SSH key authentication (No password):
SSH key authentication is most popular among Linux system administrators. SSH key authentication is recommended whenever remote servers are accessed more frequently. This provide confidentiality and integrity of data exchanged between client and server. SSH itself more secured, but if anyone use more than one security mechanism its considered as very secured.
Traditional SSH method uses password authentication. This is considered as vulnerable because it can be compromised by man in the middle attack (attack on confidentiality). Man in the middle attack means, third person can act as claimed person and can sniff the connection.
SSH authentication is a combination of SSH and cryptography.
Advantages of SSH Cryptography
1. Confidentiality - Make sure that no third person is involved in the communication
2. Integrity - Ensures authorized modifications during transmission.
3. Easy to implement.
 |
| SSH key based authentication |
Steps in SSH cryptography
The figure explains how SSH key authentication is implemented.
1. Alice generate its own cryptographic key pair (Private and Public Key)
2. Alice stores private key in secure place and and send public key to bob.
3. Bob gets Alice public key and store it in secure place.
The above mentioned steps are considered as mandatory requirements for secure communication. This process is one time set-up.
4. Once key exchange finished, Alice can connect Bob via SSH protocol. SSH protocol supports password authentication and public key authentication. By default SSH is enabled with password authentication. But in this scenario key exchange has done, so SSH can connect without password.
5. This secure connection is encrypted with Alice private key. If anyone attack in the middle of some where they must have Alice public key to decrypt the connection and only Bob can decrypt the connection.
SSH Key authentication in Linux systems:
1. Alice creates own key pair in his own machine
ssh-keygen -t rsa
2. Alice sends public key to Bob in remote location
scp ~/.ssh/id_rsa.pub remote.server.com:.ssh/authorized_keys2
3. Next Alice can connect to Bob via SSH without password
ssh bob@example.com
No comments:
Post a Comment