Posts Tagged certificate

Passwordless SSH

Posted by on Tuesday, 7 April, 2009

Okay, say you have a server, you have to ssh to this server … say 20 times a day?
It gets irritating having to login and type your password repeatedly. Not to mention it can be insecure if anyone is sniffing the network.

So on your desktop machine you want to create some keys. This can be done with the following command

ssh-keygen -t dsa

At the prompts just press enter for all the defaults.
Now you should have a file in .ssh/id_dsa.pub , this file has to go to the server. You can do this with this command

cat .ssh/id_dsa.pub | ssh username@servername "cat - >>.ssh/authorized_keys2"

All going well, this should exit cleanly. Test it by ssh’ing again to the server normally, if all goes well it shouldn’t prompt but just drop you into your remote shell.
If this fails make sure your servers sshd_config has the following line

PubkeyAuthentication yes

Last-Modified: 2007-03-07 19:38:50


How to create an SSL certificate for Apache

Posted by on Tuesday, 7 April, 2009

Ok heres a script which takes you through the annoying part

#!/bin/sh
SERVER=zeald.com
PRIVATE_KEY=$SERVER.private.key
CERTIFICATE_FILE=$SERVER.crt
SIGNING_REQUEST=$SERVER.signing.request
VALID_DAYS=365
echo Delete old private key
rm $PRIVATE_KEY
echo Create new private/public-keys without passphrase for server
openssl genrsa -out $PRIVATE_KEY 1024
echo Create file for signing request
rm $SIGNING_REQUEST
openssl req -new -days $VALID_DAYS -key $PRIVATE_KEY -out $SIGNING_REQUEST
echo Filename for signing request is: $SIGNING_REQUEST
echo Send the content of the file to the certification authority.
echo For example: Christian Heutger [c.heutger@psw.biz]
echo from http://www.ssl-certs.de
cat $SIGNING_REQUEST
echo You can check this request at
echo https://secure.comodo.net/utilities/decodeCSR.html

now chmod +x create_signing_request.sh

then ./create_signing_request.sh
it will go through asking you information about your company etc. You may need to do this several times to figure out what goes where. Then go to your SSL certificate provider, and use the CSR to request the ssl certificate. It may take an hour or two or even up too a couple days to get your SSL certificate.
Once you have it you need to add into your apache config a couple of lines similar to this

SSLCertificateFile /etc/apache/ssl.crt/yourdomain.crt
SSLCertificateKeyFile /etc/apache/ssl.key/yourdomain.key

Last-Modified: 2008-06-10 13:57:40