SSH is a secure shell, mostly use for secure remote access.
Under Debian, just install the following packages :
sudo apt-get install ssh
For example, if you want to access to tryphon.org's servers :
[user@host] ssh email@example.com firstname.lastname@example.org's password: Last login: Sun May 13 08:24:48 2002 [email@example.com user]$
This will work only if you have a account on our server/remote computer
The SSH protocol allow to akey authentication. To use it, you wil need to follow these two step :
[user@host user]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: b3:fe:8f:95:8b:60:a5:c6:0c:37:73:1b:7c:30:ac:fd user@host
Just add the content of
~/.ssh/id_rsa.pub to the remote file :
~/.ssh/authorized_keys. You should make it trough ssh :
[user@host user]$ cat .ssh/id_rsa.pub | ssh firstname.lastname@example.org "chmod g-w ~/; mkdir -p .ssh; chmod 700 .ssh; cat - >> .ssh/authorized_keys2" The authenticity of host 'ssh.tryphon.org (x.x.x.x)' can't be established. RSA key fingerprint is 55:47:3a:d1:aa:c2:bd:96:3c:8e:4f:cc:c5:0e:33:d0. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ssh.tryphon.org' (RSA) to the list of known hosts. email@example.com's password:
You can check right of your
.ssh directory to avoid security problem :
[firstname.lastname@example.org] ll -d . .ssh .ssh/* drwxr-xr-x 6 user user 4096 May 13 11:26 . drwx------ 2 user user 4096 May 8 11:10 .ssh -rw------- 1 user user 240 Jan 15 15:03 .ssh/authorized_keys2 -rw-r--r-- 1 user user 221 May 8 10:16 .ssh/known_hosts -rw-r--r-- 1 user user 461 Feb 20 16:11 .ssh/known_hosts2
To avoid ssh scaning and continuous authentification attempts, you can configure your ssh server to listen on another port than the default port 22.
There is the configuration changes to listen on port 1234 (but choose our own port).
/etc/ssh/sshd_config, add :
Remove the default port 22 after testing the alternative port.
To use the alternative port, use the ssh -p option :
ssh -p 1234 user@sshserver
You can configure this option in your ssh client configuration.
/etc/ssh/ssh_config, add :
Host sshserver Port 1234