The Blog

Networking

Steps to Perform SSH Login Without Password Using ssh-keygen & ssh-copy-id

Posted on

You can login to a remote Linux server without entering password in 3 simple steps using ssky-keygen and ssh-copy-id as explained in this article.

ssh-keygen creates the public and private keys. ssh-copy-id copies the local-host’s public key to the remote-host’s authorized_keys file. ssh-copy-id also assigns proper permission to the remote-host’s home, ~/.ssh, and ~/.ssh/authorized_keys.

This article also explains 3 minor annoyances of using ssh-copy-id and how to use ssh-copy-id along with ssh-agent.

Step 1: Create public and private keys using ssh-key-gen on local-host

jsmith@local-host$ [Note: You are on local-host here]

jsmith@local-host$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):[Enter key]
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Pess enter key]
Your identification has been saved in /home/jsmith/.ssh/id_rsa.
Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub.
The key fingerprint is:
33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 jsmith@local-host

Step 2: Copy the public key to remote-host using ssh-copy-id

jsmith@local-host$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
jsmith@remote-host's password:
Now try logging into the machine, with "ssh 'remote-host'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

Note: ssh-copy-id appends the keys to the remote-host’s .ssh/authorized_key.
Use this command to remove entries from known_hosts:

ssh-keygen -R hostname

You will also have to remove those entries from authorized_keys

Posted in Linux, Networking Leave a comment

Cisco ASA/PIX Modular Policy Framework: Simple QoS for VoIP

Posted on

priority-queue outside
!
! (Step 1) ————-Specify a class map which identifies the VoIP traffic
! On my network, the VoIP adapter uses the EF PHB (101110)
class-map VoIP
description High Priority = VoIP
match dscp ef
!
! (Step 2) ————–Assign the class map to a policy map
! (remember this doesn’t activate the policy)
! And, as an action, send it to the LLQ
policy-map General-Purpose
class VoIP
priority
!
! (Step 3) —————–Finally, activate the policy by assigning it to the
! outside interface:
service-policy General-Purpose interface outside
!
! To see whether the policy is “working”, issue this command and view the results:

show service-policy
Interface outside:
Service-policy: General-Purpose
Class-map: VoIP
Priority:
Interface outside: aggregate drop 0, aggregate transmit 1256

Posted in Networking Leave a comment

I am unable to access the inside interface of the Security Appliance when connected via a VPN tunnel. How can I do this?

Posted on

The inside interface of the Security Appliance cannot be accessed from the outside, and vice-versa, unless the management-access is configured in global configuration mode. Once management-access is enabled, Telnet, SSH, or HTTP access must still be configured for the desired hosts.

pix(config)#management-access inside
pix(config)#show running-config management-access
management-access inside
Posted in Networking Leave a comment

CISCO VPN mockup

Posted on

So what I needed was a simulation of four different ISPs each with different static IP, all that to test my four VPN connections between them.

Starting point.
http://www.dd-wrt.com/wiki/index.php/VLAN_Detached_Networks_(Separate_Networks_With_Internet)
http://www.dd-wrt.ca/wiki/index.php/Linking_Subnets_with_Static_Routes

To get it going all I had to do is configure VLAN on dd-wrt and then set up wireless as the client to my Wi-Fi so I can access internet and all worked without any other adjustments

Posted in Networking Leave a comment