is there a simple explenation for setting up ssh with key auth.
-Password authentication is to insecure.
Simple it is not. Here is what I did. I did this to support SSH tunneling. If all you want is SSH login, you can drop some of the steps....
Here are my instructions for setting up SSH tunneling on ASL. Please share them with others. This is for 2.026. Please tell me what I will have to do differently for 3.2!
Setting up ASL and a SSH Windows Client to support SSH Tunneling
Step 1 -- Step up SSH Windows Client to log into the ASL Firewall
1. This is a standard setup for the Client, using a UserID and Password authentication.
2. Use the ID USERLOGIN and its password for this step.
Step 2 -- Create your own User ID on ASL
Every user of SSH Tunneling SHOULD have their own ID. This has to be a UNIX ID, and not an ASL ID created via the ASL web frontend. Since ASL comes without the UNIX command ADDUSER, the ID setup is 'manual'.
1. Use the SSH client and User ID LOGINUSER to gain access the UNIX on ASL.
2. SU to obtain root privledges.
3. CD /etc and use VI (supplied) to edit the password and shadow password files to add your User ID.
4. create the User ID home directory under /home and use CHMOD to set permissions.
5. Set up the Client to use this new this new User ID and test logging in with Password authorization.
Step 3 -- Create and Upload the User SSH public Key
1. In the SSH client, follow instructions to create a User Public Key pair.
2. Log on to the firewall using password authentication.
3. On your local machine, use Notepad.exe to open your SSH local public key file.
4. With the key file opened in the Notepad application, open the Edit menu and choose Select All. Once everything is selected, open the Edit menu again and select Copy.
5. On the firewall, complete the following steps:
a. cat > ~/.ssh/identity.pub
b. Paste the contents of the Clipboard (which should now contain the contents of your key file).
c. Issue a CTRL+D to close the identity.pub file.
d. Convert the key to one that SSH will recognize using the following command: /sbin/ssh-keygen -X -f ~/.ssh/identity.pub >> ~/.ssh/authorized_keys2
Be sure to complete step 5-d.
6. Logout from the firewall, select Public Key Authentication as the primary authentication and reconnect to the firewall.
Step 4 -- Set up rules on ASL to support SSH Tunneling
1. Set up a network definition for the IP address of the Firewall's internal interface.
2. Set up a Service group for the TCP protocols you want to allow via SSH tunneling.
3. Add a rule to allow packets from the Interface network to the Internal network for the SSH Service Group.
Step 5 -- Set up the client and applications for SSH Tunneling
1. Follow SSH's instructions for defining outgoing tunnels
The Destination is the host on the Internal Network
2. Configure the Applications to use LOCALHOST as their target or proxy
The Port for the Applications is the Listen Port defined in the outgoing tunnel
3. If the SSH client is currently connected to the firewall, the connection has to be restarted to activiate the tunnels.
