simon.schönbeck.dk

Tag: key

  • Pidgin certificate prompt

    Today using the version of Pidgin that came with Fedora 10 I received the following certificate prompt:

    Accept certificate for ows.messenger.msn.com?
    The root certificate this one claims to be issued by is unknown to Pidgin.

    The majority of cases of unknown certificate issuers are due to the chain of trust breaking down. This break down in the certificate chain is mainly caused by the software in question not including the intermediate certificate authorities certificates. Without these intermediate certificates the software can not verify through the certificate hierarchy up till the root certificate and therefore prompts the user about what to do.

    The options I received in the Pidgin prompt were:

    View certificate
    Accept
    Reject

    Upon selecting “View certificate” I am presented with the following details:

    Common name: ows.messenger.msn.com
    Fingerprint (SHA1): a9:9c:2d:ee:4a:d1:c8:7d:a7:c5:c3:05:32:98:5f:ee:57:87:73:8a
    Activation date: Tue Jan 29 14:37:21 2008
    Expiration date: Wed Jan 28 14:37:21 2009

    So far everything looks as it is a bona fide certificate but to verify the identity completely I load the page https://ows.messenger.msn.com/ in Firefox. As expected no certificate warnings were received and I opened the certificate viewer to see its details and confirmed the data matches up with the data received in Pidgin:

    certificate
    Certificate Viewer

    I can safely trust this certificate as Firefox has verified through the certificate chain that all intermediate certificates are valid too:

    certificate_chain
    Certificate Chain

    This certificate is simply used by Microsoft for the Live Messenger offline messaging service. Although you normally would trust verified certificates it did happen in the past that certificates were incorrectly issued to the wrong people. So always be cautious!

  • Home and End keys in PuTTY

    I wondered why sometimes the Home and End keys work as expected during a SSH session via PuTTY and some other times it just writes tildes (~) instead. When writing long commands it is a real annoyance having to press down the left arrow to get back to the beginning of the command.

    A simple solution which worked for me was to change the Terminal-type String under the Connection > Data tab from the default “xterm” to simply “linux”:

    PuTTY Terminal Type String

    Now you should be able to use your Home and End keys to easily move the cursor back and forth during a SSH session using PuTTY.

  • SSH passkey setup – access without password

    I have wanted to set up password less access to my SSH servers for several years, but due to laziness mainly have never got around to actually completing the process. Just now I accessed one of my hosting accounts without any password and it actually felt quite good. It is one of these things that you think to yourself “Why didn’t I just do it before!”.

    I encountered some issues even though the process is a piece of cake and takes less than five minutes to do. When searching for solutions I tend to encounter issues with out-of-date information that no longer applies to the latest versions of software normally used. It can become annoying sometimes as you may be wasting time down the wrong path.

    I will try to write it up as simple as possible for anyone who might like to give this a go. The easiest way to get started would be to simply install the entire Putty Windows installer. Currently at version 0.60 but ensure you grab the latest version available when starting.

    Once installed go to Start > Putty > PuttyGen and the key generator will open:

    PuttyGen

    Click on “Generate” and you will see a progress bar appear:

    Puttygen progress bar

    Now you need to create some randomness by hovering your mouse pointer on top of the progress bar so it slowly moves towards the end. When done you will see your public key:

    PuttyGen key generated

    Now simply enter a key passphrase you can remember which is longer than a normal password. This needs to be used to decrypt the key when used. I will later explain how you avoid having to input this long passphrase on every login, elsewise it would defeat the purpose of not wanting to repeatedly input the password. Please note the passphrase can NOT be recovered, although you may always generate a new set of private/public keys if you happen to forget it.

    Once you have entered the passphrase twice hit “Save private key” and save the file with any name in a safe location and leave PuttyGen running as we will use it again in a bit. This leads to the next step which is to launch Putty as you normally do from Start > PuTTY > PuTTY. Go to the Connection > Data tab and input the username of the SSH account:

    Putty auto-login username

    Now move down to Connection > SSH > Auth tab and only check “Attempt authentication using Pageant”. Click on the “Browse” button and locate the private key that you created before with PuttyGen:

    Putty private key

    Now you are ready to save this to your profile. Return to the first tab Session and enter your hostname and a session name to save these profile changes. Click “Save” and the “Open”:

    Putty save session

    On connecting you may receive an error about invalid keys or similar, just login as usual with your password only. Your username should have been automatically passed to the server by Putty as per your change in Putty’s configuration earlier on.

    Run the following commands:

    mkdir ~/.ssh

    vi ~/.ssh/authorized_keys

    Now Vi will open which is a text editor and we should see an empty file where we can paste in the public key you generated before. Return to your open PuttyGen and click the public key section, select ALL text and copy. This step is where I personally went wrong and only copied the bit that is highlighted initially upon the first click within the section. You have to make sure you select ALL the text:

    Puttygen wrong selectionPuttyGen correct selection of public key

    Now you need to return to your open session in Putty and paste the public key into Vi. First hit the letter “i” to insert and then right-click on the screen to paste the content. If it pasted correctly hit the “Esc” button on your keyboard followed by:

    :wq

    This should save your public key at the server and close Vi. Now check for the correct permissions by running:

    chmod 700 ~/.ssh

    chmod 600 ~/.ssh/authorized_keys

    exit

    Putty should now close and Pageant should be launched by going to Start > PuTTY > Pageant. This is a very simple utility that will store your key’s passphrase in memory until you close it again. This is needed to avoid having to type your long passphrase upon every login, the alternative being creating a key without any passphrase which is highly insecure as anyone can login to your server if they get hold of your private key.

    Simply click “Add Key” and locate your private key stored earlier. Enter your passphrase when asked and close it so it stays minimised in the traybar:

    pageant

    Now you should be able to launch PuTTy again and simply double click on your saved session profile to access your SSH server without any further user input.