Tuesday, September 27, 2005

Using pub/priv key w/ Modwest

I was never able to get the instructions from http://www.modwest.com/help/kb20-90.html to work. Here is the method I used to get things going...
NOTE: If you move to a new machine, and your old keys do not work, then simply follow the instructions below. Name of the public key file does not matter, since the CONTENTS of the file are the things that have to be added to the auth_keys files. Just make sure you don't overwrite the orginal contents of auth_keys, so you do not disturb existing users.

- download all putty tools from http://the.earth.li/~sgtatham/putty/latest/x86/putty.zip
- Unzip the contents into C:\bin (creating the folder if necessary)
- Create a C:\home folder
- Create a C:\home\.ssh folder. NOTE: You need to drop into the DOS command shell to create a folder starting with a period. (C:\> md C:\home\.ssh)
- Create a system enviornment variable HOME set to C:\home
- add C:\bin to you PATH system enviornment variable
- Launch C:\bin\PUTTYGEN.EXE
- Create a SSH2 DSA key, 1023 bits
- Do NOT add a passphrase
- Save the private key to C:\home\.ssh, giving it the name of the user account on the server where you're connecting (e.g. C:\home\.ssh\ctello2.ppk)
- Save the public key to C:\home\Public Keys\ctello2.pub
- Open C:\home\Public Keys\ctello2.pub, and modify it as follows...
* Remove the first two lines and the last line - leave only raw "goblygook" data
* Remove all the line feeds
* Add "ssh-dss " (Without quotes - NOTICE THE SPACE!!!) BEFORE the "goblygook" data
* Add " dsa-key-20050627" (Without quotes - NOTICE THE SPACE!!! - adjust the date) AFTER the "goblygook" data
- Now login to the remote system here and make sure in your home directory there is a subdirectory named: /.ssh (include the period '.' before the 'ssh'). You may need to create this directory. To see the file, you will need to type: ls -al
The .ssh directory should be chmod 700, which looks like this in the first column of a detailed file listing: -rwx------
If those are not the permissions on the .ssh dir, then set them by typing: chmod 700 .ssh
- If there are "/.ssh/authorized_keys" and "/.ssh/authorized_keys2" files, then just copy the contents of your "C:\home\Public Keys\ctello2.pub" file to BOTH "/.ssh/authorized_keys" and "/.ssh/authorized_keys2".
- If the files do not exist, copy your "authorized_keys" file 2x to the server, naming one "/.ssh/authorized_keys2" and the other "/.ssh/authorized_keys". Once the files are uploaded to the remote system, chmod 600 the two files (e.g. chmod 600 /.ssh/authorized_keys), which looks like this in the first column of a detailed file listing: -rw-------
- Run Putty
- Create a new connection with IP "shell.modwest.com", port 22, SSH
- Run C:\bin\PAGEANT.EXE - it will show up as an icon in the system tray
- Right click on the icon and select "add key"
- Select your private key (e.g. C:\home\.ssh\ctello2.ppk)
- Connect to the server - you should NOT be asked for the password
- Try using CVS - you should NOT be asked for a password