How to use SSH

SSH is a secure shell, mostly use for secure remote access.

Installation

Under Debian, just install the following packages :

sudo apt-get install ssh

Access to a remote computer

For example, if you want to access to tryphon.org's servers :

[user@host] ssh user@ssh.tryphon.org
user@ssh.tryphon.org's password:
Last login: Sun May 13 08:24:48 2002
[user@ssh.tryphon.org user]$

This will work only if you have a account on our server/remote computer ;-)

The private/public key authentication

The SSH protocol allow to akey authentication. To use it, you wil need to follow these two step :

Create the private/public pair of keys.

[user@host user]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
b3:fe:8f:95:8b:60:a5:c6:0c:37:73:1b:7c:30:ac:fd user@host

Transmit the public key to the remote computer

Just add the content of ~/.ssh/id_rsa.pub to the remote file : ~/.ssh/authorized_keys. You should make it trough ssh :

[user@host user]$ cat .ssh/id_rsa.pub | ssh user@ssh.tryphon.org "chmod g-w ~/; mkdir -p .ssh; chmod 700 .ssh; cat - >> .ssh/authorized_keys2"
The authenticity of host 'ssh.tryphon.org (x.x.x.x)' can't be established.
RSA key fingerprint is 55:47:3a:d1:aa:c2:bd:96:3c:8e:4f:cc:c5:0e:33:d0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ssh.tryphon.org' (RSA) to the list of known hosts.
user@ssh.tryphon.org's password: 

You can check right of your .ssh directory to avoid security problem :

[user@ssh.tryphon.org] ll -d . .ssh .ssh/*
drwxr-xr-x    6 user    user        4096 May 13 11:26 .
drwx------    2 user    user        4096 May  8 11:10 .ssh
-rw-------    1 user    user         240 Jan 15 15:03 .ssh/authorized_keys2
-rw-r--r--    1 user    user         221 May  8 10:16 .ssh/known_hosts
-rw-r--r--    1 user    user         461 Feb 20 16:11 .ssh/known_hosts2

Use an alternate port for SSH

To avoid ssh scaning and continuous authentification attempts, you can configure your ssh server to listen on another port than the default port 22.

There is the configuration changes to listen on port 1234 (but choose our own port).

Server setup

in /etc/ssh/sshd_config, add :

Port 1234

Remove the default port 22 after testing the alternative port.

Client setup

To use the alternative port, use the ssh -p option :

ssh -p 1234 user@sshserver

You can configure this option in your ssh client configuration.

In ~/.ssh/config or /etc/ssh/ssh_config, add :

Host sshserver
Port 1234

Links

 
how_to_use_ssh.txt · Last modified: 2008/08/13 18:03 by 81.252.204.221
 
Except where otherwise noted, content on this wiki is licensed under the following license:CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Run by Debian Driven by DokuWiki