How to configure SSH authorized key?
-
And now that you've completely compromised the security of that key, trash it and make a new one. :-)
-
Does that mean you tested it and it works for you :-) ???
I hope I haven't contributed to too much of the green house effects by making the key public and useless :-) After all, it's only few billion electrons displaced.
-
No, I didn't try it.
There's a bit of a misunderstanding about what you need to do, perhaps.
When you make the key, save it as blah.ppk. Don't worry about the OpenSSH export, only the "public key for pasing" box. Copy the contents of that box into pfSense's field for authorized keys.
Make sure the key gets saved.Fire up pageant.
Double click the pageant icon in the taskbar
Click add key
find your blah.ppk
Load that up, enter the passphrase if you made oneThen connect with putty.
-
They say a picture is like 1000 words. Doing what you said disregarding the OpenSSH key export, I am getting a different error. Please check below link for the snap shot of my desktop.
https://docs.google.com/leaf?id=0B9R-hmALgNpVYzlmNzdkZmItY2IzNy00NzMyLThiZGEtNTI5MDI0NzU2OGNj&hl=en
Error:
No supported authentication method availableThanks
-
Take off the begin, end, and comment lines. If that doesn't work, load the key back up in puttygen, and make sure you have copied the box on the main screen that says right on top of it that it's the openssh public key.
Exporting the openssh key will export the whole key, not just the public part.
-
Perfect. Works amazingly now. Apparently the Public key saved is much different from what is in puttygen window (probably extraneous header and footer stuff).
All right,so to summarize and help others, here is how this should be done:
1- Open PuttyGen and Generate some randomness while PuttyGen creates a key for you.
2- Enter a long a$$ password with lots of characters, caps, small, and numbers phrase and save private key.
3- Do NOT SAVE public key. The whole point of this is to not have both keys on the same machine as security maybe compromised. Also, it's unnecessary to save public key.
4- Once key is generated, in the window on top (on PuttyGen) you will see you public key. Copy and paste that into pfsense System > Advance > Auth key and disable root login and press Save (don't forget SAVE).
5- Open Pageant (part of the Putty package) and add the private key. It will ask for your pass-phrase so enter it to add the key.
6- Open a putty session to your server IP and type root and it MUST login.
7- Enjoy the security and safeguard your key away from your pass-phrase.-Bruce
-
Sounds good except forβ¦
3- Do NOT SAVE public key. The whole point of this is to not have both keys on the same machine as security maybe compromised. Also, it's unnecessary to save public key.
You want to save the public key. It doesn't harm security, it's the "public" part. You can even put that up somewhere for others to grab so they can add it to their servers and let you in with ssh keys.
Besides, if you ever need to login to a second box with the same key, you'll need that again. :-)
-
Not trying to be rude but if you don't understand why the public key does not have to be protected or kept separate from the private key (WHICH IT SELF HAS TO BE KEPT SECRET) then please don't write instructions for others. Figure out first how things really work, please.
-
Good to know all that about Public key. Thanks again guys.
-
Besides, puttygen can generate the public key if you give it the private key.
By the way, I was saying all along that you want to paste the key from that box into your pfSense configuration. I've used this before, so I know the steps that are involved. ;)
-
Yes, you were right. But I was seeing it as the Public key as I was confused by other posts and specially the openSSH one.
Thanks
-
The key in the box is the public key in the form that OpenSSH uses on the server end and the export OpenSSH key saves the private key needed for using OpenSSH as the client.