SSH. Introduction. SSH Private Key



Similar documents
MATLAB on EC2 Instructions Guide

Secure Shell. The Protocol

OpenVPN over SSH tunneling

AWS Quick Start Guide. Launch a Linux Virtual Machine Version

SSH and Basic Commands

Cloud Server powered by Mac OS X. Getting Started Guide. Cloud Server. powered by Mac OS X. AKJZNAzsqknsxxkjnsjx Getting Started Guide Page 1

Securing Windows Remote Desktop with CopSSH

SSH with private/public key authentication

How to Tunnel Remote Desktop Through SSH on a Windows Computer

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

Running Knn Spark on EC2 Documentation

Nessus Training Session 2 - Scanning and Reporting

A SHORT INTRODUCTION TO BITNAMI WITH CLOUD & HEAT. Version

WinSCP PuTTY as an alternative to F-Secure July 11, 2006

Back Up Linux And Windows Systems With BackupPC

Recommended File System Ownership and Privileges

Single Node Hadoop Cluster Setup

INSTALLING KAAZING WEBSOCKET GATEWAY - HTML5 EDITION ON AN AMAZON EC2 CLOUD SERVER

Chapter 9 PUBLIC CLOUD LABORATORY. Sucha Smanchat, PhD. Faculty of Information Technology. King Mongkut s University of Technology North Bangkok

File Protection Using Rsync User Guide

Extending Remote Desktop for Large Installations. Distributed Package Installs

Miami University RedHawk Cluster Connecting to the Cluster Using Windows

Hadoop Installation MapReduce Examples Jake Karnes

TELNET CLIENT 5.11 SSH SUPPORT

Source Code Management for Continuous Integration and Deployment. Version 1.0 DO NOT DISTRIBUTE

Homework #7 Amazon Elastic Compute Cloud Web Services

Secure Web Browsing in Public using Amazon

Configuration Guide. Remote Backups How-To Guide. Overview

Securing Windows Remote Desktop with CopSSH

Configure Backup Server for Cisco Unified Communications Manager

Zend Server Amazon AMI Quick Start Guide

TS-800. Configuring SSH Client Software in UNIX and Windows Environments for Use with the SFTP Access Method in SAS 9.2, SAS 9.3, and SAS 9.

Creating an ESS instance on the Amazon Cloud

Tutorial: Using HortonWorks Sandbox 2.3 on Amazon Web Services

Using Virtual Machines

Online Backup Client User Manual Linux

Distributed convex Belief Propagation Amazon EC2 Tutorial

ArcGIS 10.3 Server on Amazon Web Services

Using Network Attached Storage with Linux. by Andy Pepperdine

Clearswift Information Governance

Setting up your virtual infrastructure using FIWARE Lab Cloud

Setting Up Scan to SMB on TaskALFA series MFP s.

DocAve Upgrade Guide. From Version 4.1 to 4.5

Department of Veterans Affairs VistA Integration Adapter Release Enhancement Manual

Online Backup Client User Manual Mac OS

Online Backup Client User Manual Mac OS

Guide to the Configuration and Use of SFTP Clients for Uploading Digital Treatment Planning Data to IROC RI

ShadowControl ShadowStream

Comsol Multiphysics. Running COMSOL on the Amazon Cloud. VERSION 4.3a

VXOA AMI on Amazon Web Services

Handle Tool. User Manual

If you prefer to use your own SSH client, configure NG Admin with the path to the executable:

Adobe Marketing Cloud Using FTP and sftp with the Adobe Marketing Cloud

CycleServer Grid Engine Support Install Guide. version 1.25

File transfer clients manual File Delivery Services

How to Backup XenServer VM with VirtualIQ

Enabling Backups for Windows and MAC OS X

Freshservice Discovery Probe User Guide

1. Product Information

Comsol Multiphysics. Running COMSOL on the Amazon Cloud. VERSION 4.3b

Amazon Web Services EC2 & S3

User Manual. User Manual for Version

GENERAL FILE TRANSFER GUIDELINES

13.1 Backup virtual machines running on VMware ESXi / ESX Server

Centralized Mac Home Directories On Windows Servers: Using Windows To Serve The Mac

TECHNICAL NOTE Stormshield Network Firewall AUTOMATIC BACKUPS. Document version: 1.0 Reference: snentno_autobackup

Creating a DUO MFA Service in AWS

RecoveryVault Express Client User Manual

How To Restore Your Data On A Backup By Mozy (Windows) On A Pc Or Macbook Or Macintosh (Windows 2) On Your Computer Or Mac) On An Pc Or Ipad (Windows 3) On Pc Or Pc Or Micro

ASX SFTP External User Guide

CREDENTIAL MANAGER IN WINDOWS 7

The full setup includes the server itself, the server control panel, Firebird Database Server, and three sample applications with source code.

CONNECTING TO DEPARTMENT OF COMPUTER SCIENCE SERVERS BOTH FROM ON AND OFF CAMPUS USING TUNNELING, PuTTY, AND VNC Client Utilities

How to Setup and Connect to an FTP Server Using FileZilla. Part I: Setting up the server

Online Backup Linux Client User Manual

CASHNet Secure File Transfer Instructions

Using WinSCP to Transfer Data with Florida SHOTS

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Online Backup Client User Manual

Overview. Remote access and file transfer. SSH clients by platform. Logging in remotely

AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts

Install and configure SSH server

Online Backup Client User Manual

Networking Guide Redwood Manager 3.0 August 2013

uh6 efolder BDR Guide for Veeam Page 1 of 36

Export & Backup Guide

Online Backup Client User Manual

Managing Software and Configurations

AWS Schema Conversion Tool. User Guide Version 1.0

A SHORT INTRODUCTION TO DUPLICITY WITH CLOUD OBJECT STORAGE. Version

IBM WebSphere Application Server Version 7.0

How To Set Up A Backupassist For An Raspberry Netbook With A Data Host On A Nsync Server On A Usb 2 (Qnap) On A Netbook (Qnet) On An Usb 2 On A Cdnap (

Eucalyptus User Console Guide

Driver Upgrade Instructions

Table of Contents. Online backup Manager User s Guide

Enterprise Apple Xserve Wiki and Blog using Active Directory. Table Of Contents. Prerequisites 1. Introduction 1

AWS Service Catalog. User Guide

VX 9000E WiNG Express Manager INSTALLATION GUIDE

Transcription:

SSH 1. Introduction 2. SSH Private Key 2.1. How can I download my private SSH key 2.2. How can I get my private SSH key in PPK format? 3. How to connect to my server 4. How can I access my server as the root user? 5. SSH tunnel 6. Troubleshooting 6.1. The SSH warning: REMOTE HOST IDENTIFICATION HAS CHANGED 7. Give SSH access to the another person or your customer 7.1.1. Create private/public keys 7.1.2. Create a separate account 7.1.2.1. Deleting the additional user account 7.1.3. Use the 'bitnami' account Introduction SSH stands for Secure Shell Handler and is a protocol used to connect securely to a remote server and execute commands. It is the equivalent of opening a terminal window on the remote server. To connect to a BitNami hosted server, you will need a special file named "Private Key". SSH Private Key The most secure way to access your server via SSH is by using the SSH Key - password-based authentication is not secure. Each cloud account has an associated SSH key file ("Private key") that you can use to connect remotely to the servers launched using that cloud account credentials. This file needs to be protected, as anybody who has access to it can access your servers. On Linux and OS X, it is necessary to change the file's permissions, so it is only readable by you. chmod 600 bitnami-hosting.pem Otherwise you may get a 'bad permissions: ignore key' error.

How can I download my private SSH key Bitnami Cloud Hosting Go to the Servers section, select your server, click 'Manage Server' and use 'Connect' button. In case you don't have any servers, you can download his file going to Clouds > Manage, clicking on the appropriate cloud account. Click on the appropriate format to start the download: Select PEM format if you are going to connect from Linux, OS X or other Unix systems Select PPK for Windows Putty, FileZilla and WinSCP. bch_server_manage_connect2.png AWS Console It is not possible to download the SSH key from the Amazon EC2 Control Panel once it has been created. If you launched your server using the Amazon EC2 Control Panel and selected the option to generate a new key pair, it would have been available for download at that time. Tabs end Store the SSH key file in a secure place on your local machine! How can I get my private SSH key in PPK format? PPK is the private key format used by Windows programs Putty, FileZilla and WinSCP. Bitnami Cloud Hosting If you are a Bitnami Cloud Hosting client, you can download your key in this format directly: click "Connect" in "Server Manage" view and use "PPK" button. Others Otherwise, you will need to convert your downloaded key to PPK format as described here: http://the.earth.li/~sgtatham/putty/0.60/ htmldoc/chapter8.html#puttygen-conversions

putty-download.png putty-conversion.png putty-conversion2.png Tabs end How to connect to my server Windows & PuTTY The easiest way to log in to your cloud server is with PuTTY, a free SSH client for Windows and UNIX platforms. Download the SSH key for your server in.ppk format. Download the PuTTY ZIP archive from its website Extract the contents to a folder on your desktop. Double-click the putty.exe file to bring up the PuTTY configuration window. Obtain the IP address or host name of your cloud server by browsing to the Bitnami Cloud Hosting dashboard and signing in if required. Then, select the "Servers" menu item, select your cloud server from the resulting list and click the "Manage" button to obtain the server's host name and IP address. Enter the host name of your cloud server into the "Host Name (or IP address)" field, as well as into the "Saved Sessions" field. Click "Save" to save the new session so you can reuse it later.

In the "Connection SSH Auth" section, select the private key file (*.ppk) you saved in the previous step.

In the "Connection Data" section, enter the username 'bitnami' into the "Auto-login username" field.

Go back to the "Session" section and save your changes by clicking the "Save" button. Click the "Open" button to open an SSH session to the server. PuTTY will first ask you to confirm the server's host key and add it to the cache. Go ahead and click "Yes" to this request (learn more).

You should now be logged in to your cloud server. If you prefer to use PuTTY from the command line, you should include '-i' and '-l' options as follows: > putty -i "C:\Path\To\bitnami-hosting.ppk" -l bitnami xyz.bitnamiapp.com Remember to use the correct path to 'bitnami-hosting.ppk' in the previous commands, and to replace 'xyz.bitnamiapp.com' with the public IP address or host name of your server. Windows & MobaXTerm MobaXTerm is an enhanced terminal with an X server and a set of Unix commands (GNU/Cygwin) packaged in a single portable exe file. You can dowload it at: http://mobaxterm.mobatek.net You will need to get your SSH key in PEM format. In this case it is not necessary to import your private key into the application, you can use it directly. You can copy files to the machine using the right panel or you can connect to the machine through SSH:

ssh -i private_key bitnami@your-machine-hostname Linux and Mac OS X Linux and Mac OS X come bundled with SSH clients by default. Download the SSH key for your server in.pem format. Open a new terminal on your Linux or Mac OS X system. Set the permissions for your private key file to 0600 using a command like the one below: chmod 600 bitnami-hosting.pem Obtain the IP address or host name of your cloud server by browsing to the Bitnami Cloud Hosting dashboard and signing in if required. Then, select the "Servers" menu item, select your cloud server from the resulting list and click the "Manage" button to obtain the server's host name and IP address. Log in to the server using the following command: ssh -i bitnami-hosting.pem bitnami@xyz.bitnamiapp.com Remember to replace 'bitnami-hosting.pem' in the previous commands with the path to your private key file, and 'xyz.bitnamiapp.com' with the public IP address or hostname of your server. Your SSH client might ask you to confirm the server's host key and add it to the cache before connecting. Accept this request by typing or selecting "Yes" (learn more).

You should now be logged in to your cloud server. Tabs end How can I access my server as the root user? By default, you can only log in as the bitnami user to a BitNamibacked machines (VM, AWS, Azure or BitNami Cloud Hosting). Once logged in, you can use the 'sudo' utility to become the super user or execute. sudo su SSH tunnel If you want to connect to the local port which is not available from outside, you can use SSH encrypted tunnel. Assuming that your server application is running at the port 9990 and that you want to have access to it from your local port 9991. Windows If you are using Windows in your local machine you can create the tunnel as follows: Follow the steps to connect using Putty Before opening the connection. Go to Connection -> SSH -> Tunnels, enter the values below and click "Add" button: Source port: "9991" Destination: "localhost:9990" A different workaround is using "plink.exe" tool from the Windows command line. Download your private key in ppk format Download the "plink.exe" tool at http://www.chiark.greenend.org.uk/~sgtatham/putty/ download.html Open a Command Prompt, go to the folder where you downloaded the tool and the key and run the following command: plink.exe -i your_key.ppk -N -L 9991:127.0.0.1:990 bitnami@xyz.bitnamiapp

Linux and Mac OS X If you are in Linux or Mac you can run the following in a console in your local machine (using your Public DNS instead of xyz.bitnamiapp.com): ssh -v -N -L 9991:127.0.0.1:9990 -i bitnami-hosting.pem bitnami@xyz.bitna Tabs end While the tunnel is active you can connect to your server port 9990 at 127.0.0.1:9991 Troubleshooting The SSH warning: REMOTE HOST IDENTIFICATION HAS CHANGED It is normal when you are trying to connect to the same IP but the machine is different, for instance when you assign the static IP address to another server. You can fix the problem by removing the IP address (you are trying to connect) line from your ~/.ssh/known_hosts file. If you use Putty, then ssh key mismatch warning looks like below: WARNING - POTENTIAL SECURITY BREACH! [...] In this case click Yes, if you know the reason for the key mismatch (IP address assigned to another server, machine replaced, etc.) Give SSH access to the another person or your customer You should ask your customer to send to you his own public ssh key generated on Linux/Unix/OS X, this way you can give him an access to your machine without sharing your or his private key.

Create private/public keys If the person to whom you are going to give access doesn't have a private/public key pair yet, he should generate them as described below. On Windows he can use PuttyGen. This page explains the process in detail. On a Linux/Unix/OS X machine he should use the ssh-keygen command.. ssh-keygen -b 2048 -t rsa -f ~/newuser_id When executing this command you will prompted to enter a passphrase to protect the private key. This command will generate two files: newuser_id: This is the private key. It is personal and your customer should not share it with anyone else. He will use it to access your machine. newuser_id.pub: This is the public key. It is the file that your customer will share with you so you can give him access to your machine. Copy this file newuser_id.pub to your server. Now you have two options: you can create a separate account for him (RECOMMENDED) or just allow him to log into the server using the 'bitnami' account Create a separate account First you need to connect to your machine as "bitnami" user via SSH. More info how to do so at this wiki page. Once you are logged in, to create a new user that will share the same user privileges as "bitnami", you could use the command below: sudo useradd -s /bin/bash -o -u `id -u` -g `id -g` new_username

That will create an alias user for "bitnami". That means it will be able to write into directories such as htdocs or use sudo. Now you can configure ssh access for that user. To do that, you can simply copy the bitnami.ssh folder to the new user home directory: sudo mkdir ~new_username/ sudo cp -rp ~bitnami/.ssh ~new_username/ sudo cp -rp ~bitnami/.bashrc ~new_username/ sudo cp -rp ~bitnami/.profile ~new_username/ Now you should add the content of the newuser_id.pub file in the /home/new_username/.ssh/authorized_keys file. cat ~/newuser_id.pub >> /home/new_username/.ssh/authorized_keys If you want another person to access your machine using this same account you just need to repeat this last step to add his public key in the authorized_keys file. If you want that you user is able to run commands as root user, it is necessary to add your new user to the "bitnami-admins" group. Run the following command as "bitnami" user in your machine: sudo usermod -G bitnami-admins new_username Deleting the additional user account The account created following the instructions above shares the same ID that the bitnami user account. If you want to delete this account you need to execute the following command: sudo userdel new_username -f You can confirm that the account has been successfully removed by executing: id new_username Use the 'bitnami' account Backup your old authorized_keys: cp /home/bitnami/.ssh/authorized_keys /home/bitnami/.ssh/authorized_keys.

Add your customer public key to authorized_keys (PLEASE BE EXTREMELY CAREFUL to avoid losing ssh access at all) cat ~/newuser_id.pub >> /home/bitnami/.ssh/authorized_keys Now you both are able to access the machine as "bitnami". You can revert the changes by removing the last line from the /home/ bitnami/.ssh/authorized_keys file or by restoring the old authorized_keys file: cp /home/bitnami/.ssh/authorized_keys.bak /home/bitnami/.ssh/authorized_k

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information