{"id":766,"date":"2020-01-07T17:11:06","date_gmt":"2020-01-07T16:11:06","guid":{"rendered":"https:\/\/www.tiraquelibras.com\/blog\/?p=766"},"modified":"2021-08-18T13:48:44","modified_gmt":"2021-08-18T11:48:44","slug":"openssh-conexion-remota-desde-putty-con-clave-publica","status":"publish","type":"post","link":"https:\/\/blog.tiraquelibras.com\/?p=766","title":{"rendered":"OpenSSH &#8211; conexi\u00f3n remota desde Putty con clave p\u00fablica"},"content":{"rendered":"<p>Una medida de seguridad para conectarnos a nuestros servidores v\u00eda&nbsp;<strong>SSH<\/strong> es deshabilitar la autenticaci\u00f3n con&nbsp;<em>password<\/em> y usar&nbsp;<strong>claves p\u00fablicas<\/strong> con <em><strong>key passphrase.<\/strong><\/em><\/p>\n<p>De esta forma evitamos intentos de login por&nbsp;<strong>fuerza bruta<\/strong>, ya que es necesario conseguir la <strong>clave privada<\/strong> para poder acceder con \u00e9xito a nuestro servidor.<\/p>\n<hr>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Tabla de contenidos<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a0cc50b8393a\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a0cc50b8393a\"  aria-label=\"Alternar\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=766\/#Escenario\"  rel=\"nofollow\" target=\"_blank\">Escenario<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-2 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=766\/#Generar_las_claves_publica_y_privada\"  rel=\"nofollow\" target=\"_blank\">Generar las claves p\u00fablica y privada<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-3 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=766\/#Servidor_destino\"  rel=\"nofollow\" target=\"_blank\">Servidor destino<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=766\/#Crear_el_usuario\"  rel=\"nofollow\" target=\"_blank\">Crear el usuario<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=766\/#Almacenar_la_clave_publica_en_host_destino\"  rel=\"nofollow\" target=\"_blank\">Almacenar la clave p\u00fablica en host destino<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=766\/#Configurar_OpenSSH\"  rel=\"nofollow\" target=\"_blank\">Configurar OpenSSH<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-7 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=766\/#Acceso_desde_Putty\"  rel=\"nofollow\" target=\"_blank\">Acceso desde Putty<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=766\/#Agregar_la_clave_privada_al_agente_de_autenticacion_de_Putty\"  rel=\"nofollow\" target=\"_blank\">Agregar la clave privada al agente de autenticaci\u00f3n de Putty<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=766\/#Indicar_la_clave_privada_a_los_datos_de_conexion\"  rel=\"nofollow\" target=\"_blank\">Indicar la clave privada a los datos de conexi\u00f3n<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-10 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=766\/#Opcional\"  rel=\"nofollow\" target=\"_blank\">Opcional<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=766\/#Elevar_usuario_a_root\"  rel=\"nofollow\" target=\"_blank\">Elevar usuario a root<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-12 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=766\/#Enlaces_de_interes\"  rel=\"nofollow\" target=\"_blank\">Enlaces de inter\u00e9s<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"Escenario\"><\/span>Escenario<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p>En nuestro caso nos encontramos ante el siguiente escenario:<\/p>\n<ul>\n<li>Equipo origen con <strong>Windows<\/strong> y <strong>Putty<\/strong>&nbsp;instalados.<\/li>\n<li>Servidor destino con <strong>Debian<\/strong> y <strong>OpenSSH<\/strong> instalados.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-774\" src=\"https:\/\/blog.tiraquelibras.com\/wp-content\/uploads\/2020\/01\/descarga.jpg\" alt=\"\" width=\"683\" height=\"141\"><\/p>\n<hr>\n<h1 class=\"md-end-block md-heading\"><span class=\"ez-toc-section\" id=\"Generar_las_claves_publica_y_privada\"><\/span><span class=\"md-plain\">Generar las claves p\u00fablica y privada<\/span><span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Generamos las claves <\/span><span class=\"\"><strong><span class=\"md-plain\">p\u00fablica<\/span><\/strong><\/span><span class=\"md-plain\"> y <\/span><span class=\"\"><strong><span class=\"md-plain\">privada<\/span><\/strong><\/span><span class=\"md-plain\"> desde <\/span><span class=\"\"><strong><em><span class=\"md-plain\">Putty<\/span><\/em><\/strong><\/span><span class=\"md-plain\"> con la aplicaci\u00f3n <\/span><span class=\"\"><strong><em><span class=\"md-plain\">Puttygen<\/span><\/em><\/strong><\/span><span class=\"md-plain\"> pulsando la tecla <\/span><span class=\"\"><strong><em><span class=\"md-plain\">Generate<\/span><\/em><\/strong><\/span><span class=\"md-plain\">, la cual ya viene en la instalaci\u00f3n inicial:<\/span><\/p>\n<p class=\"md-end-block md-p\"><span class=\"md-image md-img-loaded\" data-src=\".\/imgs\/1.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-775\" src=\"https:\/\/blog.tiraquelibras.com\/wp-content\/uploads\/2020\/01\/1-copia.jpg\" alt=\"\" width=\"483\" height=\"470\"><\/span><span class=\"md-plain\">Guardamos la <\/span><span class=\"\"><strong><span class=\"md-plain\">clave p\u00fablica<\/span><\/strong><\/span><span class=\"md-plain\"> pulsando el bot\u00f3n <\/span><span class=\"\"><strong><em><span class=\"md-plain\">Save public key<\/span><\/em><\/strong><\/span><span class=\"md-plain\"> indicando como nombre un archivo con extensi\u00f3n <\/span><span class=\"\"><strong><em><span class=\"md-plain\">.pub<\/span><\/em><\/strong><\/span><span class=\"md-plain\">.<\/span><\/p>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Luego indicamos la <\/span><span class=\"\"><strong><em><span class=\"md-plain\">Key passphrase<\/span><\/em><\/strong><\/span><span class=\"md-plain\"> y guardamos la <\/span><span class=\"\"><strong><span class=\"md-plain\">clave privada<\/span><\/strong><\/span><span class=\"md-plain\"> pulsando el bot\u00f3n <\/span><span class=\"\"><strong><em><span class=\"md-plain\">Save private key<\/span><\/em><\/strong><\/span><span class=\"md-plain\">.<\/span><\/p>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Almacenamos ambos archivos en un lugar seguro, para usarlo en cualquier equipo desde donde queramos conectarnos.<\/span><\/p>\n<hr>\n<h1 class=\"md-end-block md-heading\"><span class=\"ez-toc-section\" id=\"Servidor_destino\"><\/span><span class=\"md-plain\">Servidor destino<\/span><span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p>En el servidor destino ejecutamos los siguientes pasos:<\/p>\n<p>&nbsp;<\/p>\n<h2 class=\"md-end-block md-heading\"><span class=\"ez-toc-section\" id=\"Crear_el_usuario\"><\/span><span class=\"md-plain\">Crear el usuario<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Creamos el usuario:<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">adduser pruebas --disabled-password<\/pre>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Si la versi\u00f3n de <\/span><span class=\"\"><strong><span class=\"md-plain\">Debian<\/span><\/strong><\/span><span class=\"md-plain\"> no nos permite usar la opci\u00f3n <\/span><span class=\"\"><strong><em><span class=\"md-plain\">&#8211;disabled-password<\/span><\/em><\/strong><\/span><span class=\"md-plain\"> le deshabilitamos la contrase\u00f1a con el comando:<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">passwd -u pruebas<\/pre>\n<p class=\"md-end-block md-p\"><span spellcheck=\"false\"><code>-u  --unlock<\/code><\/span><span class=\"md-plain\"> desbloquea la contrase\u00f1a de la cuenta indicada<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2 class=\"md-end-block md-heading\"><span class=\"ez-toc-section\" id=\"Almacenar_la_clave_publica_en_host_destino\"><\/span><span class=\"md-plain\">Almacenar la clave p\u00fablica en host destino<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Creamos el directorio <\/span><span class=\"\"><strong><em><span class=\"md-plain\">.ssh<\/span><\/em><\/strong><\/span><span class=\"md-plain\"> en el <\/span><span class=\"\"><strong><em><span class=\"md-plain\">home<\/span><\/em><\/strong><\/span><span class=\"md-plain\"> del usuario creado y le cambiamos los permisos:<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">su pruebas\ncd \/home\/pruebas\/\nmkdir .ssh\nchmod 700 .ssh\ncd .ssh<\/pre>\n<p class=\"md-end-block md-p\"><span class=\"\" style=\"color: #ff0000;\"><strong><span class=\"md-html-inline\" spellcheck=\"false\"><u><span class=\"md-plain\">IMPORTANTE!!!<\/span><\/u><\/span><\/strong><\/span><span class=\"md-plain\">, el propietario del directorio y todo su contenido ha de ser el mismo usuario, tanto para el usuario como para el grupo.<\/span><\/p>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Ahora creamos el archivo <\/span><span class=\"\"><strong><em><span class=\"md-plain\">authorized_keys2<\/span><\/em><\/strong><\/span><span class=\"md-plain\"> y copiamos la <\/span><span class=\"\"><strong><span class=\"md-plain\">clave p\u00fablica<\/span><\/strong><\/span> <span class=\"\"><strong><span class=\"md-html-inline\" spellcheck=\"false\"><u><span class=\"md-plain\">en una l\u00ednea<\/span><\/u><\/span><\/strong><\/span><span class=\"md-plain\">, teniendo en cuenta:<\/span><\/p>\n<ul class=\"ul-list\" data-mark=\"-\">\n<li class=\"md-list-item\">\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">No agregar el email al final de la l\u00ednea.<\/span><\/p>\n<\/li>\n<li class=\"md-list-item\">\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">No agregar las l\u00edneas <\/span><span class=\"\"><strong><span class=\"md-plain\">BEGIN PUBLIC KEY<\/span><\/strong><\/span><span class=\"md-plain\"> o <\/span><span class=\"\"><strong><span class=\"md-plain\">END PUBLIC KEY<\/span><\/strong><\/span><span class=\"md-plain\">.<\/span><\/p>\n<\/li>\n<li class=\"md-list-item\">\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">No agregar la l\u00ednea <\/span><span class=\"\"><strong><span class=\"md-plain\">rsa-key-20200103<\/span><\/strong><\/span><span class=\"md-plain\">, o la numeraci\u00f3n que tenga.<\/span><\/p>\n<\/li>\n<li class=\"md-list-item\">\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Comenzar la l\u00ednea con <\/span><span class=\"\"><strong><span class=\"md-plain\">ssh-rsa<\/span><\/strong><\/span><span class=\"md-plain\">.<\/span><\/p>\n<\/li>\n<\/ul>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Por ejemplo:<\/span><\/p>\n<p class=\"md-end-block md-p\"><span spellcheck=\"false\"><code>ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAjZ...9kWsZKQ==<\/code><\/span><span class=\"\" spellcheck=\"false\"><code><\/code><\/span><\/p>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Cambiamos los permisos del archivo creado:<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">chmod 600 authorized_keys2\nchown pruebas: authorized_keys2<\/pre>\n<p>&nbsp;<\/p>\n<h2 class=\"md-end-block md-heading\"><span class=\"ez-toc-section\" id=\"Configurar_OpenSSH\"><\/span><span class=\"md-plain\">Configurar OpenSSH<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p class=\"md-end-block md-p\"><span class=\"md-html-inline\" style=\"color: #ff0000;\" spellcheck=\"false\"><span class=\"\"><strong><span class=\"md-plain\">RECOMENDACI\u00d3N<\/span><\/strong><\/span><\/span><span class=\"md-plain\">, la idea es eliminar el acceso por contrase\u00f1a, pero antes de aventurarse a deshabilitar esta opci\u00f3n recomiendo no hacerlo para confirmar que el acceso con <\/span><span class=\"\"><strong><em><span class=\"md-plain\">clave p\u00fablica<\/span><\/em><\/strong><\/span><span class=\"md-plain\"> funciona. Esta opci\u00f3n ser\u00eda <\/span><span class=\"\"><strong><em><span class=\"md-plain\">PasswordAuthentication<\/span><\/em><\/strong><\/span><span class=\"md-plain\"> y le indicamos <\/span><span class=\"\"><strong><em><span class=\"md-plain\">yes<\/span><\/em><\/strong><\/span><span class=\"md-plain\"> o <\/span><span class=\"\"><strong><em><span class=\"md-plain\">no<\/span><\/em><\/strong><\/span><span class=\"md-plain\"> para habilitar o deshabilitarla respectivamente.<\/span><\/p>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Configuramos el <\/span><span class=\"\"><strong><span class=\"md-plain\">OpenSSH<\/span><\/strong><\/span><span class=\"md-plain\"> para conectarse sin contrase\u00f1a y usando las claves almacenamos en el archivo creado en un apartado anterior.<\/span><\/p>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Hacemos un backup del archivo de configuraci\u00f3n de <\/span><span class=\"\"><strong><span class=\"md-plain\">OpenSSH<\/span><\/strong><\/span><span class=\"md-plain\">:<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">cd \/etc\/ssh\/\ncp sshd_config sshd_config.orig<\/pre>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Ahora lo editamos y cambiamos la siguiente configuraci\u00f3n con tu editor favorito:<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">nano sshd_config<\/pre>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">...\n# Authentication:\nLoginGraceTime 120\nPermitRootLogin no\nStrictModes yes\n...\nRSAAuthentication yes\n##PubkeyAuthentication no\nPubkeyAuthentication yes\nAuthorizedKeysFile &nbsp; &nbsp; %h\/.ssh\/authorized_keys2\n...\nPasswordAuthentication no\n...\nUseDNS no<\/pre>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Reiniciamos el servicio:<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">systemctl restart sshd<\/pre>\n<hr>\n<h1 class=\"md-end-block md-heading\"><span class=\"ez-toc-section\" id=\"Acceso_desde_Putty\"><\/span><span class=\"md-plain\">Acceso desde Putty<\/span><span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Podemos conectarnos con la clave privada que tenemos de dos maneras distintas:<\/span><\/p>\n<ul class=\"ul-list\" data-mark=\"-\">\n<li class=\"md-list-item\">\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Usando el agente de autenticaci\u00f3n de <\/span><span class=\"\"><strong><span class=\"md-plain\">Putty<\/span><\/strong><\/span><span class=\"md-plain\">.<\/span><\/p>\n<\/li>\n<li class=\"md-list-item\">\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Indicando el certificado al crear la conexi\u00f3n al servidor desde <\/span><span class=\"\"><strong><span class=\"md-plain\">Putty<\/span><\/strong><\/span><span class=\"md-plain\">, y a su vez la <\/span><span class=\"\"><strong><em><span class=\"md-plain\">key passphrase<\/span><\/em><\/strong><\/span><span class=\"md-plain\">.<\/span><\/p>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2 class=\"md-end-block md-heading\"><span class=\"ez-toc-section\" id=\"Agregar_la_clave_privada_al_agente_de_autenticacion_de_Putty\"><\/span><span class=\"md-plain\">Agregar la clave privada al agente de autenticaci\u00f3n de Putty<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Iniciamos el agente de autenticaci\u00f3n de <\/span><span class=\"\"><strong><span class=\"md-plain\">Putty<\/span><\/strong><\/span><span class=\"md-plain\"> ejecutando el programa <\/span><span class=\"\"><strong><span class=\"md-plain\">PAGEANT.EXE<\/span><\/strong><\/span><span class=\"md-plain\">.<\/span><\/p>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Aparece el siguiente icono en el panel derecho de los programas iniciados. Le damos con el <\/span><span class=\"\"><strong><em><span class=\"md-plain\">bot\u00f3n derecho<\/span><\/em><\/strong><\/span><span class=\"md-plain\"> encima de este y seleccionamos la opci\u00f3n <\/span><span class=\"\"><strong><em><span class=\"md-plain\">Add Key<\/span><\/em><\/strong><\/span><span class=\"md-plain\">:<\/span><\/p>\n<p class=\"md-end-block md-p\"><span class=\"md-image md-img-loaded\" data-src=\".\/imgs\/2.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-768\" src=\"https:\/\/blog.tiraquelibras.com\/wp-content\/uploads\/2020\/01\/2.jpg\" alt=\"\" width=\"205\" height=\"66\"><\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-769\" src=\"https:\/\/blog.tiraquelibras.com\/wp-content\/uploads\/2020\/01\/3.jpg\" alt=\"\" width=\"266\" height=\"252\"><\/p>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Seleccionamos la <\/span><span class=\"\"><strong><span class=\"md-plain\">clave privada<\/span><\/strong><\/span><span class=\"md-plain\"> almacenada e indicamos la <em><strong>key<\/strong><\/em> <\/span><span class=\"\"><strong><em><span class=\"md-plain\">Passphrase<\/span><\/em><\/strong><\/span><span class=\"md-plain\"> escogida cuando almacenamos la clave.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-782\" src=\"https:\/\/blog.tiraquelibras.com\/wp-content\/uploads\/2020\/01\/ask.jpg\" alt=\"\" width=\"495\" height=\"355\"><\/p>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Este programa funciona como un almac\u00e9n de <\/span><span class=\"\"><strong><em><span class=\"md-plain\">Passphrase<\/span><\/em><\/strong><\/span><span class=\"md-plain\">.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-783\" src=\"https:\/\/blog.tiraquelibras.com\/wp-content\/uploads\/2020\/01\/ask-2.jpg\" alt=\"\" width=\"494\" height=\"351\"><\/p>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Ahora para acceder al servidor desde <\/span><span class=\"\"><strong><span class=\"md-plain\">Putty<\/span><\/strong><\/span><span class=\"md-plain\"> usamos la siguiente configuraci\u00f3n:<\/span><\/p>\n<p class=\"md-end-block md-p\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-776\" src=\"https:\/\/blog.tiraquelibras.com\/wp-content\/uploads\/2020\/01\/login.jpg\" alt=\"\" width=\"452\" height=\"440\"><\/p>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">En donde <\/span><span class=\"\"><strong><span class=\"md-plain\">X.X.X.X<\/span><\/strong><\/span><span class=\"md-plain\"> corresponde a la IP del servidor al cual nos queremos conectar y <\/span><span class=\"\"><strong><span class=\"md-plain\">22<\/span><\/strong><\/span><span class=\"md-plain\"> el puerto <strong>SSH<\/strong> por defecto, o indicamos el que tenemos configurado en nuestro servidor destino si no usamos el puerto est\u00e1ndar.<\/span><\/p>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Guardamos la configuraci\u00f3n realizada indic\u00e1ndole un nombre, en mi caso <\/span><span class=\"\"><strong><em><span class=\"md-plain\">Strato-2-CERT<\/span><\/em><\/strong><\/span><span class=\"md-plain\">.<\/span><\/p>\n<p class=\"md-end-block md-p\"><span class=\"\"><strong><span class=\"md-plain\">Putty<\/span><\/strong><\/span><span class=\"md-plain\"> usar\u00e1 la <\/span><span class=\"\"><strong><span class=\"md-plain\">clave privada<\/span><\/strong><\/span><span class=\"md-plain\"> que hemos cargado con <\/span><span class=\"\"><strong><span class=\"md-plain\">PAGEANT.EXE<\/span><\/strong><\/span><span class=\"md-plain\"> y ya no ser\u00e1 necesario usar contrase\u00f1as para el acceso al servidor.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-787\" src=\"https:\/\/blog.tiraquelibras.com\/wp-content\/uploads\/2020\/01\/ask-3-1.jpg\" alt=\"\" width=\"644\" height=\"225\"><\/p>\n<p class=\"md-end-block md-p\"><span class=\"md-html-inline\" style=\"color: #ff0000;\" spellcheck=\"false\"><strong><u><span class=\"md-plain\">IMPORTANTE<\/span><\/u><\/strong><\/span><span class=\"md-plain\"> Cada vez que iniciemos sesi\u00f3n en el equipo necesitamos ejecutar este apartado, agregando la <\/span><span class=\"\"><strong><span class=\"md-plain\">clave privada<\/span><\/strong><\/span><span class=\"md-plain\"> antes de conectarnos.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2 class=\"md-end-block md-heading\"><span class=\"ez-toc-section\" id=\"Indicar_la_clave_privada_a_los_datos_de_conexion\"><\/span><span class=\"md-plain\">Indicar la clave privada a los datos de conexi\u00f3n<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Si no queremos usar el agente de autenticaci\u00f3n de <\/span><span class=\"\"><strong><span class=\"md-plain\">Putty<\/span><\/strong><\/span><span class=\"md-plain\"> podemos indicar el certificado directamente desde la configuraci\u00f3n de nuestro servidor destino, tal y como se indic\u00f3 anteriormente. La \u00fanica diferencia es que nos pedir\u00e1 la <\/span><span class=\"\"><strong><em><span class=\"md-plain\">key passphrase<\/span><\/em><\/strong><\/span><span class=\"md-plain\"> cada vez que nos conectemos. <\/span><span class=\"\"><strong><u><span class=\"md-plain\">Esta es la opci\u00f3n que recomendamos para establecer una conexi\u00f3n SSH remota<\/span><\/u><\/strong><\/span><span class=\"md-plain\">.<\/span><\/p>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Configuramos el servidor destino, indicando el <\/span><span class=\"\"><strong><span class=\"md-plain\">usuario<\/span><\/strong><\/span><span class=\"md-plain\">, <\/span><span class=\"\"><strong><span class=\"md-plain\">ip destino<\/span><\/strong><\/span><span class=\"md-plain\"> y <\/span><span class=\"\"><strong><span class=\"md-plain\">puerto SSH<\/span><\/strong><\/span><span class=\"md-plain\"> en el que est\u00e9 escuchando.<\/span><\/p>\n<p class=\"md-end-block md-p\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-776\" src=\"https:\/\/blog.tiraquelibras.com\/wp-content\/uploads\/2020\/01\/login.jpg\" alt=\"\" width=\"452\" height=\"440\"><\/p>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">En donde <\/span><span class=\"\"><strong><span class=\"md-plain\">X.X.X.X<\/span><\/strong><\/span><span class=\"md-plain\"> corresponde a la IP del servidor al cual nos queremos conectar y <\/span><span class=\"\"><strong><span class=\"md-plain\">22<\/span><\/strong><\/span><span class=\"md-plain\"> el puerto SSH por defecto, o indicamos el que tenemos configurado en nuestro servidor destino si no usamos el puerto est\u00e1ndar.<\/span><\/p>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Ahora indicamos la <\/span><span class=\"\"><strong><span class=\"md-plain\">clave privada<\/span><\/strong><\/span><span class=\"md-plain\"> en la secci\u00f3n <\/span><em><span class=\"\"><strong><span class=\"md-plain\">Connection -&gt; SSH -&gt; Auth<\/span><\/strong><\/span><\/em><span class=\"md-plain\"> y seleccionamos el archivo <\/span><span class=\"\"><strong><em><span class=\"md-plain\">.ppk<\/span><\/em><\/strong><\/span><span class=\"md-plain\"> con la <\/span><span class=\"\"><strong><span class=\"md-plain\">clave privada<\/span><\/strong><\/span><span class=\"md-plain\"> generada.<\/span><\/p>\n<p class=\"md-end-block md-p\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-771\" src=\"https:\/\/blog.tiraquelibras.com\/wp-content\/uploads\/2020\/01\/5.jpg\" alt=\"\" width=\"450\" height=\"442\"><\/p>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Para finalizar guardamos la configuraci\u00f3n realizada indic\u00e1ndole un nombre, en mi caso <\/span><span class=\"\"><strong><em><span class=\"md-plain\">Strato-2-CERT<\/span><\/em><\/strong><\/span><span class=\"md-plain\">.<\/span><\/p>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Ahora cada vez que nos conectemos nos pedir\u00e1 la <\/span><span class=\"\"><strong><em><span class=\"md-plain\">key passphrase<\/span><\/em><\/strong><\/span><span class=\"md-plain\">, ofreciendo un nivel de seguridad m\u00e1ximo a la hora de conectarnos remotamente a nuestro servidor <\/span><span class=\"\"><strong><span class=\"md-plain\">SSH<\/span><\/strong><\/span><span class=\"md-plain\">.<\/span><\/p>\n<p class=\"md-end-block md-p\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-777\" src=\"https:\/\/blog.tiraquelibras.com\/wp-content\/uploads\/2020\/01\/6-copia.jpg\" alt=\"\" width=\"658\" height=\"130\"> <img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-778\" src=\"https:\/\/blog.tiraquelibras.com\/wp-content\/uploads\/2020\/01\/7-copia.jpg\" alt=\"\" width=\"659\" height=\"259\"><\/p>\n<hr>\n<h1 class=\"md-end-block md-heading\"><span class=\"ez-toc-section\" id=\"Opcional\"><\/span><span class=\"md-plain\">Opcional<\/span><span class=\"ez-toc-section-end\"><\/span><\/h1>\n<h2 class=\"md-end-block md-heading\"><span class=\"ez-toc-section\" id=\"Elevar_usuario_a_root\"><\/span><span class=\"md-plain\">Elevar usuario a root<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Opcionalmente podemos crear un acceso a <\/span><span class=\"\"><strong><span class=\"md-plain\">root<\/span><\/strong><\/span><span class=\"md-plain\"> para el usuario creado, editando el <\/span><span class=\"\"><strong><em><span class=\"md-plain\">visudo<\/span><\/em><\/strong><\/span><span class=\"md-plain\"> como usuario administrador:<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">root@h2847530:\/# visudo<\/pre>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Y agregamos la siguiente l\u00ednea:<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">...\npruebas ALL=(ALL) ALL\n...<\/pre>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Ahora una vez accedemos al servidor con escribir <\/span><span spellcheck=\"false\"><code>sudo su<\/code><\/span><span class=\"md-plain\"> nos pedir\u00e1 la credencial y podremos elevarnos como <\/span><span class=\"\"><strong><em><span class=\"md-plain\">root<\/span><\/em><\/strong><\/span><span class=\"md-plain\">.<\/span><\/p>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">Si no queremos agregar la credencial debemos de agregar la l\u00ednea con el siguiente formato:<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">...\npruebas ALL=(ALL) NOPASSWD: ALL\n...<\/pre>\n<hr>\n<h1 class=\"md-end-block md-heading md-focus\"><span class=\"ez-toc-section\" id=\"Enlaces_de_interes\"><\/span><span class=\"md-plain md-expand\">Enlaces de inter\u00e9s<\/span><span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p class=\"md-end-block md-p\"><span class=\" md-link\"><a spellcheck=\"false\" href=\"https:\/\/www.howtoforge.com\/how-to-configure-ssh-keys-authentication-with-putty-and-linux-server-in-5-quick-steps\" class=\"external external_icon\" rel=\"nofollow\" target=\"_blank\"><span class=\"md-plain\">Manual de instalaci\u00f3n en Howtoforge<\/span><\/a><\/span><\/p>\n<pre class=\"md-fences md-end-block ty-contain-cm modeLoaded\" lang=\"\" spellcheck=\"false\"><span role=\"presentation\">&nbsp;<\/span><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Una medida de seguridad para conectarnos a nuestros servidores v\u00eda&nbsp;SSH es deshabilitar la autenticaci\u00f3n con&nbsp;password y usar&nbsp;claves p\u00fablicas con key passphrase. De esta forma evitamos<span class=\"read-more-link\"><a class=\"read-more\" href=\"https:\/\/blog.tiraquelibras.com\/?p=766\">Read More<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":780,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,10,22],"tags":[97,96,95],"class_list":["post-766","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ciberseguridad","category-sistemas","category-ti","tag-openssh","tag-remoto","tag-ssh"],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/posts\/766","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=766"}],"version-history":[{"count":0,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/posts\/766\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/media\/780"}],"wp:attachment":[{"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=766"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=766"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=766"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}