PHP Classes
PHP Classes
elePHPant
Icontem

How to Use RSA Key for ssh Authentication to Access Your Server with Greater Security

Recommend this page to a friend!
  Blog PHP Classes blog   RSS 1.0 feed RSS 2.0 feed   Blog How to Use RSA Key fo...   Post a comment Post a comment   See comments See comments (0)   Trackbacks (0)  

Author:

Posted on:

Categories: PHP Tutorials

Did you know that you can access your site server with greater security without needing a VPN? Yes, you can use RSA private encryption keys, which is a basic security measure but not all developers are aware of them.

Teaching you a better method for having greater security when you access your server machine is what this article is about. Using greater security methods you can protect your work from being stolen or destroyed.

RSA private encryption keys allow you to access a server securely using a console terminal. You can connect to a server using the the SSH protocol and then you can enter commands line by line like regular shells.

These RSA keys allow you to tell your server you are indeed who you claim you are by installing keys on your machine and at the server side, so unauthorized users will not be able to access the server because they do not have your private keys.

Read this article now to learn all the steps necessary to configure your SSH access to a server machine using an RSA key.




Contents

Introduction

Requirements

Conventions

Instructions

Additional Configuration Steps

Conclusion

Related PHP Packages and Articles


Introduction

Using the ssh protocol based commands or GUI based tools to access your servers is a great security practice but first you need to learn how to setup the RSA keys before you start accessing your servers this way.

There are several situations on which you will need access to a remote server, but VPN is not an option due to the equipment that your client has, or you have.  In these situations, having an encrypted communications channel to their server, is the next best thing to using a VPN.

To achieve this, I will explain how to configure SSH so that users can authenticate using an RSA key, instead of two factor authentication.

The SSH command already has the encrypted tunneling feature built in. So, VPN is not needed. But to setup secure authentication that is based on an RSA certificate key, this article presents the necessary steps that you need to perform.

Requirements

This tutorial assumes that several systems will be used titled ServerUser Desktop (or Client), File Server, and VM Server (virtual machine server).  One or more of  these systems can be hosted as VM Guest (virtual machine host).

The Server used in this demo is a Fedora 26 Server (no GUI desktop) but could be any other type of Linux system or another one that provides similar SSH protocol support.  The Server is a VM Guest, hosted with Oracle VM VirtualBox 5.1.28 in Fedora 26.

The Client will be a Fedora 26 with the Mate desktop experience.

Conventions

For clarity I am using the following conventions that you need to pay attention to understand the explanations that follow below.

[value] := is a variable that will be captured by the user as the information Web server is setup and configured.

Command Format := provides the reader with an example of the command and parameters where the command line or file name may be variable.

> := the greater than symbol will preceed any shell command.  If a command generates any kind of output, such output will be displayed after the command.

At the [Environment] ... := tells the reader which environment they should be working in for the instructions to follow.  There are three (3) environments in this tutorial: ClientVM ServerServer.

Instructions

At the Client ...

Open a shell window and type:

> ssh-keygen
[ press enter ] 
[ enter Pass Phrase ]
[ confirm Pass Phrase ]
> ls -al .ssh
-rw-------.  1 user user 1766 Jan 31 17:39 id_rsa
-rw-r--r--.  1 user user  412 Jan 31 17:39 id_rsa.pub
> ssh-copy-id [user]@[IP Address]
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s),
to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if
you are prompted now it is to install the new keys
[user]@[IP Address]'s password: [ enter Password ]
Note: You may also be asked to enter the Pass Phrase for the key.
Number of key(s) added : 1
Now try logging into the machine, with 'ssh [user]@[IP Address]' and check to make sure that only the key(s) you wanted were added.

> ssh [user]@[IP Address]
Last Login: [ Date Time Stamp ]
[user@localhost ~] >
> exit
At the Server as ROOT ...

> cd /etc/ssh
> vi sshd_config
Change these 2 lines to:
PasswordAuthentication no
PermitRootLogin no
press .. [ESC] :wq
> service sshd restart
Note that you will need to be logged at the server to restart the (sshd) service. If it senses that a session is still running, it will not shut down.

At the Client ...

test login without keys ... 

> mv .ssh .ssh2
> ssh [user]@[IP Address]
Login Failed: permission denied
> mv .ssh2 .ssh
> ssh [user]@[IP Address]
Last Login: [ Date Time Stamp ]
[user@localhost ~] >
> exit

Additional Configuration Steps

You will need to configure the "port forwarding" option from the routers connected to Internet, to forward all packets from port 22, to the Server.

If the Server is running in a VM, create a Client that sits in a VM as well, and both are running in the same VM Host.  The Client will allow you to install LogMeIn or TeamViewer to remotely connect to troubleshoot issues locally, vs remotely.  The Client will also allow you to connect to the Server if needed.

Conclusion

Now that you know how to use RSA keys to access remote machines using the SSH protocol, you should use them specially when you need extra security in case somebody steals your password and accesses you servers pretending to be you.

There are other important matters related with SSH and RSA encryption when using PHP on the server side that you may learn more by reading other articles or studying PHP packages linked below.

For now, if you liked this article share it with your colleague developers to tell them about the things here they may not be aware. If you have questions or doubts, post a comment below so I can give you more reply with what you need.

Related PHP Packages and Articles

Notable package: PHP Form Encryption using RSA

Package: PHP Shell Connector: Connect and run remote shell commands using ssh

Innovative Package: PHP SSH Connection Session: Run arbitrary length commands in a server with SSH

Package: jineSSH2: Transfer files and execute commands via SSH

Innovative Package: SSH in PHP: SSH client implementation in pure PHP

Article: How To Create and Install SSH Keys on the Shell

Article: How To Configure SSH Key-Based Authentication on a Linux Server




You need to be a registered user or login to post a comment

1,497,907 PHP developers registered to the PHP Classes site.
Be One of Us!

Login Immediately with your account on:

FacebookGmail
HotmailStackOverflow
GitHubYahoo


Comments:

No comments were submitted yet.



  Blog PHP Classes blog   RSS 1.0 feed RSS 2.0 feed   Blog How to Use RSA Key fo...   Post a comment Post a comment   See comments See comments (0)   Trackbacks (0)