Linux Box Admin
 Trusted Remote Administration
logo

Tilde
What's new
Articles
Micro HowTos
About
Contact







SSH
(0 votes)
Wednesday, 07 March 2007
   
    SSH    
     
       
 

SSH server

The first time sshd runs, it generates three cryptographic key pairs and stores the keys in /etc/ssh.

  • ssh_host_key and ssh_host_key.pub (v1)
  • ssh_host_dsa_key and ssh_host_dsa_key.pub (v2 DSA)
  • ssh_host_rsa_key and ssh_host_rsa_key.pub (v2 RSA)

 

SSH communicates over TCP port 22 by default. The global server configuration file is /etc/ssh/sshd_config.

To deny all root logins, set this value in the the sshd_config file:
PermitRootLogin no

To disable the less secure v1 SSH protocol, use:
Protocol 2

To disable X forwading, use:
X11Forwarding no

To disable password logins (force public/private key authentication), use:
PasswordAuthentication no

SSH client

Note: because of their sensitive nature, the ~/.ssh/ directory and most of the files in it MUST be read/write for the user and not accessible to group or other. For example:
-rw-------
Otherwise, SSH will ignore them. If you copy personal SSH files to a new system and they don't work, check the permissions.

The default client configuration file is /etc/ssh/ssh_config. The user configuration file, ~/.ssh/config takes precedence over the default configuration.

To connect to an SSH server using a different user ID:
ssh userid@server-name-or-IP

To securely copy file(s), use scp:
scp localfile userid@server-name-or-IP:remotefile
also
scp userid@server-name-or-IP:remotefile localfile

To generate an SSH keypair for logins without passwords:
ssh-keygen -t dsa
The system will prompt you for the secret key passphrase, then create the keys:
id_dsa (v2 private key)
id_dsa.pub (v2 public key)
Next, append the v2 public key to the ~/.ssh/authorized_keys2 file on the server(s) where you want to login. To bypass the passphrase every time the secret key is needed, load the key into ssh-agent.

SSH-Agent

To load secret keys in the ssh-agent manually, execute:

  1. ssh-agent
  2. ssh-add keyfile (once for each key)

 

It is usually more convenient to run ssh-agent and load keys in the X startup script or the startup script for your window manager. Another option is to use the keychain script

Port Forwarding

SSH can port forward local and remote connections securely. Only root can forward privileged ports (<=1024).

To redirect a local port to a remote host port:
ssh userid@remotehost -L localport:remotehost:remoteport

To redirect a remote port to a local or remote host port:
ssh userid@remotehost -R remoteport:host:localport

   
       
         
 
[ Back ]


Copyright © 2006,2007 Linux Box Admin.

 
My NHL fan blog