This time I will go over setting up SSH client in Linux, setting up key pairs and how to implement keys for authentication in Linux. Setting up tunneling in Linux is as easy as typing in:
ssh -D 8080[:127.0.0.1] [email protected][:port]
example: ssh -D 8080 [email protected]:443
In the above example my server is listening for SSH requests on port 443 instead of the default port 22. Once you run the command you should be prompted for a password. Configure your browser to use port 8080 for SOCKS v5 proxy and voilà. Now typing in a password every time to start a SSH session can get frustrating quite easily & also not the most secure solution since it makes you vulnerable to key loggers and MITM with spoofed DNS and fake ssh servers if you are not paying attention to the key fingerprint. A much more secure way of authentication is to use key pairs and authenticate based on public & private keys with no need for passwords. Before I get into setting up key pairs. DISCLAIMER: I cannot stress enough the importance of keeping your private key secure and encrypted with a pass phrase. The first part of this tutorial goes over configuring the SSH server so that it allows Key based authentication:
On your Linux client issue the following command to generate a key pair:
[ichintu ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ichintu/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): **********
Enter same passphrase again: **********
Your identification has been saved in /home/ichintu/.ssh/id_rsa.
Your public key has been saved in /home/ichintu/.ssh/id_rsa.pub.
There will be 2 files created in ~/.ssh/ the file ending in .pub is your public key and the other file is your private key.Please note that the pass phrase above is not your ssh server password but the password used to encrypt your private key. The client has the private key and the public key needs to be transferred over to the .ssh/authorized_keys file inside the ssh user’s home directory on the ssh server. use “ssh-copy-id” to do this, run the command below from your Linux client.
ssh-copy-id -i ~/.ssh/id_rsa.pub ssh.server.com
This will prompt for your ssh server credentials and once you type that in your public key will be appended to the authorized_keys file and the proper permissions will be set for the file. Once its done try ssh [email protected] you should get authenticated without having to type your password. If you used a pass phrase for the private key then you will have to type it in once since it will stay in the system key chain. This is a good link for SSH/OpenSSH/Keys (Link).