It is possible to create a bridge between OpenSSH and the Emercoin cryptocurrency's blockchain. The result is a comfortable, safe and very flexible way to log in to multiple servers using the SSH protocol. More information about the benefits of EMCSSH can be found here in the blog of the developers. Below are instructions for installing and configuring the example Emercoin SSH VPS on Debian 7.
We assume that your server is already running the Emercoin wallet. If not, instructions can be found for installing it here.
First upgrade the existing software:
Now install curl and jansson:
apt-get install libcurl4-openssl-dev libjansson-dev
Next, you need to download and install emcssh:
tar xfz emcssh-0.0.2.tar.gz
Now you need to edit the config file /usr/local/etc/emcssh_config and change the setting for emcurl. Settings need to match those in emercoin.conf, which can be found in /home/emc/.emercoin/emercoin.conf
Change the value for emcurl
emcurl http://emccoinrpc:[email protected]:8775/
emccoinrpc and rpcpassword should be taken from emercoin.conf, other parameters can be left as is.
Important: the emcssh_config file should have permissions set to read and write only by root. Do not change the permissions on this file as it contains the rpcpassword.
Next, you need to edit the sshd config file, but Debian has a small problem in that the sshd version may be too old and first needs to be updated. Users of other operating systems can skip the next step.
For starters find out what version of OpenSSH is installed:
In response, we get the following message:
unknown option -- v
If the version is 6.2 or above, the next step can be skipped. Otherwise, update:
Add to the end of the line and save the file:
deb http://ftp.debian.org/debian/ wheezy-backports main non-free contrib
Update the system:
and install sshd
apt-get -t wheezy-backports install openssh-server
The installation script asks whether to disable password authentication. The best response is not to be able to log in the traditional way.
In addition, users of Debian will need to change the file location emcssh:
mv /usr/local/sbin/emcssh /usr/sbin/emcssh
Now we need to edit the configuration file sshd_config:
It is necessary to add the line:
For other operating systems:
Restart sshd with the new configuration:
kill -HUP `cat /var/run/sshd.pid`
Now we need to come up with a user name and generate a key pair for them. If you are running Windows, I recommend using PuTTYgen. Download it here.
Run PuTTYgen, change the number of bits to 4096 and click Generate.
Wave the mouse cursor on the screen during key generation. After which you should see something like this:
Click Save Private Key and store the key on your computer. Password protection is not needed, therefore, you can agree to save without a password.
Next, we need to add the public key (highlighted in the picture above) to the Emercoin blockchain. Do this in your Emercoin wallet on your PC. In the name field, specify:
In the value field paste your public key from PuTTYgen. The new address field can be left blank. Specify the number of days, and click Submit.
Now we need to wait for confirmation of our transaction. To save time while waiting for confirmation, you can now go back to your server, and add a new user to the file emcssh_keys:
In the document, simply add your user via @. In my case it is:
Save and close the document.
It should be noted that Emercoin's EMCSSH technology allows not only individual users, but also entire groups. Let's say you want to give three other people access to my servers. You could individually add all users to the emcssh_keys file, but it is inconvenient, because every time you add or remove a user you will need to edit this file on all servers. There's a more versatile and easy way. Simply create an entry in the Emercoin blockchain, for example kamilloFriends and list all your friends. The fields for such an entry are as follows:
Value: @[email protected][email protected][email protected]
If you need to add or remove someone from the group, it will be enough to make a Name_Update on this entry in the Emercoin wallet.
Thus, if in the file emcssh_keys I specify the group @kamilloFriends, the system can authorize any of my friends.
To make sure that everything works as expected, run the following command:
On my test server I work from the root user, so the command for my username would be:
In response, we get the following message:
#INFO: verbose=2; maxkeys=4096 recursion=30 emcssh_keys=/root/.ssh/emcssh_keys; [email protected]:8775/
Perfectly as expected. Everything works.
Now try to log in. Without closing the current session, authorize PuTTY to log in without a password. To do this, open a new PuTTY window, enter the IP address of your server and go to SSH-> Auth:
Click Browse ... and specify the path to your private key.
On the tab Connection -> Data we can specify the user under which we want to connect. If not specified, don't worry - in this case the server will ask for the user name when you connect.
Click Open and connect to the server. If it connects then you have succeeded! If the connection fails for some reason, open the window of the previous session and enter the following command:
Look carefully for any error messages there and seek solutions to the problem. And if you can't fix it, please ask for help.
Finally, here's another useful command, which shows when visitors log in:
grep "Accepted publickey" /var/log/auth.log
To be able to log in to an EMCSSH enabled server via the terminal in OS X, you first need to convert your private key to the desired format. I did the conversion in Windows through the program PuTTYgen. It is better to set a password for your key since OS X will complain about it (in the future you will need to enter your password only once).
Run PuTTYgen, click Load and choose our key *.ppk. Next, set a password in Key passphrase and Confirm passphrase. Go to the tab Conversions and export key in the format of OpenSSH:
Now we want to add the key to the OS X system.
Open a terminal and navigate to the folder where you exported the key. I have a folder named Keys:
Set the key as read-only, otherwise the system will complain:
chmod 0400 your_key_file
Add the key:
In response, we receive a message that an identifier was added. Check the connection with the command:
ssh [email protected]_server_ip
If the server does not ask for a password, then all is well.
That's all. If you have questions, be sure to ask.