KEMBAR78
Protecting The Digital World: Networ K Securit y | PDF | Secure Shell | Public Key Cryptography
Scribd
Upload
13 views11 pages

Protecting The Digital World: Networ K Securit y

The document provides an overview of remote access and SSH (Secure Shell) for managing servers and files securely. It explains SSH key management, including the use of private and public keys for authentication, and introduces certificate-based authentication for easier management in environments with multiple users. The document outlines the steps for both SSH key authentication and certificate authentication, highlighting their benefits and setup processes.

Uploaded by

babuamuri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
13 views11 pages

Protecting The Digital World: Networ K Securit y

The document provides an overview of remote access and SSH (Secure Shell) for managing servers and files securely. It explains SSH key management, including the use of private and public keys for authentication, and introduces certificate-based authentication for easier management in environments with multiple users. The document outlines the steps for both SSH key authentication and certificate authentication, highlighting their benefits and setup processes.

Uploaded by

babuamuri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 11

BITAM Page 01

Protecting the Digital World

Networ
k
Securit
info@focusinzanzibar.co.tz - www.coderx.rf.gd
BITAM Page 02

What is
Remote
Access?
• CONTROL A COMPUTER OR SERVER FROM ANOTHER
LO C AT I O N
• USEFUL FOR MANAGING SERVERS, FILES, OR
W E B S I T E S R E M O T E LY
• C O M M O N I N I T S U P P O RT, S Y S T E M A D M I N I S T R AT I O N ,
A N D C LO U D C O M P U T I N G

NETWORK
BITAM Page 03

What is SSH?
(Secure Shell)
• SSH stands for Secure Shell
• Safely connects to remote machines over a
network
• Uses encryption to protect communication
• Command example:
• ssh user@server_ip
BITAM Page 04

SSH Key
Management
• Uses a key pair for secure login
• 🔐 Private Key: stays on your computer
• 🔓 Public Key: copied to the server
• More secure than using passwords
• Avoids password-based attacks
BITAM Page 05

Steps for SSH Key


Authentication
• Generate key pair:
ssh-keygen -t rsa -b 4096
• Copy public key to server:
ssh-copy-id user@server_ip
• Login securely:
ssh user@server_ip
• (No password needed)
BITAM Page 08

What is
Certificate-
Based
Authentication?
• Designed for environments with many users
and servers
• Uses a Certificate Authority (CA) to sign
users’ public keys
• The server trusts the CA instead of each
individual key
• Easier to manage and revoke access
BITAM Page 07

• Admin creates CA key pair:


ssh-keygen -f ca_key
• Server trusts CA’s public key:
Edit /etc/ssh/sshd_config:
• TrustedUserCAKeys /etc/ssh/ca_key.pub
Restart SSH service
• User generates own key:

How Certificate ssh-keygen -f user_key


• Admin signs user key (certificate):
Authentication ssh-keygen -s ca_key -I username -n

Works user -V +52w user_key.pub


• User connects using certificate:
ssh -i user_key
username@server_ip
BITAM Page 09

• Centralized control via CA


• Easy to revoke access (no need to
touch server)
• Perfect for teams and large
infrastructures
• Certificates can expire (e.g., 1
week access)

Benefits of
Certificate
Authentication
Normal SSH Key Authentication (Without
Certificate)
Public Key
USER PC --------------------> SERVER
(Private Key) (Authorized
Keys)

Step 1: User generates key pair (ssh-keygen)


Step 2: Public key is copied to server
(~/.ssh/authorized_keys)
Step 3: User logs in using the private key
SSH Certificate Authentication with
CA

ADMIN CA (Signs public USER PC ssh SERVE


key) login R
ca_key user_key Trusted CA
(priv) +
certificat ca_key.pu
e b

Steps:
1. Admin creates CA key
2. Server is told to trust CA
3. User generates key
4. Admin signs it
5. User logs in using the signed
certificate
Sample Server Setup for SSH Certificate
Authentication
Step 1: Admin creates CA key
This creates:
ca_key → Private CA key (keep secret!)
pair
ssh-keygen -f ca_key.pub → Public CA key (shared with
~/ca_key servers)
Step 2: Configure server to trust On the server, edit SSH configuration
the CAsudo nano file:
Add
/etc/ssh/sshd_config :
TrustedUserCAKeys
/etc/ssh/ca_key.pub
Then copy the public CA key to that
location:
sudo cp ~/ca_key.pub
/etc/ssh/ca_key.pub
sudo systemctl restart sshd
Step 3: User generates a normal
key
ssh-keygen -f
~/user_key
Step 4: Admin signs the user's public This creates a certificate
key file:
ssh-keygen -s ~/ca_key -I username -n user_key-cert.pub
username -V +52w
Step 5: User logs in with ~/user_key.pub
SSH automatically finds the
certificatessh -i ~/user_key
certificate file with -cert.pub
username@server_ip suffix.

You might also like