Solved

Setup Putty SSH

Posted on 2012-12-20
3
638 Views
Last Modified: 2013-01-02
1. How to configure the Centos such that it always need to check for the private key for user access without inputing any password directly ?

2. How to configure the Centos such that it always need to check for the private key + password before accessing the Centos ?

Thanks
0
Comment
Question by:AXISHK
3 Comments
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 250 total points
ID: 38712220
1) in /etc/ssh/sshd_config:

PasswordAuthentication no
PubkeyAuthentication yes

will allow access only via key pair, not via password.

This is configurable on a per-user basis, by means of the "Match" directive.

2) Forcing checks of both Unix password and key pair is not possible.
A valid key (optionally including a passphrase, see below) is always considered sufficient to log in, an additional prompt for the Unix password is not provided.

You can add a passphrase to the key during key generation, so additionally to the key verification a passphrase prompt will take place, but this passphrase is part of the key and has nothing to do with Unix passwords.

In any case you're required to specify your private key in the local (Windows) PuTTY configuration (see below) and your public key in the ~/.ssh/authorized_keys file of the target user on CentOS.

Attention: Putty cannot directly open OpenSSH keys. If you created your key with ssh-keygen on CentOS you'll need to convert id_rsa to id_rsa.ppk using a program called puttygen.exe.
Specify the converted key in PuTTY under "Connection -> SSH -> Auth -> Private key file ...".
When saving the respective session this path will be saved as well.
0
 
LVL 77

Accepted Solution

by:
arnold earned 250 total points
ID: 38712234
You would need to edit sshd_config and make sure to enable publickey while disabling password authentication.

What exactly are you looking todo.

Usually if both password and publickey based authentication is enable item 1 is the default behavior, the equivalent second option is part of the public key authentication dealing with you setting a passphrase n the key.
The number 2 you seem to want a two factor authentication.
Privatekey/server account password are on the same level I.e. one or the other, not sure there is a way to sequence them.
http://kiteplans.info/2012/04/06/two-factor-ssh-virtualmin-authentication-google-authenticator/
There are other options using rsa keyfab, github, etc.
0
 

Author Closing Comment

by:AXISHK
ID: 38738568
tks
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
CentOS/RHEL 7 Linux maillog worldwide readable 2 89
cannot rename datastore 3 70
Web resource - Man pages for SUSE Enterprise Linux 11 1 41
Recover Lacie Edmini data. 11 54
How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question