Understanding the Secure Shell (SSH)

If you re concerned about someone intercepting your clear-text network communications, consider installing the Secure Shell. Because it encrypts your communications over any network, it s a viable alternative to the RSH commands as well as Telnet.

SSH Installation

The SSH includes several component RPM packages, as shown in Table 23.4. Use the rpm commands discussed in Chapter 10 to install them as required.

Table 23.4: Secure Shell (SSH) Packages

Package

Function

openssh-*

Core files for SSH client and server

openssh-askpass-gnome-*

Files that support passphrase management inside GNOME

openssh-askpass-*

Files that support GUI management of SSH passphrases

openssh- clients -*

Client files for connecting to SSH servers

openssh-server-*

SSH servers

Tip  

You can even use SSH on Microsoft Windows computers. As of this writing, a free version of the Open SSH package is available for download from Network Simplicity at www.networksimplicity.com . Once installed and configured, it works just like the Linux version of SSH.

SSH Configuration

The main SSH configuration file is /etc/ssh/sshd_config . While the default file works in most cases, you can adjust the settings in this file for special TCP/IP ports ”for example, to limit access to different IP addresses, to adjust the size of encryption keys, to override RSH authentication, and to enable the use of Kerberos.

Once you have the appropriate packages installed, the next step is to create private and public encryption keys. You keep the private key secure on your Linux server. Public encryption keys allow others to scramble the messages that they send to you. Alternatively, messages that you send are encrypted with the private key. They include the public key, which is used to unscramble the message only on the destination computer. These keys are based on random numbers so large (512 bits and more) that it would take weeks for a cracker with a personal computer to find.

Two basic SSH commands allow you to create private and public keys: ssh-keygen -t rsa and ssh-keygen -t dsa . These commands let you create keys based on the algorithm created by RSA Security or the Digital Secure Algorithm.

Both commands create the private and public keys, by default, in the ssh subdirectory of the user s home directory; thus ~/.ssh , as listed in Table 23.5. When prompted, create a passphrase. If you don t set a passphrase, a cracker could steal your SSH private key. In some cases, this would allow the cracker to use your digital identity to use your credit cards or sign contracts in your name .

Table 23.5: Default SSH Key Files

Algorithm

Private

Public

DSA

~/.ssh/id_dsa

~/.ssh/id_dsa.pub

RSA

~/.ssh/id_rsa

~/.ssh/id_rsa.pub

Sample Session

Once you ve installed the right RPMs on clients and servers and created the appropriate SSH keys, you re ready to begin using the Secure Shell. If desired, you can check to make sure the SSH server is running by issuing the service sshd status command.

Now you can connect directly to your account on another computer. For example, assume you are a user named tblair and have an account on both computers. Run the ssh sugaree.mommabears.com command to connect to that computer. Be sure to substitute the computer name or IP address of your choice for sugaree.mommabears.com .

The first time you try to connect with ssh (or related commands), you ll see a message like the following:

 The authenticity of host 


Mastering Red Hat Linux 9
Building Tablet PC Applications (Pro-Developer)
ISBN: 078214179X
EAN: 2147483647
Year: 2005
Pages: 220

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net