SSH
SFTP Tips & Tricks
Using Keyfiles To Access SFTP Services You can use the private key .pem files to allow you to connect via SFTP on a server that only allows key access. The trick is to get the .pem file that Amazon gives you onto the sever that you will be using to connect to the EC2 instance. When you store the .pem file on the local box, you will need to ensure the security level is set to 500 (r-x------). Here is an example: # sftp -o IdentityFile=my-amazon-given-key.pem root@domU-11-22-33-00-CC-11 We often use this trick to talk to our Amazon EC2 instances as they do not allow password based authentication by default. This is a good security mechanism as only people with an authorized key file can gain access. It also gives you a quick an easy way to shut down all access keys by disabling a single key file, essentially shutting down access from an entire group ...
0 Comment | Posted in Networking Utilities,SSH,Security,Tips & Tricks,blog
December 09, 2009
Logon To Your Linux Box Using SSH Keys
I've been recently working with AWS EC2 instances and have found that the SSH keys that they require for secure login practices actually have some nice benefits. For one thing, once I've generated a keyfile that uniquely identifies me on my local PC, I can use that keyfile to quickly and easily login to any server without having to remember passwords and login credentials. Having to get in and out of over a dozen different servers every week, and nearly 100 different servers over the course of a year, the use of key sharing certainly has the potential to save a lot of keystrokes. In a nutshell, here is the pieces that make it work: Create a unique fingerprint on your local machine Initalize the SSH environment for your user login on the remote environment Store that fingerprint in the SSH environment on the remote system Once you have completed these steps, you will be ...
0 Comment | Posted in Cloud Computing,Desktop Apps,SSH,Security,Tips & Tricks,blog
November 12, 2009
Creating and Installing SSL Certs via SSH
Certificate Signing Request (CSR) Apache + Open SSL Login as root cd /usr/bin/ (/your path to openssl/) openssl genrsa -des3 -out <name_of_your_certificate>.key 1024 You will need to enter a passphrase for your key here, and then enter it again in the next step. openssl req -new -key <name_of_your_certificate>.key -out <name_of_your_certificate>.csr At this point you'll have to enter information about the site/owner of the SSL cert. Keep in mind that the common name (CM) is actually the address of the site (without http://, etc), and that each cert is only for one host. IE: yoursite.com is not the same as www.yoursite.com. Some certs can be created with multiple/alternative common names. You'll need the contents of the csr file to create the cert on godaddy or whichever cert site you're using. Either download it or VI, and copy and paste the contents. Installing SSL Certificate and the Intermediate Certificate Once you've gotten the actual certs from the cert site ...
