH Public key authentication

SSH Public key authentication works as follows:

The scheme is based on public-key cryptography, using cryptosystems where encryption and decryption are done using separate keys, and it is unfeasible to derive the decryption key from the encryption key. The idea is that each user creates a public/private key pair for authentication purposes.

The server knows the public key, and only the user knows the private key. ssh implements public key authentication protocol automatically, using either the RSA or DSA algorithms. Protocol 1 is restricted to using only RSA keys, but protocol 2 may use either. The HISTORY section of ssl(8) contains a brief discussion of the two algorithms.

The file ~/.ssh/authorized_keys lists the public keys that are permitted for logging in. When the user logs in, the ssh program tells the server which key pair it would like to use for authentication. The client proves that it has access to the private key and the server checks that the corresponding public key is authorized to accept the account.

The user creates his/her key pair by running ssh-keygen(1). This stores the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol 2 DSA), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the users home directory.

The user should then copy the public key to ~/.ssh/authorized_keys in his/her home directory on the remote machine. The authorized_keys file corresponds to the conventional ~/.rhosts file, and has one key per line, though the lines can be very long. After this, the user can log in without giving the password.

The most convenient way to use public key authentication may be with an authentication agent. See ssh-agent(1) for more information.

If you have an RSA PRIVATE KEY then you would have a password encrypted key.

This will not work with DirectAdmin since it would require someone to type in a password each time apache restarts.

You do not have to start over, you can convert this password protected key into a normal key by typing:

where you’d replace the bold values with appropriate values.

This will ask you for the password you specified when you created the original key.
It will then create a non-password-protected key that you can use for DA.

Source: http://directadmin.com/

Upgrading License Key for Your Plesk Panel

Parallels Plesk Panel comes with a trial license key, which is automatically installed to the control panel. This license key allows you to create one user account, host one Web site and one mail box. Therefore, to fully use the Parallels Plesk Panel as you need, you should obtain a license key from Parallels or one of its resellers and install it to the control panel.

Parallels Plesk Panel will attempt to connect over TCP/IP to the licensing server through port 5224. Please make sure that this is not blocked by a firewall. The update process runs automatically and the Parallels Plesk Panel administrator does not need to do anything unless there is a problem. Should the Parallels Plesk Panel key expire, check your firewall and then go to Home > License Management (in the Help & Support group) and click Retrieve Keys. If the key cannot be updated, contact your reseller or Parallels (if you purchased the license key directly from Parallels).

You can test the connection to the licensing server anytime by going to Home > License Management (in the Help & Support group) and clicking Retrieve Keys.

SSh key passphrase and SSH Agent

It is recommended to protect the keys with a passphrase. it is straightforward to do so. In fact you will be asked to provide a passphrase to your private key during key generation and you can skip it if you want. In case you did skip it you can lock it again with a passphrase using the following.

Then it will prompt to put the key file path and you should enter then the password which must be more than five chrs.

Of course using keys is not only useful for security reasons, but also for not asking for password every time you use ssh. But thanks to ssh-agent we could save ourselves a few keystrokes, and more importantly use ssh in automated scripts without interrupting the script to prompt for passwords.

SSH Agent

We first ran the ssh agent, which is actually a service.

Then use ssh-add to add the key, then ssh the remote server with only the user name and the remote server address, without providing the key, and if you have protected the key with passphrase you will be asked for the passphrase when you add it.

The ssh-agent help in opening a session so we can use ssh to access remote server without giving any keys or password.

SSH Key generation for Security

We need to generate a pair of keys, on public for the server to encrypt the data and a private key, which is the only key that could decipher the encrypted data, and this private key is by definition should be kept private. There is many secure algorithm for encryption with different degree of encryption strength.

There is DSA and RSA, DSA is the standard encryption for the USA government, DSA keys has a 1024 size limit, whereas RSA is unlimited .

RSA key with a 2048 length, here are the steps.

and then

on remote server we should do the following.

You will be asked for the login password on remote before the copying commences.

The file will be copied to login user home directory on remote (/home/buddies in that case).