Author: Michael J. Fuhrman
Viewers: 845
Last month viewers: 12
Categories: PHP Tutorials
Teaching you a better method for having greater security when you access your server machine is what this article is about. Using greater security methods you can protect your work from being stolen or destroyed.
RSA private encryption keys allow you to access a server securely using a console terminal. You can connect to a server using the the SSH protocol and then you can enter commands line by line like regular shells.
These RSA keys allow you to tell your server you are indeed who you claim you are by installing keys on your machine and at the server side, so unauthorized users will not be able to access the server because they do not have your private keys.
Read this article now to learn all the steps necessary to configure your SSH access to a server machine using an RSA key.
Contents
Introduction
Requirements
Conventions
Instructions
Additional Configuration Steps
Conclusion
Related PHP Packages and Articles
Introduction
Using the ssh protocol based commands or GUI based tools to access your servers is a great security practice but first you need to learn how to setup the RSA keys before you start accessing your servers this way.
There are several situations on which you will need access to a remote server, but VPN is not an option due to the equipment that your client has, or you have. In these situations, having an encrypted communications channel to their server, is the next best thing to using a VPN.
To achieve this, I will explain how to configure SSH so that users can authenticate using an RSA key, instead of two factor authentication.
Requirements
This tutorial assumes that several systems will be used titled Server, User Desktop (or Client), File Server, and VM Server (virtual machine server). One or more of these systems can be hosted as VM Guest (virtual machine host).
The Server used in this demo is a Fedora 26 Server (no GUI desktop) but could be any other type of Linux system or another one that provides similar SSH protocol support. The Server is a VM Guest, hosted with Oracle VM VirtualBox 5.1.28 in Fedora 26.
The Client will be a Fedora 26 with the Mate desktop experience.
Conventions
[value] := is a variable that will be captured by the user as the information Web server is setup and configured.
Command Format := provides the reader with an example of the command and parameters where the command line or file name may be variable.
> := the greater than symbol will preceed any shell command. If a command generates any kind of output, such output will be displayed after the command.At the [Environment] ... := tells the reader which environment they should be working in for the instructions to follow. There are three (3) environments in this tutorial: Client, VM Server, Server.
Instructions
At the Client ...
Open a shell window and type:
> ssh-keygenNow try logging into the machine, with 'ssh [user]@[IP Address]' and check to make sure that only the key(s) you wanted were added.
[ press enter ]
[ enter Pass Phrase ]
[ confirm Pass Phrase ]
> ls -al .ssh
-rw-------. 1 user user 1766 Jan 31 17:39 id_rsa
-rw-r--r--. 1 user user 412 Jan 31 17:39 id_rsa.pub
> ssh-copy-id [user]@[IP Address]
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s),
to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if
you are prompted now it is to install the new keys
[user]@[IP Address]'s password: [ enter Password ]
Note: You may also be asked to enter the Pass Phrase for the key.
Number of key(s) added : 1
> ssh [user]@[IP Address]At the Server as ROOT ...
Last Login: [ Date Time Stamp ]
[user@localhost ~] >
> exit
> cd /etc/sshNote that you will need to be logged at the server to restart the (sshd) service. If it senses that a session is still running, it will not shut down.
> vi sshd_config
Change these 2 lines to:
PasswordAuthentication no
PermitRootLogin no
press .. [ESC] :wq
> service sshd restart
At the Client ...
test login without keys ...
> mv .ssh .ssh2
> ssh [user]@[IP Address]
Login Failed: permission denied
> mv .ssh2 .ssh
> ssh [user]@[IP Address]
Last Login: [ Date Time Stamp ]
[user@localhost ~] >
> exit
Additional Configuration Steps
You will need to configure the "port forwarding" option from the routers connected to Internet, to forward all packets from port 22, to the Server.
If the Server is running in a VM, create a Client that sits in a VM as well, and both are running in the same VM Host. The Client will allow you to install LogMeIn or TeamViewer to remotely connect to troubleshoot issues locally, vs remotely. The Client will also allow you to connect to the Server if needed.
Conclusion
Now that you know how to use RSA keys to access remote machines using the SSH protocol, you should use them specially when you need extra security in case somebody steals your password and accesses you servers pretending to be you.
There are other important matters related with SSH and RSA encryption when using PHP on the server side that you may learn more by reading other articles or studying PHP packages linked below.
For now, if you liked this article share it with your colleague developers to tell them about the things here they may not be aware. If you have questions or doubts, post a comment below so I can give you more reply with what you need.
Related PHP Packages and Articles
Notable package: PHP Form Encryption using RSA
Package: PHP Shell Connector: Connect and run remote shell commands using ssh
Innovative Package: PHP SSH Connection Session: Run arbitrary length commands in a server with SSH
Package: jineSSH2: Transfer files and execute commands via SSH
Innovative Package: SSH in PHP: SSH client implementation in pure PHP
Article: How To Create and Install SSH Keys on the Shell
Article: How To Configure SSH Key-Based Authentication on a Linux Server
You need to be a registered user or login to post a comment
1,616,107 PHP developers registered to the PHP Classes site.
Be One of Us!
Login Immediately with your account on:
Comments:
No comments were submitted yet.