Koozali.org: home of the SME Server

Auto login to SSH for port forwarding over wireless network

hamishau

Hi All,

I am attempting to automate the login of an SSH session into my SME 6.01-01 box. I am doing this because I have a LAN wireless network and want to secure it (the equipment I have is only capable of WEP, which everyone should know is not that secure).

I have found that when I establish a PPTP VPN connection back into the server from the WinXP PC (LAN) and then access the internet using Firefox it does not go through the VPN. Other programs such as MSN Messenger appear to use the VPN connection.

As a work around, I am port forwarding with SSH, which works well, except for the need to supply a username (which seems to only work for root) and root's password.

At the moment I am port forwarding 3 ports: IMAP (143), SMTP (25) and proxy (3128). I know they all work fine.

I am using the instructions I have found on the following website to try to automate the port forward SSH login using public and private keys, but with no luck. I want to clarify the EXACT folder that I need to put the file authorized_keys2 into, or any other information which will help me getting this to work.

http://www.jfitz.com/tips/ssh_for_windows.html

All help is greatly appreciated,

Hamish
Melbourne, AU

egerards

Auto login to SSH for port forwarding over wireless network
« Reply #1 on: July 28, 2005, 08:49:37 AM »
If you want to be able to ssh to a server without providing a password, simply add the public ssh key of the remote account to the authorized_keys file of the account you want to logon to. E.g. : /root/.ssh/authorized_keys

Make sure that the rights on the .ssh directory are set to 700. If you set write permission for the group on the account that you visit, this will disable the mechanism.

hamishau

Auto login to SSH for port forwarding over wireless network
« Reply #2 on: July 28, 2005, 12:06:26 PM »
Hi egerards, thanks for the reply!

I have placed the public key in the file authorized_keys (and authorized_keys2) in the /root/.ssh/ directory and then chmod'ed it to 0700.

I get the following when I try to log in with the saved session in PuTTY:

Using username "root".
Server refused our key
root@w.x.y.z's password:

I have deleted & recreated the PuTTY session, but with the same result.

Anything else you might be able to suggest is appreciated.

Btw, I can successfully get in with PuTTY normally (update ClamAV every now and again!) and with WinSCP to transfer the public key authorized_keys file across, so I know it is not the SSH server being problematic.

Thanks,
Hamish
Melbourne, AU

Offline warren

  • *
  • 291
  • +0/-0
Auto login to SSH for port forwarding over wireless network
« Reply #3 on: July 28, 2005, 12:37:54 PM »
hamishau,

follow this how to http://www.wellsi.com/sme/ssh/ssh.html which explains nicely the installing of pub/private keys.


Quote
I have placed the public key in the file authorized_keys (and authorized_keys2)...


append the public key you created  (cat rsa.pub >> authorized_keys  )as the authorized_key file can store multiple public keys.

warren

hamishau

Auto login to SSH for port forwarding over wireless network
« Reply #4 on: July 28, 2005, 12:49:33 PM »
Hi warren,

I have an update! I have managed to find some info on the web which has helped as well.

I generated the keys again and copied the public key directly from the window instead of going through "Save public key". I then copied this to the authorized_keys file on the server.

Then from the server I went ssh-kengen -l -f authorized_keys. This generated the fingerprint.

Now I can login using the root login, and don't need to supply the password! I get the following:

Using username "root".
Authenticating with public key "rsa-key-20050728"

However, the PuTTY session remains open, but I can deal with that! :-)

Thanks everyone for the help!

Hamish
Melbourne, AU

mrkiwi

Resolving putty windows which close after usercode
« Reply #5 on: September 11, 2006, 12:53:49 AM »
A couple of things in the form of a checklist;

+ Have you generated your keys?
If not, "ssh-keygen -t rsa"

+ Does your server allow plaintext passwords or only RSA auth?
If not, check your config (/etc/ssh/sshd_config)

+ Have you cat'd your public key into "authorized_keys"?
If not, from your home dir, "cd .ssh;cat id_rsa >> authorized_keys"

+ Have you converted the private key to a putty format?
If not, use puttygen.exe to convert the key to putty's format.

+ Have you told putty where the private key is?
If not, load your saved session, in category seleect Connection/SSH/Auth, browse for your putty format of the private key.

+ Does the putty window stay there when you dont really want it to?
If so, consider using putty from the command line in a batch file with switches set to batch mode (i think) - also consider using pagent.exe, which loads your (multiple?) keys so you never have to type the passphrase again.

mrkiwi

Do you want: Putty to log onto SME automagically?
« Reply #6 on: September 11, 2006, 01:33:36 AM »
Hi All, I cant seem to post a new thread, so here it is.

A quick checklist - similar to the last one, but specifically for SME7

0. Read the docs! Understand the dangers of this procedure!
1. In server-manager, goto Security, Remote access
2. Change Secure Shell Access to "Allow access only from local networks"
3. Change Allow administrative command line access over secure shell to "Yes"
4. Go to your console, log in as root.
5. type
Code: [Select]
ssh-keygen -t rsa and answer the questions. Remember the passphrase ( you should NOT use your root password ) - this creates two files in your ".ssh" folder; id_rsa and id_rsa.pub
6. type
Code: [Select]
cat .ssh/id_rsa >> .ssh/authorized_keys - this says to SME "allow this key to be used for authentication.
7. copy the private key ( .ssh/id_rsa ) to your winblows machine - how you do this is up to you, but i prefer to
Code: [Select]
cp .ssh/id_rsa /home/e-smith/files/users/[myusercode]/home and then pick it up from my winblows box by browsing to
Code: [Select]
\\sme\[myuesrcode]\.
DONT leave it hanging around in insecure places!
8. Convert your key to a putty format. Open puttygen, click "Conversions", "Import Key" and browse to your id_rsa file. Enter the passphrase. Click "Save Private Key" and enter a file name. I use id_rsa, as puttygen will append ".ppk" to the end.
9. Open Putty. Create a saved profile. Make the following changes.
a. Under Connection/Data enter "root" into the field "Auto-login username"
b. Under Connection/SSH/Auth browse to your new .ppk file
c. Go back to Session and click "Save" again or it wont be saved.
10. Grab a copy of pageant. Put it in c:\windows\system32
11 Create a batch file in your startup folder, call it Pagaent.bat. type one line;
Code: [Select]
start pageant.exe "C:\MyKeys\id_rsa.ppk"
Substitute as appropriate.
12. Double click the batch file to simulate what would normally happen at login - a dos window should flash up, then go away leaving a prompt for your passphrase (which you entered in step 5). Once you have done this you should have the pageant icon (monitor with a black hat) in your systray. Right click to see the key(s) you have loaded.
13 Start Putty, double click your saved profile. You should get straight to a root prompt.

This is all from memory, so appologies  :roll:  for any typos or errors.

Can someone tell me how to get this into the docs for SME?
Is it good enough?

MrKiwi.