Il protocollo SSH offre un ottimo livello di sicurezza, ma quando viene esposto ad accesso da Internet diventa rapidamente oggetto di frquenti tentativi di accesso non autorizzati.
Utilizzare certificati basati su chiave pubblica e privata è senz’altro una buona misura di sicurezza che è opportuno considerare.
la crittografia asimmetrica, o più semplicemente la crittografia basata su chiave pubblica e privata è alla base dei moderni sistemi di crittografia ed è opportuno conoscerne almeno i principi di funzionamento. A tale scopo può essere utile la definizione disponibile su Wikipedia: Crittografia asimmetrica. Sostanzialmente dalla chiave privata può essere derivata la chiave pubblica, ma non viceversa e un contenuto crittografato con chiave privata può essere portato in chiaro tramite la chiave pubblica così come un contenuto crittografato tramite chiave pubblica può essere portato in chiaro tramite la chiave privata. Se pubblico un contenuto crittografato tramite chiave privata, tutti coloro che sono in possesso della chiave pubblica saranno in grado di riportare in chiaro la mia pubblicazione avendo inoltre la certezza che sia stato davvero io a fare la pubblicazione, inquanto solo io sono in possesso della chiave privata. D’altra parte, se pubblico un contenuto crittografato tramite la chiave pubblica di un’altra persona, solo lei sarà in grado di riportare in chiaro la mia pubblicazione, indipendentemente dal numero delle persone che la riceveranno. Sono possibili anche combinazioni complesse dei metodi di crittografia citati, ma quelli elencati sono e restano fondamentali.
Tecnologicamente il funzionamento di questo tipo di crittografia è particolarmente robusto, a patto che il proprietaro custodisca in maniera adeguata il suo certificato (contenente la chiave privata e la possibilità di derivare la chiave pubblica). Se anche solo un’altra persona entrasse in possesso della chiave privata tutto il meccanismo sarebbe compromesso e non offrirebbe più acuna garanzia.
Vediamo ora come utilizzare questo meccanismo per autenticarci in maniera sicura usando ssh.
La prima operazione da effettuare è la generazione della coppia di chiavi pubblica e privata che saranno successivamente utilizzate. Il collegamento avviene da un client verso un server. La chiave privata va custodita sul client ed è quindi naturale che venga generata proprio sul client. Il comando da impartire per la generazione delle chiavi è: ssh-keygen -t (tipo di codifica) -b (lunghezza della chiave) -C (un commento che ci aiuti ad identificare il prorietario del certificato) verranno usati user-id e nome del client che useremo per il collegamento.
ssh-keygen -t rsa -b 2048 -C <user-id>@<client-name>
Poiché non lo abbiamo dichiarato, il comando ci chiede in maniera interattiva la conferma del percorso da utilizzare per l’archiviazione delle chiavi. Di default propone la cartella .ssh sotto la home dell’utente che genera la chiave. Se ci sono ragioni particolari è possibile modificare il percorso di default. Eseguito il comando avremo archiviato i due certificati identificati come id_rsa (privata) e id_rsa.pub (pubblica). Come già detto in precedenza, la chiave privata deve essere conservata gelosamente, mentre perché il meccanismo funzioni, la chiave pubblica va consegnata e installata opportunamente nel server che vogliamo che ci riconosca: l’installazione della chiave pubblica avviene aggiungendola alla lista contenuta nel file authorized_keys nella cartella .ssh sotto la home dello user, nel server con cui ci vogliamo collegare. E’ possibile usare un normale editor di testi, ma è preferibile usare un apposito script preposto a questo scopo:
ssh-copy-id -i ~/.ssh/id_rsa user@host
Verranno chieste, dal server remoto (host), le credenziali di accesso e successivamente la chiave pubblica sarà installata, rendendo automatico, d’ora in poi, il riconoscimento dell’utente.
Suggerimenti:
1) vale la pena verificare che i permessi dei file id_rsa e id rsa.pub siano settati rispettivamente a -rw——- e -rw-r–r–
un settaggio più permissivo non consentirà un corretto funzionamento.
2) E’ possibile che il server che si vuole connettere non accetti accessi basati su credenziali (usr/pwd). In tal caso, da una connessione abilitata si potrà intervenire sul file di configurazione /etc/ssh/sshd_config andando ad agire sulla direttiva:
PasswordAuthentication
E’ anche possibile che il client dal quale ci si vuole connettere non consenta accessi basati su credenziali (usr/pwd). In tal caso si può intervenire sul file /etc/ssh/ssh_config andando ad agire sulla stessa direttiva indicata precedentemente.
Se l’argomento vi ha, per qualche motivo, interessato particolarmente, forse vorrete proseguire con la lettura anche di questo articolo: Disabilitare accesso SSH con credenziali
I am sure this post has touched all the internet viewers, its really really good article
on building up new blog. I wanted to thank you for this
great read!! I definitely enjoyed every bit of it.
I have got you saved as a favorite to check out new stuff you I’ll right away seize your rss feed as I can not find your email subscription hyperlink or
newsletter service. Do you’ve any? Please let me know so that I may subscribe.
Thanks.
Wow, this paragraph is nice, my sister is analyzing these things, therefore I
am going to convey her. I have been browsing online more than 3 hours today,
yet I never found any interesting article like yours.
It’s pretty worth enough for me. In my opinion, if
all site owners and bloggers made good content as you did, the net will be much more useful than ever before.
I am sure this paragraph has touched all the internet people, its really really pleasant paragraph on building up new website.
Really nice layout and fantastic subject material, nothing
else we need :D.
What’s Happening i’m new to this, I stumbled upon this I have discovered
It absolutely helpful and it has helped me out loads.
I hope to give a contribution & help different customers like its helped me.
Good job.
I’ve been browsing online more than 4 hours today, yet I never found
any interesting article like yours. It is pretty worth enough for me.
In my opinion, if all site owners and bloggers made good content as you did, the
internet will be a lot more useful than ever before.
I do not even know how I ended up here, but I thought this post was
good. I don’t know who you are but certainly you are going to a famous
blogger if you are not already 😉 Cheers!
Hello just wanted to give you a quick heads up.
The text in your post seem to be running off the screen in Internet
explorer. I’m not sure if this is a formatting issue or something to
do with browser compatibility but I figured I’d post to let you know.
The layout look great though! Hope you get the
problem resolved soon. Kudos
Thanks very much for your feedback.
Tested with IE 11.253, seems OK.
Remarkable! Its genuinely awesome article, I have got much clear idea regarding from this piece of writing.
login sbobet
You have made some decent points there. I looked on the internet for additional
information about the issue and found most individuals
will go along with your views on this site. sbobet wap
I couldn’t resist commenting. Well written! agen poker
It’s in point of fact a great and useful piece of info.
I’m glad that you shared this helpful info with us.
Please keep us up to date like this. Thank you for sharing.
I have to thank you ffor the efforts you have put in writing this
website. I am hoping to view the same high-grade blog posts by
you later on as well. In truth, your creative writing abilities has motivated me to get my very own website now 😉
Proud for writing effect had on you.
ƅoоkmarкed!!, I love your blog!
It’s neaгⅼy imρossible to find educated people about this subject, but you
sound likе you know ѡhat you’гe talking
about! Thanks
I enjoyed your comment, thanks.
Oh my goodness! Awesome article dude! Thanks, However I am experiencing issues with your
RSS. I don?t understand the reason why I am unable to subscribe to it.
Is there anyone else having similar RSS issues? Anyone that knows the answer will
you kindly respond? Thanks!!
Everyone loves it whenever people come together and share views.
Great blog, stick with it!
Quality articles or reviews is the important to be a focus for the viewers to visit the website, that’s what this site is providing.
Fabulous, what a blog it is! This web site gives valuable data to us, keep it up.
Keep on writing, great job!
This design is wicked! You most certainly
know how to keep a reader entertained. Between your wit and your
videos, I was almost moved to start my own blog (well, almost…HaHa!) Great job.
I really loved what you had to say, and more than that, how you presented it.
Too cool!
I have read so many posts concerning the blogger lovers but this article is in fact a nice paragraph, keep it up.
I visit every day a few web sites and information sites to read
articles, but this website gives quality based content.
I like the helpful info you provide in your articles.
I will bookmark your weblog and check again here regularly.
I’m quite certain I’ll learn a lot of new stuff right here!
Good luck for the next!
Hi, Neat post. There’s an issue with your site in internet
explorer, might test this? IE nonetheless is the market
chief and a huge portion of other folks will omit your magnificent writing due to this problem.
I truly love your site.. Excellent colors & theme.
Did you create this website yourself? Please reply back as I’m trying
to create my own personal blog and want to learn where you got this from or
exactly what the theme is named. Many thanks!
Excellent, what a webpage it is! This webpage gives helpful facts to us,
keep it up.
An impressive share! I have just forwarded
this onto a friend who was doing a little
homework on this. And he in fact ordered me breakfast because
I stumbled upon it for him… lol. So allow me to reword this….
Thank YOU for the meal!! But yeah, thanx for spending the time
to discuss this matter here on your web page.
I got this web page from my friend who informed me regarding this website and at the moment this time I am
browsing this web page and reading very informative posts
here.
You are going to pay for a breakfast, I guess.
I’m speaking about post before yours.
I have visited your website many times, and found it to be very informative
There is perceptibly a bunch to identify about this.
I assume you made some good points in features also.
Attractive element of content. I just stumbled upon your website and in accession capital to
assert that I get actually enjoyed account your weblog posts.
Anyway I’ll be subscribing on your augment or even I fulfillment you get right of entry to
consistently quickly.
What’s Going down i am new to this, I stumbled upon this I’ve discovered It absolutely useful and it has aided
me out loads. I hope to give a contribution & aid different customers like its helped me.
Great job.
wonderful put up, very informative. I wonder why the other experts of this sector don’t notice this.
You must proceed your writing. I’m sure, you have a great readers’ base already!
Awesome article.
Hello, everything is going nicely here and ofcourse every one is sharing data, that’s genuinely good,
keep up writing.
There’s definately a great deal to know about this issue.
I like all of the points you have made.
This article provides clear idea in favor of the new users of
blogging, that truly how to do blogging.
Its like you read my mind! You seem to know so much about this,
like you wrote the book in it or something.
I think that you could do with a few pics to drive the message home a bit,
but other than that, this is magnificent blog. A fantastic
read. I’ll definitely be back.
Hello Dear, are you actually visiting this web site daily, if so
afterward you will without doubt take pleasant know-how.
Heya i’m for the first time here. I came across
this board and I find It truly useful & it helped
me out a lot. I hope to give something back
and aid others like you aided me.
Excellent blog here! Also your site lots up very fast!
What web host are you the use of? Can I am getting your associate hyperlink in your host?
I want my website loaded up as quickly as yours lol
Not the first time I get such a comment like yours: not a public solution I can sudgest to you.
Hi there to all, the contents existing at this web page are really remarkable for people experience,
well, keep up the nice work fellows.
Ei ! Você sabe se eles fazem qualquer plugins para proteger contra hackers?
Eu tenho umas paranoias sobre perder tudo que trabalhei duro.
Qualquer dicas?
hi!,I love your writing so much! percentage we communicate extra
about your post on AOL? I need an expert in this area to unravel my problem.
Maybe that’s you! Taking a look ahead to see you.
Very interesting details you have observed, appreciate it for putting up.
An interesting discussion is worth comment.
I believe that you ought to publish more on this subject matter, it might not be a taboo subject but generally
people don’t discuss these subjects. To the
next! Many thanks!!
Ridiculous quest there. What occurred after? Thanks!
Excellent news it is definitely. My teacher has been waiting for this content.
It’s great that you are getting ideas from this piece of writing as well as
from our argument made here.
I’m so happy to read this. This is the kind of manual that needs
to be given and not the accidental misinformation that’s at the
other blogs. Appreciate your sharing this greatest doc.
whoah this weblog is wonderful i really like studying your posts.
Keep up the good work! You know, many people are hunting around for this info, you could help them greatly.
appreciate it a lot this website is definitely formal and laid-back
If some one needs expert view regarding blogging then i advise him/her to go
to see this web site, Keep up the good job.
I?m impressed, I have to admit. Rarely do I encounter a blog
that?s both educative and interesting, and let me tell you,
you’ve hit the nail on the head. The issue is something that too
few people are speaking intelligently about. I’m very happy
I found this in my hunt for something relating to this.
A fascinating discussion is definitely worth comment.
There’s no doubt that that you should publish more about this subject, it might not be a taboo subject but typically people do not talk about
these topics. To the next! Best wishes!!
thank you for this tremendous post, I am glad I found this internet site on yahoo.
Hi to every one, for the reason that I am genuinely eager
of reading this weblog’s post to be updated daily.
It contains nice data.
I believe other website proprietors should take this site as an model, very clean and
superb user pleasant design and style.
I am really impressed with your writing skills as well as with
the layout on your blog. Is this a paid theme or did you
customize it yourself? Anyway keep up the excellent quality writing, it’s rare to see
a great blog like this one today.
This is a very good tip especially to those new to the blogosphere.
Short but very precise info? Many thanks for sharing this one.
A must read post!
I think the admin of this web page is really working hard
in support of his web page, for the reason that here every material is
quality based information.
Howdy would you mind letting me know which webhost you’re working
with? I’ve loaded your blog in 3 completely different internet browsers and
I must say this blog loads a lot faster then most. Can you recommend
a good hosting provider at a honest price? Many thanks, I appreciate it!
Sorry, this is not a public solution I can sudgest to you.
I truly love your website.. Very nice colors & theme. Did you make this website yourself?
Please reply back as I’m hoping to create my own blog and would like to find out where you got this
from or exactly what the theme is named. Thank you!
Excellent web site you have here.. It’s difficult to find high quality writing like yours these
days. I truly appreciate individuals like you!
Take care!!
I conceive this website has some really
excellent info for everyone :D.
You got a very fantastic website, Gladiola I noticed it
through yahoo.
Real clear web site, regards for this post.
Some times its a pain in the ass to read what
blog owners wrote but this web site is real user genial!
Nice weblog right here! Also your website a lot up fast!
What web host are you the use of? Can I am getting your affiliate
hyperlink for your host? I wish my site loaded up as fast as yours lol.
It’s a private solution, no public choise to sudgest.
Exactly what I was searching for, appreciate it for
putting up.
I love it when people get together and share opinions.
Great site, continue the good work!
I simply could not go away your web site prior to
suggesting that I actually loved the usual information a person provide on your guests?
Is going to be again incessantly to check up on new
posts.
Great job over again! I am looking forward for more updates=)
Just what I was looking for, thanks for posting.
you are truly a good webmaster. The site loading velocity is incredible.
It kind of feels that you’re doing any unique trick. Also,
The contents are masterpiece. you’ve done a magnificent process on this matter!
I was reading some of your blog posts on this website and I believe this website is
rattling informative! Keep on putting up.
This site was… how do you say it? Relevant!! Finally I have
found something that helped me. Thanks!
Thanks for finally writing about >SSH con autenticazione basata su certificato.
– WeBlog live notes <Liked it!
Everything is very open with a precise clarification of the challenges.
It was truly informative. Your site is very helpful.
Many thanks for sharing!
Fantastic site. Plenty of helpful info here. I’m sending it to some friends ans additionally sharing in delicious.
And certainly, thanks to your sweat!
Wow, wonderful blog format! How long have you been running
a blog for? you make running a blog look easy.
The overall glance of your website is magnificent, as smartly as the content!
I would like to thank you for the efforts you’ve put in penning this site.
I’m hoping to check out the same high-grade content by you later on as well.
In truth, your creative writing abilities has inspired me to get my very own website now 😉
Hey There. I found your blog using msn. This is a
very well written article. I will be sure to bookmark it and return to read more
of your useful info. Thanks for the post. I’ll
certainly comeback.
I as well conceive hence, perfectly written post!
Right here is the right website for everyone who would
like to understand this topic. You know so much its almost tough to argue
with you (not that I actually will need to?HaHa).
You definitely put a brand new spin on a topic
which has been discussed for years. Excellent stuff, just great!
It?s nearly impossible to find knowledgeable people in this particular topic, but you seem like you know
what you?re talking about! Thanks
I really pleased to find this web site on bing, just what I was searching for 😀 likewise saved to bookmarks.
Hi! I just wanted to ask if you ever have any problems with hackers?
My last blog (wordpress) was hacked and I ended up losing months of hard
work due to no back up. Do you have any solutions
to prevent hackers?
Never experienced hackers attack. Reffering to WordPress, I guess the more plug-in you install, the more exposed you will be.
Then install only really needed once.
I just like the helpful info you provide in your articles.
I’ll bookmark your weblog and take a look at again here regularly.
I am rather certain I’ll be told many new stuff proper here!
Best of luck for the following!
Normally I don’t learn article on blogs, but I would like to say that this write-up very
pressured me to check out and do it! Your writing taste has been surprised me.
Thank you, very nice article.
Heya i’m for the first time here. I came across this board and I in finding It really useful
& it helped me out a lot. I hope to present one thing again and aid others
like you helped me.
I don’t even know how I ended up here, but I thought
this post was good. I do not know who you are but definitely you’re going to a famous blogger if you are not already
😉 Cheers!
I like this post, enjoyed this one thanks for posting.
Some genuinely interesting points you have written.Assisted me a
lot, just what I was looking for :D.
We’re a gaggle of volunteers and opening a new scheme in our community.
Your site offered us with useful info to paintings on. You’ve performed a formidable task
and our entire neighborhood will probably be
thankful to you.
Loving the info on this website, you have done outstanding job on the blog
posts.