SSH to use two-factor authentication using Google Authenticator on Debian or Ubuntu Server

  • A computer running Ubuntu 16.04 LTS or above
  • A phone running Android or iOS
  • A configured SSH connection
  • You should understand the danger of stolen passwords.
  • You don’t need to know what two-factor authentication is and how it works. 🙂

Installing and configuring required packages

Start a terminal session and type:

sudo apt install libpam-google-authenticator

Configuring SSH

To make SSH use the Google Authenticator PAM module, add the following line to the /etc/pam.d/sshd file:

Read more

Share

Enable Password based authenticaiton in OCI compute instance

If you want to use a password to access the SSH server, a solution for fixing the Permission denied error is to enable password login in the sshd_config file.

To do this, open the file in a text editor.  This example uses the nano editor:

sudo nano /etc/ssh/sshd_config

In the file, find the PasswordAuthentication line and make sure it ends with yes.

Find the ChallengeResponseAuthentication option and disable it by adding no.

If lines are commented out, remove the hash sign # to uncomment them. Save the file and exit. Restart the SSH service by typing the following command:

sudo systemctl restart sshd
Share

SSH Key-Pair Authentication

Create Key-Pair by each user, so login with a common user on SSH Server Host and work like follows.

# create key-pair
debian@dlp:~$ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/debian/.ssh/id_rsa): # Enter or input changes if you want
Created directory '/home/debian/.ssh'.
Enter passphrase (empty for no passphrase): # set passphrase (if set no passphrase, Enter with empty)
Enter same passphrase again:
Your identification has been saved in /home/debian/.ssh/id_rsa
Your public key has been saved in /home/debian/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:H+lFm+3c93VekrLiFCYAwoWDUVs43s4JEze8wr8QzG8 debian@dlp.srv.world
The key's randomart image is:
.....
.....

debian@dlp:~$ll ~/.ssh

total 8
-rw------- 1 debian debian 2655 Aug 17 13:48 id_rsa
-rw-r--r-- 1 debian debian 574 Aug 17 13:48 id_rsa.pub
debian@dlp:~$mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys

Transfer the private key created on the Server to a Client, then it’s possible to login with Key-Pair authentication. Below is an example to connect from a linux shell.

Read more

Share

SCP Command Syntax

Before going into how to use the scp command, let’s start by reviewing the basic syntax. The scp utility expressions take the following form:

scp [OPTION] [user@]SRC_HOST:]file1 [user@]DEST_HOST:]file2

OPTION – scp options such as cipher, ssh configuration, ssh port, limit, recursive copy ..etc
[user@]SRC_HOST:]file1 – Source file.
[user@]DEST_HOST:]file2 – Destination file
Local file should be specified using an absolute or relative path while remote file names should include a user and host specification.

scp provides a number of options that control every aspect of its behavior. The most widely used options are:

-P Specifies the remote host ssh port.
-p Preserves files modification and access times.
-q Use this option if you want to suppress the progress meter and non-error messages.
-C. This option will force scp to compresses the data as it is sent to the destination machine.
-r This option will tell scp to recursively copy directories.

Read more

Share

SSH Tunnel on PuTTY

Most of you have probably used a tunnel with an SSH connection. What you probably weren’t aware of is that you can use a dynamic tunnel to access all remote infrastructure. Furthermore, you can specify a port and a destination IP to have direct access. This process is achieved through your PuTTY configuration.

In this procedure, we will use Internet Explorer, Firefox and an RDP connection to demonstrate the use of a tunnel with an SSH connection, as well as configuring the tunnel with several other protocol types.

Local Port Forwarding

Step 1 – Load the Session
In your PuTTY configuration, configure the Host Name and Port of your remote SSH computer­. Enter your Saved Sessions name, and click Save. If your session already exists, Load it as shown below:

Read more

Share

How to Update SSH & MOTD Banner on CentOS 6

For legal reasons, Some people need to display a warning banner on their Linux machine before login so that a person requires to acknowledge the contents of the banner before entering the password. To do this, edit a/etc/issue.net file and fill it with the desired context.

Edit the  /etc/issue.net file:

sudo nano /etc/issue.net

001Here is mine banner as a sample, you can add your’s here:

#########################################################
# Authorized access only! # 
# Disconnect IMMEDIATELY if you are not an authorized user!!! #
# All actions Will be monitored and recorded #
###############################################################

Read more

Share

Reinstall OpenSSH Server

First if you have any pre-installed SSH server that has gone bad, remove it-

on Redhat Architechture

Type the following commands as the root user:

# chkconfig sshd off
# service sshd stop
# yum erase openssh-server

You need to edit and update firewall rules that allows inbound connections to SSHs tcp port # 22. Edit /etc/sysconfig/iptables and /etc/sysconfig/ip6tables. In each file find and delete the line that access connection to port # 22. A sample entry:

Read more

Share

SSH Public key based authentication

Method-1:

Create the cryptographic Key on FreeBSD / Linux / UNIX workstation, enter:

ssh-keygen -t rsa
Assign the pass phrase (press [enter] key twice if you don’t want a passphrase). It will create 2 files in ~/.ssh directory as follows:
  • ~/.ssh/id_rsa : identification (private) key
  • ~/.ssh/id_rsa.pub : public key
Use scp to copy the id_rsa.pub (public key) to rh9linux.nixcraft.org server as authorized_keys2 file, this is know as Installing the public key to server.
 
scp .ssh/id_rsa.pub vivek@rh9linux.nixcraft.org:.ssh/authorized_keys2
 
From FreeBSD workstation login to server:

Read more

Share