Logged in remotely vs logged in locally?
-
ivps
MemberWhat is the difference between, being Logged in remotely vs locally? What does it mean exactly?
I am referring to this tutorial:
http://vpsbible.com/security/linux-linux-openssh/- Logged in locally, type this:- ssh-keygen -t rsa
VS
- Now, logged in remotely: sudo nano /home/username/id_rsa.pub
Also, I am a bit confused on this one:
scp ~/.ssh/id_rsa.pub username@hostname.com:/home/username/ ???
Is the first user name field supposed to be the same as the second one after home?Because in Cyberduck, I can see TWO id_rsa.pub files, one is inside the folder.ssh and the other one is just outside it, in my "username" folder.
Posted 7 months ago # -
Joe Crocetta
MemberLocally is your local machine. The physical machine in front of you.
Remote machine is the linode machine, the one not in your immediate physical location.
scp :is the command
taking this file (on your local machine): ~/.ssh/id_rsa.pub and using your connection information: username@hostname.com:/home/username/ to move that local file to that /home/username/ remote directory.Yes they should be the same name.
From your last sentence it looks like you did everything on the remote machine leaving you with no key on the local machine. Thus locking you out.
Take your time.
I remember how exited I was when I set up my linode for the 3rd time ;)Posted 7 months ago # -
ivps
MemberHi Joe, thanks for your help.
So, how do I login remotely then? I am very confused now.
So far when I follow the tutorials, I launch the Terminal application on the Mac, and enter everything there.
The tutorials are great, but I am still not following and/or understanding how you login remotely to Linode.
Posted 7 months ago # -
Joe Crocetta
MemberDon't be confused.
Take a deep breath.You have been getting in remotely.
And you have been getting in correctly.Slow down.
From your other posts I can see that you've been logging into Linode and doing it without issue. So don't think you are doing it incorrectly and don't be confused.
Look at the big picture. Guv is trying to set you up where you don't have to remember/type your password to get into your Linode and he's also making it work through an opening in the firewall only you know of. (which will make it harder for hackers) So take a step back.
Look at it this way. You can get into Linode from several different ways. Launching a terminal from your Linode manager on the webpage after you login to your Linode account. You can login through Putty. And you can login from your local terminal.
There might be other ways but it's getting late and my eyes are closing.
So what you are trying to do is secure your login making it harder for everyone else and easier for you. By creating the key files on your local machine .. sending them over to your remote machine .. then having a key phrase to unlock the keys .. (which also allows persistence meaning the remote machine remembers you and only asks for your pass phrase sometimes)
So think of what the_guv is trying to accomplish with these tutorials before you go in head first.
I suggest doing one tutorial with a few hours break between the next one so that what you did sinks in - you might even need to reread a few times to really get it right.
You will get to the point where you will login with username@hostname.com -port number (that port number is just another layer of security forced by the iptable configuration)
Then you can edit your bash script and get in like me - all I do is type c2l ("connect to linode") and it connects ... every once and a while it asks for a pass phrase but more often than not it just connects instantaneously.
You'll get the hang of it, have confidence in yourself and take your time. I was just as excited as you when I first got my linode and did these tutorials.
Sorry my eyes are closing .. good night and good luck.
Posted 7 months ago # -
ivps
MemberThank you Joe, this was very helpful. You see, I understood local vs remote, originally, but because it wasn't very clear in the tutorial, I was having a hard time to understand. Especially, this is all new to me.
I would have understood something like: local is your computer, remote is, well, accessing the server remotely... Anyway, I am getting there, but guess what? I locked myself out again!
Thanks again for the great explanations, much appreciated.
Posted 7 months ago # -
ivps
MemberYou all've been great, thank you again ;)
And the great news is:
I DID IT!!!! 100% success. :P
I realised that I did something very silly by "accident", or by ignorance!
Basically, every time I copied and pasted the key manually, I always truncated the last bits, because they were not attached so I thought it wasn't needed! lolol not.
So after watching Markus video, over and over...
I spotted the mistake.BUT, now I am starting to worry, how do I log in from a laptop, since the key is on the desktop?
Most importantly, as I mentioned before, how do we revert the whole password/key, or simply change key?That's the problem.
Anyway, I cloned the "good" image, so I am kind of ok at the minute..., for how long? i don't know :P
Posted 7 months ago # -
If you want to access via another PC, you can just enter your /etc/ssh/sshd_config file, and temporarily change
passwordauthentification from no to yes
Posted 7 months ago # -
ivps
MemberThank you Joe and Marcus,
So I have just learnt something, that I was going to ask later; What does: "passwordauthentification" do exactly? This greatly confused me!
In shortI if I understand, it allows or disallows you to make use of the passphrase NOT the password?
If yes, well, it would have been easier to understand it if it was named passphraseauthentication.
Am I correct?
Posted 7 months ago # -
Your keypass is a separate layer of security. It is a very high level of security and that is why we use it.
The normal layer of security is a password to get in.
e.g. If you had 5 users in a business, Larry, Harry, Jerry, Mary, And Amanda all with separate pC's , they might all have separate usernames and passwords to enter the server.
Since you are the unique user on your personal server, you can lockdown by disabling password entry (passwordauthentication no)
and entering with a keypair.
If Larry, Harry, Jerry, Mary, And Amanda all accessed the server from the same PC, i guess they could just use the keypair.
Posted 7 months ago # -
ivps
MemberRight, I am a bit confused here...
I managed to setup the key pair, but how exactly do you log in from it?So far, after following the tutorials, all that's required, is the user / super user key, I have not encountered a situation yet where the passphrase was needed.
I understand now that the key pair is made of two files, one on the desktop, and one on the server, on top of that there is a password for the root user, and a password for the user(s).
Posted 7 months ago # -
When you try to log in
ssh ivps@4556.77.48.955 -p33333
or whatever,
it will ask you for your keypair password in a pop up window
Posted 7 months ago # -
Around 8:30 in the video you will see me log in with the keypair password.
Every time you turn your Mac on and attempt to log in to your server, it should ask you for your keypair password...
if not, something is not right in your set up......
[However, once you have a session going on your Mac, even if you close and open the server, you won't need the keypair after the initial input]
IVPS....
1) the Guv's set-up works
2) I wasted a few weeks the same way as you, because I couldn't get things to work initially, but in the end I came back to VPSBIBLE3) Sometimes it is the smallest detail that can cause a glitch...
My advice is to keep trying if you can....try to fathom what you might be doing wrong...at what stage of the process are things not working?
If you install IshowUHD and record what you are doing, someone should be able to point out where you are going wrong......
Posted 7 months ago # -
ivps
MemberWell, Marcus, I give up on this one as well, I have come to realise that the tutorials are outdated and neglected, I am really struggling with the rest.
I encounter problem on most tutorials, without your video and the help of Joe, I couldn't have done the first part. Then the Guv, is not really answering my posts. I am getting a CTS, with all this copy and past for the past week.Posted 7 months ago #
Reply
You must log in to post.
Want HTML?
a blockquote code em strong ul ol liPlace code between backticks `codeHere`
You've got it.