Connecting PUTTY Clients to Zeroshell SSH via Public Key

Home Page Forums Network Management Networking Connecting PUTTY Clients to Zeroshell SSH via Public Key

This topic contains 2 replies, has 0 voices, and was last updated by  byruda 3 years, 6 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #42399

    byruda
    Member

    I would like to know if it is possible to use public key authentication for PUTTY clients connecting to zeroshell’s SSH port.

    We would like to give access to the SSH port to some users without giving the admin password to the user.

    We are successfully using SSH tunneling features with zeroshell with these users but do not want them to be able to alter zeroshell settings via https protocol.

    Thank you.

    #50314

    ppalias
    Member

    I suppose that you are aware that once the user is logged in as admin he can issue the “passwd” command to change the password, right?
    The answer however to your question is:
    Create file

    .ssh/authorized_keys

    and put in there your public key

    ssh-rsa ABCD[...]XYZ== ppalias@blahblah

    be careful with the line separators and spaces.

    Copy the following in /Database/patches and run the script in pre-boot

    script

    #!/bin/sh
    /bin/cp /Database/patches/sshd_config /etc/ssh/sshd_config
    /bin/cp -Rp /Database/patches/.ssh /root/.ssh
    echo "root:your_pass_here" | /usr/sbin/chpasswd /sbin/service sshd restart

    sshd_config


    #!/bin/sh
    /bin/cp /Database/patches/sshd_config /etc/ssh/sshd_config
    /bin/cp -Rp /Database/patches/.ssh /root/.ssh
    echo "root:g@mwthntr3l@m0u" | /usr/sbin/chpasswd /sbin/service sshd restart
    root@zeroshell root> cat /Database/patches/sshd_config
    # $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $

    # This is the sshd server system-wide configuration file. See
    # sshd_config(5) for more information.

    # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented. Uncommented options change a
    # default value.

    #Port 22
    Protocol 2
    #AddressFamily any
    #ListenAddress 0.0.0.0
    #ListenAddress ::

    # HostKey for protocol version 1
    #HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    #HostKey /etc/ssh/ssh_host_rsa_key
    #HostKey /etc/ssh/ssh_host_dsa_key

    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 1h
    #ServerKeyBits 768

    # Logging
    # obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    LogLevel VERBOSE

    # Authentication:

    #LoginGraceTime 2m
    PermitRootLogin yes
    #StrictModes yes
    #MaxAuthTries 6

    #RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile .ssh/authorized_keys

    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes

    # To disable tunneled clear text passwords, change to no here!
    PasswordAuthentication yes
    #PermitEmptyPasswords no

    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes

    # Kerberos options
    KerberosAuthentication yes
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    #KerberosGetAFSToken no
    #AllowUsers admin
    # GSSAPI options
    GSSAPIAuthentication no
    #GSSAPICleanupCredentials yes

    # Set this to 'yes' to enable PAM authentication, account processing,
    # and session processing. If this is enabled, PAM authentication will
    # be allowed through the ChallengeResponseAuthentication and
    # PasswordAuthentication. Depending on your PAM configuration,
    # PAM authentication via ChallengeResponseAuthentication may bypass
    # the setting of "PermitRootLogin without-password".
    # If you just want the PAM account and session checks to run without
    # PAM authentication, then enable this but set PasswordAuthentication
    # and ChallengeResponseAuthentication to 'no'.
    #UsePAM no

    #AllowTcpForwarding yes
    #GatewayPorts no
    #X11Forwarding no
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PrintMotd yes
    PrintLastLog no
    #TCPKeepAlive yes
    #UseLogin no
    #UsePrivilegeSeparation yes
    #PermitUserEnvironment no
    #Compression delayed
    #ClientAliveInterval 0
    #ClientAliveCountMax 3
    #UseDNS yes
    UseDNS no
    #PidFile /var/run/sshd.pid
    #MaxStartups 10
    #PermitTunnel no

    # no default banner path
    #Banner /some/path

    # override default of no subsystems
    Subsystem sftp /usr/local/libexec/sftp-server

    # Example of overriding settings on a per-user basis
    #Match User anoncvs
    # X11Forwarding no
    # AllowTcpForwarding no
    # ForceCommand cvs server

    You should be ready now.

    #50315

    bakcsa
    Member

    I would like to do the same, but I don’t think that this post is still valid for ZS 3.4

    I have a central backup server which backups all my linux machine via ssh. It would be very good if I could integrate ZS with it. Could you please give me instructions?

    #50316

    zgypa
    Member

    @bakcsa wrote:

    I would like to do the same, but I don’t think that this post is still valid for ZS 3.4

    I have a central backup server which backups all my linux machine via ssh. It would be very good if I could integrate ZS with it. Could you please give me instructions?

    Yes, they are still sort of valid. I have written up a how-to with screen shots on my wiki page.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.