Since the user is restricted to a command in the authorizedkeys file, he must not execute any other command or set up a terminal session via SSH. Restrict to single command in authorizedkeys. The file //.ssh/authorizedkeys contains the public key of the user who is allowed to connect (sa public-key authentication ). The ssh-copy-id program is the standard way but the key can be appended manually to the /.ssh/authorizedkeys file: cat /.ssh/idrsa.pub ssh username@host 'mkdir /.ssh; cat /.ssh/authorizedkeys' This does not check if the key already exists and can lead to duplicates.
Table of Contents
- SSH access to your cloud hosting
Online.net cloud hostings allow now to connect to your account using SSH.
It allows you to synchronize your code with Git or to execute scripts for example.
SSH access is provided using a dedicated container, with your data available in the directory /ftp.
The container will be destroyed once you have disconnected. It will not be possible, to add - for example - CRON jobs using the SSH access.
Following you find the list of packets installed in the container:
Don't hesitate to contact the technical assistance, if you need a specific package.
Authorize a SSH key
To authorize a SSH key to access your cloud hosting, you have to add the key to your account as first step.
Then go to the administration of your hosting:
Click on Manage SSH keys in the menu on the left:
You can now see the available SSH keys in your account.
To authorize a key, click on Authorize this key:
Connection
Once you have authorized your SSH key, you can connect to your account with the following command: ssh HOSTINGID@ssh.cloud.online.net.
You have to replace HOSTINGID with the ID of your hosting.
Once you have connected, you will find yourself in the directory /ftp, where all your sites are stored!
Revoke a key
If you don't want a certain key to be able to access your hosting anymore, you have to revoke it.
To do this, you have to access the SSH key management section in your console, like if you want to allow another key.
Once you can see the list of keys, you have to click on Remove this key.
Authorized Key Ssh Login
Contents
Introduction
This document explains how to use the Key generator for PuTTY (PuTTYgen) to generate Secure Shell (SSH) authorized keys and RSA authentication for use on Cisco Secure Intrusion Detection System (IDS). The primary issue when you establish SSH authorized keys is that only the older RSA1 key format is acceptable. This means that you need to tell your key generator to create an RSA1 key, and you must restrict the SSH client to use the SSH1 protocol.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on these software and hardware versions:
Recent PuTTY - February 7, 2004
Cisco Secure IDS
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
Refer to the Cisco Technical Tips Conventions for more information on document conventions.
Windows Ssh Authorized Keys
Configure
This section presents you with the information to configure the features this document describes.
Note: Use the Command Lookup Tool (registered customers only) to find additional information on the commands this document uses.
Configure PuTTYgen
Complete these steps to configure PuTTYgen.
Launch PuTTYgen.
Click the SSH1 key type and set the number of bits in the generated key to 2048 in the Parameters group at the bottom of the dialog box.
Click Generate and follow the instructions.
The key information is displayed in the upper section of the dialog box.
Clear the Key Comment edit box.
Select all the text in Public key for pasting into authorized_keys file and press Ctrl-C.
Type a passphrase in the Key passphrase and Confirm passphrase edit boxes.
Click Save private key.
Save the PuTTY private key file into a directory private to your Windows login (in the Documents and Settings/(userid)/My Documents subtree in Windows 2000/XP).
Launch PuTTY.
Create a new PuTTY session as seen here:
Session:
IP Address: IP address of the IDS sensor
Protocol: SSH
Port: 22
Connection:
Auto-login username: cisco (can also be the login you use on the Sensor)
Connection/SSH:
Preferred SSH version: 1 only
Connection/SSH/Auth:
Private key file for authentication: Browse to the .PPK file stored in step 8.
Session: (back to the top)
Saved sessions: (enter the sensor name, click Save)
Click Open and use password authentication to connect to the Sensor CLI, since the public key is not on the Sensor yet.
Enter the configure terminal CLI command and press Enter.
Enter the ssh authorized-key mykey CLI command, but do not press Enter at this time. Make sure and type a space at the end.
Right-click in the PuTTY terminal window.
The clipboard material copied in step 5 is typed into the CLI.
Press Enter.
Enter the exit command and press Enter.
Confirm the authorized key is entered properly. Enter the show ssh authorized-keys mykey command and press Enter.
Enter the exit command to quit the IDS CLI and press Enter.
Verify
RSA Authentication
Complete these steps.
Launch PuTTY.
Locate the Saved Session created in step 10 and double-click on it. A PuTTY terminal window opens and this text appears:
Type the private key passphrase you created in step 6 and press Enter.
You are automatically logged in.
Troubleshoot
There is currently no specific troubleshooting information available for this configuration.
Ssh Authorized Keys File Permissions
Related Information