Authentication with SSH Keys

Now that your development server is configured you can begin uploading your files to the server. For development we can create a login procedure that doesn’t require a password using SSH keyfiles.

Creating the private and public key

On windows, download the PuTTY Key Generator utility and generate a new public and private key.

PuTTY generator

Save the private key. Software will use one of two different formats for the private key. Export both a ppk file and an OpenSSH key file:

File -> Save Private Key -> Save as private.ppk

Conversions -> Export OpenSSH key -> Save as private.key

Copy the public key to your development server’s authorized_key file for the user you want to authenticate. In our examples we will be using root. On a production server you shouldn’t login as root directly.

If the directory and files don’t exist yet you will need to create them with the following permissions:

cd ~/
mkdir .ssh
chmod 0700 .ssh
cd .ssh
touch authorized_keys
chmod 0600 authorized_keys

Copy the public key, changing the string to match your public key:

cd ~/
cd .ssh
echo ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAz7tEMrKSSLiYi3vaYu71KQeK+VX0zA07Rc5ZyyenLvihXW3TR7y6Yz9sYMOSgWMewUWosXxGNy17XR2pJSRXtD6mIEcQmhJh47H99bJEHxQ3NOEsRcEwe1yn++T7Q4DthunxzxLY+1M85EYMemz1ato+E341zwEZj0KJr064K9MtrCvC86menKsUFeRoEoj5YafJ02PaUeZiweLw3VyLgmhDCnx3DuSrEtO2O0eBHrziycamrbTE5W69oh+SUpXwnWQEagbHVGGWtXKCYltMiD14rWdqSsrlkAeg2hmDdxuIEn5w41OWJjeVqkXBnA4Pvp+hnCZKQBlCtP2/aSkVaQ== rsa-key-20150318 >> authorized_keys

Troubleshooting

Sometimes things don’t go that smoothly. If you are having problems connecting your client to your server using your new private / public key pairing. Check out the log files on your server for clues on how to solve the problem.

tail –f /var/log/secure

Configuring your FTP client

FileZilla is a popular open source FTP client for windows. It supports SFTP as a method for transferring files between your computer and the server.

Add your private key to the SFTP settings.

Edit -> Settings -> Connection -> SFTP -> Add key file

Filezilla add private key

Create a new connection profile. Enter in your development server’s host or IP Address. Select SFTP as the protocol. Enter in your user but leave the password blank. On a production server it is not a good idea to connect as the root user.

Filezilla SFTP

Configuring your SSH client

PuTTY is an open source implementation of SSH for windows. It allows shell access to your server without having to access the development server directly. If using a virtual machine, it is more responsive than the VMWare window and is preferred.

Set the default user to root and the private key file to private.key.

Connection -> Data -> Auto-login username

Connection -> SSH -> Auth -> Private key file or authentication

20150318-.putty120150318-.putty2

Configuring other clients

The setup procedures are fairly similar on other software. Remember that security is important on a production server. You should not be logging in a root directly. Nor should you be creating a passwordless private key when accessing your server. On a production server assign a password to your key.

Hutz Media LogoBryan Wiebe is a web developer and mobile developer living in the Okanagan, British Columbia. He works for Hutz Media Ltd. This post is an entry in a blog series covering the configuration and setup of a Development Environment.

Modifying Hosts File

During web design and web development, it is important to simulate the environment that your website will have when it is officially released. You can simulate your website on a development server as if it is live and hosted on its correct domain name, while keeping the website private and in your local area network.

Be sure to check out our previous blog post where we learned how to setup a Virtual Machine for development.

What is a hosts file

A hosts file is a used by your operating system to map hostnames (or domain names) to an IP address. If the hostname is not found in the hosts file your operating system will look for the IP address through your Internet Service Provider.

Finding the hosts file

In Windows your hosts file is located at:

c:\windows\system32\drivers\etc\hosts

In MacOS the hosts file is located at:

/private/etc/hosts

In most Linux distributions the hosts file is located at:

/etc/hosts

Modifying the hosts file

In Windows you need to edit the file as an administrator. Open notepad as an administrator.

Open notepad as administrator.

The default contents of the file should look like:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#	127.0.0.1       localhost
#	::1             localhost

Find the IP Address to your local development server and append the desired domain to the hosts file. For example:

192.168.1.201		example-website.com

Save the file and open your browser (some browsers require that you close them before the addresses in the hosts file are updated). Type in example-website.com. If you already have a virtual host configured on your development server, it will now point to your website. If you don’t have a virtual host configured it will point to the server’s default website.

When it’s time to release example-website.com don’t forget to remove this line from your hosts file or you may be wondering why changes your clients make to the website aren’t showing when you look at them on your computer.