If you re concerned about someone intercepting your clear-text network communications, consider installing the Secure Shell. Because it encrypts your communications over any network, it s a viable alternative to the RSH commands as well as Telnet.
The SSH includes several component RPM packages, as shown in Table 23.4. Use the rpm commands discussed in Chapter 10 to install them as required.
Package | Function |
---|---|
openssh-* | Core files for SSH client and server |
openssh-askpass-gnome-* | Files that support passphrase management inside GNOME |
openssh-askpass-* | Files that support GUI management of SSH passphrases |
openssh- clients -* | Client files for connecting to SSH servers |
openssh-server-* | SSH servers |
Tip | You can even use SSH on Microsoft Windows computers. As of this writing, a free version of the Open SSH package is available for download from Network Simplicity at www.networksimplicity.com . Once installed and configured, it works just like the Linux version of SSH. |
The main SSH configuration file is /etc/ssh/sshd_config . While the default file works in most cases, you can adjust the settings in this file for special TCP/IP ports ”for example, to limit access to different IP addresses, to adjust the size of encryption keys, to override RSH authentication, and to enable the use of Kerberos.
Once you have the appropriate packages installed, the next step is to create private and public encryption keys. You keep the private key secure on your Linux server. Public encryption keys allow others to scramble the messages that they send to you. Alternatively, messages that you send are encrypted with the private key. They include the public key, which is used to unscramble the message only on the destination computer. These keys are based on random numbers so large (512 bits and more) that it would take weeks for a cracker with a personal computer to find.
Two basic SSH commands allow you to create private and public keys: ssh-keygen -t rsa and ssh-keygen -t dsa . These commands let you create keys based on the algorithm created by RSA Security or the Digital Secure Algorithm.
Both commands create the private and public keys, by default, in the ssh subdirectory of the user s home directory; thus ~/.ssh , as listed in Table 23.5. When prompted, create a passphrase. If you don t set a passphrase, a cracker could steal your SSH private key. In some cases, this would allow the cracker to use your digital identity to use your credit cards or sign contracts in your name .
Algorithm | Private | Public |
---|---|---|
DSA | ~/.ssh/id_dsa | ~/.ssh/id_dsa.pub |
RSA | ~/.ssh/id_rsa | ~/.ssh/id_rsa.pub |
Once you ve installed the right RPMs on clients and servers and created the appropriate SSH keys, you re ready to begin using the Secure Shell. If desired, you can check to make sure the SSH server is running by issuing the service sshd status command.
Now you can connect directly to your account on another computer. For example, assume you are a user named tblair and have an account on both computers. Run the ssh sugaree.mommabears.com command to connect to that computer. Be sure to substitute the computer name or IP address of your choice for sugaree.mommabears.com .
The first time you try to connect with ssh (or related commands), you ll see a message like the following:
The authenticity of host