Freeside:1.9:Documentation:Administration:SSH Keys

From Freeside
Revision as of 14:56, 18 August 2017 by Ivan (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Introduction

Freeside can login to remote machines unattended using SSH. This can pose a security risk if not configured correctly, and will allow an intruder who breaks into your freeside machine access to your remote machines. Do not use this feature unless you understand what you are doing and have first properly secured your Freeside machine.

Instructions

  • As the freeside user (on your freeside machine), generate an authentication key using ssh-keygen. Since this is for unattended operation, use a blank passphrase.
  • Append the newly-created identity.pub file to ~root/.ssh/authorized_keys (or the appopriate ~username/.ssh/authorized_keys) on the remote machine(s).
  • Some new SSH v2 implementation accept v2 style keys only. Use the -t option to ssh-keygen, and append the created id_dsa.pub or id_rsa.pub to ~root/.ssh/authorized_keys2 (or the appopriate ~username/.ssh/authorized_keys) on the remote machine(s).
  • You may need to set PermitRootLogin without-password (meaning with keys only) in your sshd_config file on the remote machine(s).
  • You may want to set ForwardX11 = no in ~root/.ssh/config to prevent spurious errors and increase security if your distribution turns on X11 forwarding by default.

Cisco devices