ERVMRHBHLO ?
Subscribe to RSS feed

Home :.: About :.: Contact :.: Archives :.: Bookmarks :.: WishList

How To: Instant secure connection to your webhost without typing passwords


I had to do this again since I reinstalled a couple of things, so I thought I’d make some screenshots along with the story. The complete instructions can be found here Submit in the dreamhost knowledgebase but the general story is the same for all other webhosts who support SSH. I just made some screenshots along with it and some more descriptions. It works at most webhosts like Dreamhost or MediaTemple.

What are we going to do?  Well, as you know, connecting to your webhost via Telnet (for fiddling around there) and FTP (to copy files over) is very very insecure: you send over all your private stuff, including passwords pretty plain over the Internet so anyone can listen in.
To be more secure we should use a secure connection. Nowadays, we should setup a SSH-2 connection to your webhost to have a secure line. To open up a SSH-2 connection you can use (for instance) a little freeware tool called "Putty     108K" (download it here     108K). (Putty     108K was made by Simon Tatham Submit). Just fill in your username, password and hostname in Putty and you will be able to make a connection, you will be able to manage this copy and paste action. However…

We don’t want to fill in our username and password each time we connect! Because we are extremely lazy and furthermore don’t want to fill in our username and password each time we set up a connection we want to automate this, so that we simply click the connection and we are in! And since it is then simpler than setting up a non-secure connection you will have a. a secure line and b. it costs less effort, so you will go secure!

What do we need?:

Software! Download the three following (yeah, free) packages here     108K (very very small).

1. Putty     108K 
2. PuttyGen     108K
3. PageAnt     108K

Furthermore:

1. You need to have a webhost who supports SSH (most good webhosts do, if they do not, find another one 1/1), I’m hosting at Dreamhost and MediaTemple     1,514 (among others).
2. You need to know you hostname, username and password (normally you get this information when you sign up with your webhosting company, sometimes the information is the same as the telnet/ftp account information)
3. About 15 minutes

Here we go:

 

image Submit Download something that can generate your SSH-2 RSA keys e.g. PuttyGen     108K here.

1. startup PuttyGen
2. click "SSH-2 RSA"
3. click "Generate"
4. move your mouse like an insane Cobol developer with RSI

image Submit Now you have a generated key which you can see in the box above.

1. type in a key passphrase like "helloworld"
2. type it in again to make sure you made no typos
3. save your Public key to somewhere you can remember (anyone may have this one)
4. save your Private key to somewhere you can remember (only you may have this one)

note: ofcourse the screenshot to the left is a demo so it’s no use typing over the 1024 characters to see if they are any use…
image Submit
image Submit 		Now we need a tool to make the actual auto-connection, so download e.g. Pageant.exe     108K

1. Start up Pageant, it will sit in your system tray (next to your clock on the bottom right-hand side of your screen…)
2. Click "Add key"
3. And point to the Pirvate key you just saved ( you can see my "privatekey,ppk" on the left)
4. Enter the passphrase you entered above for security 

If all went well you should see your key under the "view Keys" option in PageAnt.
image Submit
image Submit
image Submit 		No we are going to actually connect…cool!

1. Rightclick the Pageant icon your system tray and press "New Session"

You can now fill in the data from your session in Putty:

main screen:
1. Type in the Host name or IP Address of your webhost (yeah I know you have to look this up somewhere,it was given to you once but you got no clue where it is, hint: check your e-mail box)
2. Choose SSH as protocol

connection > SSH > Auth:
3. click "Allow agent forwarding"

connection > Data:
4. fill in your username (you also got this from your hosting company "telnet" account) (most of the times the same as the master FTP account)

Now you can go back to the main screen (Session), fill in a name of your session and hit "save" to save it for later. E.g. name it "My Webhost" (not a real handy name if you have multiple webhosts…)

image Submit

We are now ready to connect and save your key on the other end, at the webhosting company itself.

1. press "Open" in the screen you are sitting now
2. if you get a warning from your firewall on your first-time connection choose "allow"
3. you get a dialog box warning you about the keys that are not yet the same, just click ok, this is what we are going to do now.
4. the command box opens and it will fill in your username automatically, now fill in your password (yeah you have to look that up again…) (it’s your telnet password the hosting company gave you).

you should now have a command prompt blinking at you.

5. type "cd ~", this should bring you to your home directory, type "pwd" to check if you are in your home dir.
6. type "chmod g-w ." (don’t forget the dot) (means: must not be group/other writeable)
7. type "chmod g-o ."
8. type "mkdir .ssh"
9. type "chmod 0700 .ssh"
10. type "cd .ssh"

You are now in a fresh new .ssh directory on your server

image Submit
image Submit 		Let’s now put our key in there!

11. open up your Putty keygenerator again and load your private key, then select all text at the top, rightclick it and click "copy"
12. go back to the command shell and type:

echo "
rightmouseclick (this copies your key)
" >  authorized_keys

do not forget the " " around the key!

13. now protect the file by typing "chmod 600 authorized_keys"

We should be done now, let’s test it, type "exit"
  right-click the Pageant icon in your system tray, choose "Saved Sessions" > "your saved session" and click it.

You should instantly be in a session with your webhosting company without having to type anything!

wow…cool!

 

If you are going to put pageant on your U3 or USB disk to carry it along, then make sure that you put your keys in a secure place on your stick. One good option is to create a TrueCrypt archive on your U3/USB disk and then hide your secret stuff in there. I made a U3 TrueCrypt 5.1a installer, which you can download here Submit. (it has the dutch language pack installed by default but you can add any other language packs in the zip file).

I hope this saves you some time!

Related posts

del.ico.us Del.icio.us

digg Digg

ekus Ekudos

reddit reddit

 blogging

 ftp

 howto

 pageant

 putty

 security

 software

 ssh

 tooling

 U3

April 27th, 2008