How To Configure SSH Key-Based Authentication on a FreeBSD Server

-
1.In your local computer's terminal, generate a key pair with this command. 

$ ssh-keygen -t rsa -C "user@server" -b 4096 -f ~/.ssh/filename

2.Copy the public key to your server. 

$ ssh-copy-id -i ~/.ssh/filename[.pub] user@server

If ssh-copy-id is not available on your machine , you will need to do this by hand.
Copy the contents of filename.pub to ~/.ssh/authorized_keys

$ cat .ssh/id_rsa.pub | ssh user@server 'cat >> .ssh/authorized_keys'
$ ssh user@server "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
[OR]

$ scp ~/.ssh/id_rsa.pub user@server:~
$ mkdir -p ~/.ssh 
$ touch ~/.ssh/authorized_keys
$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
$ rm ~/id_rsa.pub
$ chmod 600 ~/.ssh/authorized_keys
$ chmod 700 ~/.ssh

3.In your server, To confirm the public key has been copied. 

$ cat ~/.ssh/authorized_keys

4.Backup the /etc/ssh/sshd_config file. 

$ cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

5.Edit the /etc/ssh/sshd_config file.
Protocol configuration.

#Protocol 2
>>> 

Protocol 2
HostKeys for protocol version 2 configuration.

#HostKey /etc/ssh/ssh_host_rsa_key
>>> 

HostKey /etc/ssh/ssh_host_rsa_key  




#HostKey /etc/ssh/ssh_host_ecdsa_key
>>> 
 
HostKey /etc/ssh/ssh_host_ecdsa_key  




#HostKey /etc/ssh/ssh_host_ed25519_key
>>> 
 
HostKey /etc/ssh/ssh_host_ed25519_key


Don't Uncomment the DSA. 

#HostKey /etc/ssh/ssh_host_dsa_key
because DSA is not considered secure anymore.
Logging configuration.

#SyslogFacility AUTH
>>> 

SyslogFacility AUTH  




#LogLevel INFO
>>> 

LogLevel INFO


Authentication configuration.

#PermitRootLogin no
>>> 

PermitRootLogin no  




#MaxSessions 10
>>> 

MaxSessions 1


[ssh v1] 

#RSAAuthentication yes
>>> 

RSAAuthentication yes


[ssh v2] 

#PubkeyAuthentication yes
>>> 
 
PubkeyAuthentication yes  




#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
>>> 

AuthorizedKeysFile .ssh/authorized_keys




#PasswordAuthentication no
>>> 

PasswordAuthentication no  




#PermitEmptyPasswords no
>>> 

PermitEmptyPasswords no  




#ChallengeResponseAuthentication yes
>>> 

ChallengeResponseAuthentication no

Comments

Post a Comment

Popular posts from this blog

Python3 + Django + uWSGI + Nginx On FreeBSD

-
1. uWSGI Installation. $ sudo pip-3.6 install uwsgi Collecting uwsgi Downloading uwsgi-2.0.17.tar.gz (798kB) 100% |################################| 798kB 709kB/s Installing collected packages: uwsgi Running setup.py install for uwsgi ... done Successfully installed uwsgi-2.0.17 1.1 Basic test Let’s start with a simple “Hello World” example: def application(env, start_response): start_response('200 OK', [('Content-Type','text/html')]) return [b"Hello World"] As you can see, it is composed of a single Python function. It is called “application” as this is the default function that the uWSGI Python loader will search for (but you can obviously customize it). 1.2 Now start uWSGI to run an HTTP server/router passing requests to your WSGI application: uwsgi --http :9090 --wsgi-file foobar.py 2.Installing Django. Install Django into your virtualenv , create a new project $ mkproject django $ pip install Django Collecting Django ...
Read more

arduino最小構成 (atmega328/8MHz/3.3V/内部クロック)FT232RLにてブートローダーの書き込み

-
Image
1.部品 ATMEGA328P-PU USBシリアル変換モジュールFT232RL 0.1μFコンデンサ ブレッドボード ジャンパーワイヤ 2.ROM,DRIVER,書き込み用ソフトの準備 breadboard-1-6-x.zip をダウンロードして展開します。 FTAVRW : FT232-AVR Writerの ftavrw_v121b.zip をダウンロードして展開します。 https://www.ftdichip.com/Drivers/VCP.htm FTDIドライバをダウンロードして展開、インストールします。 3.ブートローダーの書き込み 配線 下図はブレッドボード上に配線した例です。 ftavrwg.exeをクリックして実行します。 avr info ボタンを押下し、情報が取得されたら配線はOKです。 ATmegaBOOT_168_atmega328_pro_8MHz.hexを選択し、書き込みます。 下図のようなメッセージが出ましたら、書き込みが完了です。 boards.txtを確認して、FUSEを書き込みます。 下図のようなメッセージが出ましたら、書き込みが完了です。 4.スケッチの書き込み 配線 下図はスケッチの配線例です。注意: RESET に 0.1μF のコンデンサを噛ます必要があります arduino IDEを開いてexamples(Blink)を書き込んでみます。 書き込みは無事にできました。Blinkもちゃんと動いています。
Read more

FreeBSD: Configuring Apache to permit CGI

-
In httpd.conf file make sure the "cgi" LoadModule directive has not been commented out. A correctly configured directive may look like this: <IfModule mpm_prefork_module> LoadModule cgi_module libexec/apache24/mod_cgi.so </IfModule> Explicitly using Options to permit CGI execution To allow CGI program execution for any file ending in .cgi in users' directories, you can use the following configuration. <VirtualHost *:80> DocumentRoot "/usr/local/www/apache24/e" ServerName www.example.com ErrorLog "/var/log/e-error_log" CustomLog "/var/log/e-access_log" common <Directory "/usr/local/www/apache24/e/"> Order allow,deny Allow from all Require all granted Options +ExecCGI AddHandler cgi-script .cgi </Directory> </VirtualHost> <Directory "/home/*/public_html"> Options +ExecCGI AddHandler cgi-script .cgi </Di...
Read more