I started using ssh only few weeks back and slowly I realized what I had been missing all the time.
Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices. The two major versions of the protocol are referred to as SSH1 or SSH-1 and SSH2 or SSH-2. Used primarily on Linux and Unix based systems to access shell accounts, SSH was designed as a replacement for Telnet and other insecure remote shells, which send information, notably passwords, in plaintext, rendering them susceptible to packet analysis. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet.
SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary. Anyone can produce a matching pair of different keys (public and private). The public key is placed on all computers that must allow access to the owner of the matching private key (the owner keeps the private key in secret). While authentication is based on the private key, the key itself is never transferred through the network during authentication.
SSH only verifies if the same person offering the public key also owns the matching private key. Hence in all versions of SSH, it is important to verify unknown public keys before accepting them as valid. Accepting an attacker's public key without validation would simply authorize an unauthorized attacker as a valid user.
If you don't have OpenSSH installed, you can get it by
sudo apt-get install openssh-client
To use public keys with an ssh server, you'll first need to generate a public/private key pair:
ssh-keygen -t rsa
-t dsa for using DSA key
Now it is time to enter filename and passphrases
The private key was saved in the read-only file .ssh/id_rsa. It is used to decrypt all correspondence encrypted with the public key, and so no one else should have access to that file. The public key is saved in .ssh/id_rsa.pub file.Now, copy the public key onto a remote systems' .ssh/authorized_keys2 file and make the file permissions 0x600, so it is only read/writable by you. Without these permissions, ssh will refuse to use the key. And now you can SSH to the remote systems's account without using a password.
ssh-copy-id remotehost
or you can
ssh server "mkdir .ssh; chmod 0600 .ssh"
scp .ssh/id_rsa.pub server:.ssh/authorized_keys
(don't forget to replace your server name for server)
or you can
cat ~/.ssh/id_rsa.pub | ssh user@server “mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys”
(just in case the machine does not have ssh-copy-id)
Here is a trick: Keep the pass phrase empty. It will enable fast password-less login. However, it is unsafe.
Otherwise, for safe password-less login
Start ssh agent
ssh-agent $SHELL
Then, load your private key into the ssh agent
ssh-add
The following will come up
Enter passphrase for //.ssh/id_rsa: < Enter passphrase here >
Some simple and useful commands:
to know the version of the ssh(OpenSSH or SSH2):
ssh -V
to connect to a server using ssh protocol
ssh user@server
to connect and redirect X11 protocol(to display windows) through ssh
ssh -X user@server
to execute command in the remote host
ssh user@server remote command
to execute same command in a number of hosts
for server in server1 server2 server3; do echo -n $server:; ssh $server uptime; done;
to connect using an intermediate server
ssh -t server_intermediate ssh -t server_final
to convert OpenSSH public key to SSH2 public key:
ssh-keygen -e -f ~/.ssh/id_rsa.pub > ~/.ssh/id_rsa_ssh2.pub
to connect to a specific port
ssh -p portnumber user@someserver
to start a tunnel from some machine’s port 80 to your local post 2012
ssh -N -L2012:localhost:80 user@someserver
For more information
-t dsa for using DSA key
Now it is time to enter filename and passphrases
The following things will come up:
Generating public/private rsa key pair.
Enter file in which to save the key (//.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in //.ssh/id_rsa.
Your public key has been saved in //.ssh/id_rsa.pub.
The key fingerprint is:
bc:e7:ee:2c:5d:6c:b4:e9:af:e0:a3:58:26:eb:43:83 utsav@utb-desktop
ssh-copy-id remotehost
or you can
ssh server "mkdir .ssh; chmod 0600 .ssh"
scp .ssh/id_rsa.pub server:.ssh/authorized_keys
(don't forget to replace your server name for server)
or you can
cat ~/.ssh/id_rsa.pub | ssh user@server “mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys”
(just in case the machine does not have ssh-copy-id)
Here is a trick: Keep the pass phrase empty. It will enable fast password-less login. However, it is unsafe.
Otherwise, for safe password-less login
Start ssh agent
ssh-agent $SHELL
Then, load your private key into the ssh agent
ssh-add
The following will come up
Enter passphrase for //.ssh/id_rsa: < Enter passphrase here >
Identity added: //.ssh/id_rsa (//.ssh/id_rsa)
Other available ssh-add options are
ssh-add <key-file-name>: Load a specific key file.
ssh-add -l: List all the key loaded in the ssh agent.
ssh-add -d <key-file-name>: Delete a specificy key from the ssh agent
ssh-add -D: Delete all key
to know the version of the ssh(OpenSSH or SSH2):
ssh -V
to connect to a server using ssh protocol
ssh user@server
to connect and redirect X11 protocol(to display windows) through ssh
ssh -X user@server
to execute command in the remote host
ssh user@server remote command
to execute same command in a number of hosts
for server in server1 server2 server3; do echo -n $server:; ssh $server uptime; done;
to connect using an intermediate server
ssh -t server_intermediate ssh -t server_final
to convert OpenSSH public key to SSH2 public key:
ssh-keygen -e -f ~/.ssh/id_rsa.pub > ~/.ssh/id_rsa_ssh2.pub
to connect to a specific port
ssh -p portnumber user@someserver
to start a tunnel from some machine’s port 80 to your local post 2012
ssh -N -L2012:localhost:80 user@someserver
For more information
- http://www.openssh.org/
- http://www.openssh.org/faq.html
- http://www.lysator.liu.se/~nisse/lsh/
- http://www.chiark.greenend.org.uk/~sgtatham/putty/
- http://www.ssh.com/
Useful Info...
ReplyDelete