Secure your development environment. Objective: connect with a Windows 7 client to a CentOS server hosting environment.
It all begins with an SSH public/private key.
* Download puttgen.exe 1]
* Create a public / private key / SSH-2 RSA
* Why RSA and not DSA? Ask ref 2]
* Save the private key: it will be saved as a .ppk file
* Save the public key: this file does not come with an extension (odd)
* The default public key is formatted with line breaks. The next step requires a key without line breaks but puttygen has a special input field for pasting the key into an authorised_keys file
* FTP the public key to your hosting account.
* The root directory contains a folder called .SSH (600)
* Create a file (if not already present) called authorised_keys2 (400, the difference with the authorised_keys file also in use is explained in ref 3])
* Add the key to this file using echo public_key.pkk > authorised_keys2
The key pair can optionally be created with a passphrase for additional security
The key pair can also be created server-side using
ssh-keygen -t rsa -C “email@example.com”
Porting the private key back to the client however then proceeds in an insecure way
Use the private key to start a password-less PuTTY SSH session:
* Add a SSH session with hostname as before.
* In Connections >> Auth add the private key for authentication
* Do not forget to return to the session category to save the session
* Open the connection, the terminal opens without asking for further credentials
You can secure FTP sessions using the keypair generated before. For example with FileZilla select as hostname the hostname already entered in PuTTY. Select as protocol SFTP, the SSH File Transfer Protocol and select as login type “interactive”. The username is the regular FTP username. The password remains empty. FileZilla is unable to handle passphrases. Running in the background is a program called fzsftp.exe that takes care of the working relationship between FileZilla and PuTTY. FileZilla can also work independently from PuTTY though. The private key itself can be stored under Edit >> Settings >> SFTP
1 ] http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
2 ] http://security.stackexchange.com/questions/5096/rsa-vs-dsa-for-ssh-authentication-keys
3 ] http://serverfault.com/questions/116177/whats-the-difference-between-authorized-keys-and-authorized-keys2