Menggunakan Public Key untuk Login ke Server via SSH (Debian Lenny)
20 October 2009 
HUfh, baru selesai install server virtual. Aplikasi yang gak dipake udah di disable dengan sysv-rc-conf. Sekarang ingin install openssh-server nih, tapi gak mau yang pake login biasa, alasan pertama karena pegel harus ngetik password terus :p, selain itu supaya yang tidak berkepentingan nggak bisa login, walaupun tau passwd yang gw gunakan.
Langkah awal yang kita lakukan adalah mengecek konfigurasi sshd di servernya dulu (/etc/ssh/sshd_config), agar bisa login dengan PubKey (By default sih udah bisa/aktif)
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
Nah, saatnya kita buat gembok (public Key) dan Kuncinya (Private Key). Lakukan ini di PC user.
ts@ts04-desktop:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ts/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ts/.ssh/id_rsa. > Private Key
Your public key has been saved in /home/ts/.ssh/id_rsa.pub. > Public Key
The key fingerprint is:
68:a0:13:8d:f4:f4:22:4d:c0:b5:c7:99:82:67:c0:2c ts@ts04-desktop
The key’s randomart image is:
+–[ RSA 2048]—-+
| ++o+ |
|E.+X + o |
| .= @ * |
| * = . |
| o o S |
| . . |
| |
| |
| |
+—————–+
Copy public key yang telah mateng ke server.
ts@ts04-desktop:~$ scp /home/ts/.ssh/id_rsa.pub rahman@202.47.75.253:/home/rahman
Wookeh, selanjutnya kita masuk ke servernya.
rahman@debDev:~$ ls /home/rahman
id_rsa.pub
rahman@debDev:~$ mkdir .ssh/
rahman@debDev:~$ cat id_rsa.pub >> .ssh/authorized_keys
Silahkan dicuba (Kripiiikk kalee…. 😀
ts@ts04-desktop:~$ ls .ssh/
id_rsa id_rsa.pub known_hosts
ts@ts04-desktop:~$ ssh rahman@202.47.75.253
Linux debDev 2.6.26-2-686 #1 SMP Wed Aug 19 06:06:52 UTC 2009 i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Oct 20 18:11:17 2009 from 202.47.74.253
Now, udeh bisa login tanpa harus memasukkan password. file id_rsa sebagai Private Key-nya harus disimpan sepenuh jiwa dan raga walau harus korbankan nyawa (Lebayyyy…
Kalau tujuannya adl untuk menghindari ngetik password, sampai sini selesai.
Tapi karena kita ingin agar metode login ssh pakai password juga ditutup, sehingga hanya ada satu cara untuk remote ke server ini, yaitu melalui Private key yang kita punya. Kita perlu mengedit line config sshd di server.
debDev:/home/rahman# vim /etc/ssh/sshd_config
Before
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication yes
After
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
debDev:/home/rahman# /etc/init.d/ssh reload
Sekarang, Mape mouddar juga kagak bisa login, meski tau passwd yang sebenarnya apa. Jangan Lupa pesannya yah, jaga kuncinya kecuali anda ingin mendobrak rumah anda sendiri.
Repository / Source Lists Lokal Debian 5.0 Lenny
Universitas Indonesia (Kambing)
deb http://kambing.ui.edu/debian lenny main non-free contrib
deb http://kambing.ui.edu/debian-volatile lenny/volatile main contrib
deb http://kambing.ui.edu/debian-security lenny/updates main non-free contrib
deb http://kambing.ui.edu/debian lenny-proposed-updates main non-free contrib
PENS ITS – Surabaya
deb http://kebo.vlsm.org/debian lenny main non-free contrib
deb http://kebo.vlsm.org/debian-volatile lenny/volatile main contrib
deb http://kebo.vlsm.org/debian-security lenny/updates main non-free contrib
deb http://kebo.vlsm.org/debian stable-proposed-updates main non-free contrib
Institut Teknologi Sepuluh Nopember – Surabaya
deb http://mirror.its.ac.id/debian lenny main non-free contrib
deb http://mirror.its.ac.id/debian-volatile lenny/volatile main contrib
deb http://mirror.its.ac.id/debian-security lenny/updates main non-free contrib
deb http://mirror.its.ac.id/debian stable-proposed-updates main non-free contrib
Universitas Jember
deb http://mirror.unej.ac.id/debian lenny main non-free contrib
deb http://mirror.unej.ac.id/debian-volatile lenny/volatile main contrib
deb http://mirror.unej.ac.id/debian-security lenny/updates main non-free contrib
deb http://mirror.unej.ac.id/debian stable-proposed-updates main non-free contrib
UGM
deb http://repo.ugm.ac.id/debian lenny main non-free contrib
deb http://repo.ugm.ac.id/debian-volatile lenny/volatile main contrib
deb http://repo.ugm.ac.id/debian-security lenny/updates main non-free contrib
deb http://repo.ugm.ac.id/debian stable-proposed-updates main non-free contrib
Indika
deb http://debian.indika.net.id/debian lenny main non-free contrib
deb http://debian.indika.net.id/debian-volatile lenny/volatile main contrib
deb http://debian.indika.net.id/debian-security lenny/updates main non-free contrib
deb http://debian.indika.net.id/debian stable-proposed-updates main non-free contrib
KLAS
deb http://buaya.klas.or.id/debian lenny main non-free contrib
deb http://buaya.klas.or.id/debian-volatile lenny/volatile main contrib
deb http://buaya.klas.or.id/debian-security lenny/updates main non-free contrib
deb http://buaya.klas.or.id/debian stable-proposed-updates main non-free contrib
Oregon State University
deb ftp://ftp.us.debian.org/debian lenny main non-free contrib
deb ftp://ftp.us.debian.org/debian-volatile lenny/volatile main contrib
deb ftp://ftp.us.debian.org/debian-security lenny/updates main non-free contrib
deb ftp://ftp.us.debian.org/debian stable-proposed-updates main non-free contrib
Configure OSPF Non-Broadcast Multi Access over Frame Relay
Melanjutkan coba-coba konfigurasi OSPF di GNS3, skrg saya coba set OSPF di Network NBMA melalui Frame Relay._________________________________________________________________________________________________________________________
Basic Configuration _________________________________________________________________________________________________________________________
RA :
!
interface Loopback0
ip address 1.1.1.1 255.255.255.252
!
interface Serial0/0
ip address 172.16.1.1 255.255.255.0
encapsulation frame-relay
frame-relay map ip 172.16.1.3 102 broadcast
frame-relay map ip 172.16.1.2 101 broadcast
no frame-relay inverse-arp
!
RB :
!
interface Loopback0
ip address 2.2.2.1 255.255.255.252
!
interface Serial0/0
ip address 172.16.1.2 255.255.255.0
encapsulation frame-relay
frame-relay map ip 172.16.1.3 202 broadcast
frame-relay map ip 172.16.1.1 202
no frame-relay inverse-arp
!
RC :
!
interface Loopback0
ip address 3.3.3.1 255.255.255.252
!
interface Serial0/0
ip address 172.16.1.3 255.255.255.0
encapsulation frame-relay
frame-relay map ip 172.16.1.1 203 broadcast
frame-relay map ip 172.16.1.2 203
no frame-relay inverse-arp
!
________________________________________________________________________________________
OSPF over Frame Relay – Non-Broadcast Network ________________________________________________________________________________________
RA :
!
interface Serial0/0
ip address 172.16.1.1 255.255.255.0
encapsulation frame-relay
ip ospf network non-broadcast
frame-relay map ip 172.16.1.3 102 broadcast
frame-relay map ip 172.16.1.2 101 broadcast
no frame-relay inverse-arp
!
router ospf 1
log-adjacency-changes
network 1.1.1.0 0.0.0.3 area 0
network 172.16.1.0 0.0.0.255 area 0
neighbor 172.16.1.2
neighbor 172.16.1.3
!
RB :
!
interface Serial0/0
ip address 172.16.1.2 255.255.255.0
encapsulation frame-relay
ip ospf network non-broadcast
ip ospf priority 0
frame-relay map ip 172.16.1.3 202 broadcast
frame-relay map ip 172.16.1.1 202 broadcast
no frame-relay inverse-arp
!
router ospf 2
log-adjacency-changes
network 2.2.2.0 0.0.0.3 area 100
network 172.16.1.0 0.0.0.255 area 0
neighbor 172.16.1.1
!
RC :
!
interface Serial0/0
ip address 172.16.1.3 255.255.255.0
encapsulation frame-relay
ip ospf network non-broadcast
ip ospf priority 0
frame-relay map ip 172.16.1.1 203 broadcast
frame-relay map ip 172.16.1.2 203 broadcast
no frame-relay inverse-arp
!
router ospf 3
log-adjacency-changes
network 3.3.3.0 0.0.0.3 area 200
network 172.16.1.0 0.0.0.255 area 0
neighbor 172.16.1.1
!
* Merah : mengkonfigure tipe network di port tsb.
** Hijau : agar terbentuk network full mesh nbma. tanpa command ini, R2 tidak bisa ping ke R3 dan sebaliknya, meskipun ada di route table masing2 (dapet dari R1).
*** Biru : Pada network non-broadcast, tidak ada trafik multicast yang lewat sehingga tidak ada paket HELLO untuk membentuk hubungan adjencies / tetanggaan. Jadi kita perlu untuk menentukan secara manual neighbor routernya.
_____________________________________________________________________________________________________________
Verifikasi routing dan koneksi antar Router _____________________________________________________________________________________________________________
A#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/30 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.1 [110/65] via 172.16.1.2, 00:00:57, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.1 [110/65] via 172.16.1.3, 00:00:57, Serial0/0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.1.0 is directly connected, Serial0/0
A#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
3.3.3.1 0 FULL/DROTHER 00:01:41 172.16.1.3 Serial0/0
2.2.2.1 0 FULL/DROTHER 00:01:51 172.16.1.2 Serial0/0
A#sh ip ospf interface
Serial0/0 is up, line protocol is up
Internet Address 172.16.1.1/24, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type NON_BROADCAST, Cost: 64
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 1.1.1.1, Interface address 172.16.1.1
No backup designated router on this network
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
oob-resync timeout 120
Hello due in 00:00:03
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 4 msec, maximum is 4 msec
Neighbor Count is 2, Adjacent neighbor count is 2
Adjacent with neighbor 3.3.3.1
Adjacent with neighbor 2.2.2.1
Suppress hello for 0 neighbor(s)
Loopback0 is up, line protocol is up
Internet Address 1.1.1.1/30, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type LOOPBACK, Cost: 1
Loopback interface is treated as a stub Host
A#sh ip ospf
Routing Process “ospf 1” with ID 1.1.1.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
External flood list length 0
Area BACKBONE(0)
Number of interfaces in this area is 2 (1 loopback)
Area has no authentication
SPF algorithm last executed 00:01:12.052 ago
SPF algorithm executed 10 times
Area ranges are
Number of LSA 6. Checksum Sum 0x030FB7
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
A#ping 2.2.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/16/36 ms
A#ping 3.3.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/20/44 ms
——————————————————————————————————————————————————-
B#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 172.16.1.1, 00:01:44, Serial0/0
2.0.0.0/30 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.1 [110/65] via 172.16.1.3, 00:01:44, Serial0/0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.1.0 is directly connected, Serial0/0
B#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
1.1.1.1 1 FULL/DR 00:01:51 172.16.1.1 Serial0/0
B#sh ip ospf interface
Serial0/0 is up, line protocol is up
Internet Address 172.16.1.2/24, Area 0
Process ID 1, Router ID 2.2.2.1, Network Type NON_BROADCAST, Cost: 64
Transmit Delay is 1 sec, State DROTHER, Priority 0
Designated Router (ID) 1.1.1.1, Interface address 172.16.1.1
No backup designated router on this network
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
oob-resync timeout 120
Hello due in 00:00:28
Index 1/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.1 (Designated Router)
Suppress hello for 0 neighbor(s)
Loopback0 is up, line protocol is up
Internet Address 2.2.2.1/30, Area 100
Process ID 1, Router ID 2.2.2.1, Network Type LOOPBACK, Cost: 1
Loopback interface is treated as a stub Host
B#sh ip ospf
Routing Process “ospf 1” with ID 2.2.2.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
It is an area border router
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 2. 2 normal 0 stub 0 nssa
External flood list length 0
Area BACKBONE(0)
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm last executed 00:02:08.768 ago
SPF algorithm executed 8 times
Area ranges are
Number of LSA 6. Checksum Sum 0x030FB7
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
Area 100
Number of interfaces in this area is 1 (1 loopback)
Area has no authentication
SPF algorithm last executed 00:04:38.164 ago
SPF algorithm executed 5 times
Area ranges are
Number of LSA 4. Checksum Sum 0x020921
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
B#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/12 ms
B#ping 3.3.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/68/84 ms
B#
———————————————————————————————————————————————————————
C#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 172.16.1.1, 00:00:14, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.1 [110/65] via 172.16.1.2, 00:00:14, Serial0/0
3.0.0.0/30 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.1.0 is directly connected, Serial0/0
C#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
1.1.1.1 1 FULL/DR 00:01:53 172.16.1.1 Serial0/0
C#sh ip ospf interface
Serial0/0 is up, line protocol is up
Internet Address 172.16.1.3/24, Area 0
Process ID 3, Router ID 3.3.3.1, Network Type NON_BROADCAST, Cost: 64
Transmit Delay is 1 sec, State DROTHER, Priority 0
Designated Router (ID) 1.1.1.1, Interface address 172.16.1.1
No backup designated router on this network
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
oob-resync timeout 120
Hello due in 00:00:29
Index 1/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.1 (Designated Router)
Suppress hello for 0 neighbor(s)
Loopback0 is up, line protocol is up
Internet Address 3.3.3.1/30, Area 200
Process ID 3, Router ID 3.3.3.1, Network Type LOOPBACK, Cost: 1
Loopback interface is treated as a stub Host
C#sh ip ospf
Routing Process “ospf 3” with ID 3.3.3.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
It is an area border router
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 2. 2 normal 0 stub 0 nssa
External flood list length 0
Area BACKBONE(0)
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm last executed 00:00:43.380 ago
SPF algorithm executed 11 times
Area ranges are
Number of LSA 6. Checksum Sum 0x0309BA
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
Area 200
Number of interfaces in this area is 1 (1 loopback)
Area has no authentication
SPF algorithm last executed 00:08:14.792 ago
SPF algorithm executed 5 times
Area ranges are
Number of LSA 4. Checksum Sum 0x01BB5E
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
C#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
C#ping 3.3.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
C#
Dalikin's Blog 