## <img src='../images/hu.png'> Jelszavas azonosítás

Ez a szakasz az egyszerű, jelszó alapú SSH használatot szemlélteti.

## <img src='../images/en.png'> Password based authentication

This section demonstrates simple password based SSH access.

In [74]:
# clear terminal screen
ssh-client-cmd "clear"

no server running on /home/hallgato/oe-itseclabs/04 - Linux hardening/ssh/client_home/.tmux.sock


In [26]:
# verify that server is reachable with ICMP PING
ssh-client-cmd "ping -c3 server"

In [19]:
# retireve and display host keys from SSH server
ssh-client-cmd "ssh-keyscan server"

In [21]:
# save host keys to list of known hosts
ssh-client-cmd "ssh-keyscan server > .ssh/known_hosts"

In [27]:
# initiate remote connection to the server
ssh-client-cmd "ssh hallgato@server"
# wait for password prompt
sleep 1
# enter user password when prompted
ssh-client-cmd "hallgato"

In [28]:
# logout from remote server
ssh-client-cmd "exit"

## <img src='../images/hu.png'> Kulcs alapú azonosítás

Célja a felhasználói jelszó kliens oldali tárolása / védelme, 
valamint az egyszeri bejelentkezési (SSO - single sign on) lehetőség 
megteremtése. Ugyanaz a felhasználói kulcs számos kiszolgálón 
biztonsággal használható.

## <img src='../images/en.png'> Key based authentication

The aim of key based authentication is to store / protect the user
password on the client side, enabling single sign on (SSO) at the same time.
The same user key can be employed in many servers in a secure manner.

In [47]:
# clear terminal screen
ssh-client-cmd "clear"

In [48]:
# generate new keypair
ssh-client-cmd "ssh-keygen -t rsa -f mykey"
# wait for password prompt
sleep 1
# private key password will be "secret"
ssh-client-cmd "secret"
# wait for password prompt again
sleep 1
# repeat key password
ssh-client-cmd "secret"

In [49]:
# check contents of the public key
ssh-client-cmd "cat mykey.pub"

In [50]:
# copy our *public* key to the server
ssh-client-cmd "ssh-copy-id -i mykey.pub hallgato@server"
# wait for password prompt
sleep 1
# enter user password when prompted
ssh-client-cmd "hallgato"

In [65]:
# check key based authentication
ssh-client-cmd "ssh -o PasswordAuthentication=no -i mykey hallgato@server"
# wait for the password prompt
sleep 1
# enter password for the *secret key*
ssh-client-cmd "secret"

In [66]:
# verify public key on the server side
ssh-client-cmd "cat .ssh/authorized_keys"

In [67]:
# logout from remote server
ssh-client-cmd "exit"

In [68]:
# start ssh agent process and set up user environment
ssh-client-cmd "eval \$(ssh-agent)"

In [70]:
# add keypair to the ssh agent
ssh-client-cmd "ssh-add mykey"
# wait for the password prompt
sleep 1
# enter password for the *secret key*
ssh-client-cmd "secret"

In [71]:
# list active ssh keypairs registered by the agent
ssh-client-cmd "ssh-add -l"

In [72]:
# try passwordless remote connection
ssh-client-cmd "ssh hallgato@server"

In [73]:
# logout from remote server
ssh-client-cmd "exit"