HOW TO SECURE A WIRELESS INTERNET CONNECTION?

Download this guide as PDF.

TESTED WITH REDHAT LINUX

You have probably heard about Telnet used to reach the command line of a remote computer. The biggest problem with Telnet was (and is) security. Since no encryption is used to transfer data between the remote computer and yours, anybody can see sensitive data by wire tapping your communication line. More than that, the data being transferred can be changed by a third-party.

Secure Shell (SSH) does not have such a big weakness if configured appropriately. What do I mean by “if configured appropriately”? Well, the systems used to encrypt and decrypt data are called cryptosystems and there are different categories. I will explain you the configuration needed for RSA cryptosystem which is a very secure one. I will not explain you the mathematics but the real deal.

I will assume that Linux is used for the server-side.

For client-side, I will explain steps for both Windows and Linux.

Server-Side SSH Configuration on Linux

RSA, as I said before, is a cryptosystem working with two keys: public key and private key. The public key is made public and anyone can see it. The private key, on the other hand, should be secret.

Let’s turn back to our server configuration. We will first create the public and private key. First, login as a regular user (not root). To create your keys, type

ssh-keygen –t rsa

Select default directory for public/private keys by pressing ENTER. Then you will be asked to enter a passphrase to protect your private key. If your private key is stolen, it cannot be used unless your passphrase is known.

The keys are stored under .ssh directory by default.

Now, log in as the root user. The main configuration file for SSH daemon in Linux is the sshd_config file located under /etc/ssh directory.

Open sshd_config file with your favorite editor and change the following settings:

PermitRootLogin no

AuthorizedKeysFile .ssh/id_rsa.pub

PasswordAuthentication no

These settings force people to use RSA, disallows root login and defines the name of the public key file that we created before.

Save the file and restart SSH daemon with:

service sshd restart

You are done with the server-side configuration. So simple!

Client-Side SSH Configuration on Linux

On the server machine, you should keep your public key file which is /home/gcagrici/.ssh/id_rsa.pub in our example from our previous steps. Moreover, you should copy your private key file to every client machine from which you plan to connect to the remote server and then delete it from the server machine since you will not need the private key on the server machine.

Since we finished configuring the server machine (test1 in our example), we can move the private key file on that machine to our client machine (test2 in our example) by USB memory or any other way you like. You should end up having the private key file (id_rsa) under the .ssh directory of your local home on the client machine. Do not forget that this file must be readable only by you and no one else.

Now, you are ready to connect! Type the following command:

ssh –i <private_key_file> user@remote_host

In our example, it would be

ssh –i /home/remote/.ssh/id_rsa user@remote_host

or if you are under your home (which is /home/remote in our example):

ssh –i .ssh/id_rsa user@remote_host

You will be asked the passphrase of your private key that you entered while generating the public/private key pair and that is it!

Client-Side SSH Configuration on Windows

We will use a free and popular tool to connect to our server from a Windows PC via SSH: Putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html). You need to download three EXE files from the home page of Putty: PuTTYPageant, and PuTTYGEN.

To use our private key generated on the server with Putty, we need to convert it into Putty-specific format. But first, copy your private key file (id_rsa) to your Windows PC. Then execute puttygen.exe by double-clicking on it.

Click the Conversions menu and select Import Key.

Select your private key file (id_rsa) and enter the passphrase you defined before.

On the next view, click on the Save private key button and save your Putty-imported private key. You will use that key to connect to your remote server via Putty.

Execute pageant.exe file now. Pageant is used to keep your passphrase in memory so that you are not asked your passphrase each time you connect to the same remote server.

Pageant will insert an icon on your taskbar. Right-click on that icon and select Add Key. Choose the Putty-imported private key file from the previous step. Enter your passphrase.

Now, execute putty.exe. You will use it to connect to the remote machine. Select SSH as the Connection Type and enter the hostname or IP address of the remote server. Click Open and voila!

Enter the login name at the remote server. You have now accomplished a secure connection to the remote server.

If you have any questions, please feel free to ask via the Questions button in the upper right part of our site.

COMMENTS

Please  first to post comments.

Register for FREE