References

SSH

Checking for existing SSH keys

Enter ls -al ~/.ssh to see if existing SSH keys are present:

ls -al ~/.ssh
# Lists the files in your .ssh directory, if they exist

Check the directory listing to see if you already have a public SSH key.

By default, the filenames of the public keys are one of the following:

  • id_dsa.pub
  • id_ecdsa.pub
  • id_ed25519.pub
  • id_rsa.pub

Generating a new SSH key

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Adding or changing a passphrase

ssh-keygen -p
# Start the SSH key creation process
Enter file in which the key is (/Users/you/.ssh/id_rsa): [Hit enter]
Key has comment '/Users/you/.ssh/id_rsa'
Enter new passphrase (empty for no passphrase): [Type new passphrase]
Enter same passphrase again: [One more time for luck]
Your identification has been saved with the new passphrase.

Create a self-signed certificate and Activate SSL on Apache2

Install openssl

sudo apt-get install openssl

To create a self-signed certificate

sudo openssl req -new -x509 -days 365 -nodes -out /path/to/cert.pem -keyout /path/to/cert.pem

Fill the fields as below

Country Name (2 letter code) [AU]:IE
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example Ltd
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:example.com
Email Address []:email@example.com

You can use this certificate with application such as apache, courier to provide ssl support.

Install and reload apache ssl module to enable ssl support

a2enmod ssl
/etc/init.d/apache2 force-reload

Once this is done you’ll have Apache setup to accept SSL connections, but the server will still only be listening for incoming HTTP requests on port 80 - and not SSL connections on port 443. To fix this you must add a line to the file /etc/apache2/ports.conf:

Listen 443

The final step is to ensure that your virtual hosts, or main host, will accept SSL options. Add below lines to your VirtualHost tag.

SSLEngine on
SSLCertificateFile /path/to/cert.pem

For reference here is a complete example which should be easy to modify/understand:

NameVirtualHost *:443
NameVirtualHost *:80
<VirtualHost *:80>
ServerName earth.my.flat
DocumentRoot /var/www/
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName earth.my.flat
DocumentRoot /var/www/
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
SSLEngine on
SSLCertificateFile /path/to/cert.pem
</VirtualHost>