Recipe 17.2. Setting Up OpenSSH the First Time

Previous page
Table of content
Next page
 < Day Day Up > 

17.2.1 Problem

You need to establish a connection between your local workstation and a remote PC. The connection needs to be secure; you don't want your data exposed to prying eyes. (They're there, and you should be worried about them even if you aren't paranoid.) So you want to set up OpenSSH.

17.2.2 Solution

Install OpenSSH on both machines. sshd, the ssh daemon, must be running on the remote host, so that it can receive connections. Copy the remote host's public key to the local machine's ~/.ssh/known_hosts file, and you're in business.

Starting and stopping sshd on most rpm-based systems is done like this:

# /etc/init.d/sshd start # /etc/init.d/sshd stop

On Debian, it's slightly different:

# /etc/init.d/ssh start # /etc/init.d/ssh stop

Always check your init filenames, as they vary on different distributions.

Copying the remote host's public key to your local ~/.ssh/known_hosts file is as simple as connecting to the remote host:

carla@windbag carla$ ssh stinkpad The authenticity of host 'stinkpad (192.168.1.100)' can't be established. RSA key fingerprint is a2:c6:70:3e:73:00:b3:ed:90:b1:9a:bc:e7:d5:32:ba. Are you sure you want to continue connecting (yes/no)?

Type yes, and it will respond:

Warning: Permanently added 'stinkpad,192.168.1.100' (RSA) to the list of known hosts. carla@stinkpad's password: Linux stinkpad 2.4.21 #1 Sun Aug 3 20:15:59 PDT 2003 i686 GNU/Linux Libranet GNU/Linux Last login: Sat June  3 22:16:24 2004 from :0.0 carla@stinkpad:~$

Now you are logged into your account on the remote PC, and can work just as if you were sitting physically at the remote machine. (To learn how to run a remote X session, see Recipe Recipe 17.11.) To close the session, type exit.

17.2.3 Discussion

Using the simple ssh <hostname> login connects you to another host on your LAN, using the same login. You can connect as a different user with the -l flag:

carla@windbag ~$ ssh -l wilmaf stinkpad

To make an SSH connection over the Internet, you must use the full domain name:

carla@windbag ~$ ssh stinkpad.test.net

Making that initial connection, and copying the host's RSA key, is the riskiest part of setting up SSH. If an intruder managed to compromise your nameserver, she could possibly hijack your SSH session and capture your login. It's a pretty small risk, though, and you can verify the IP address before logging in the first time. To close off this hole, you can manually copy the host's public key to your local ~/.ssh/known_hosts file first. You must edit it slightly; see the examples below.

Host keys are stored in /etc/ssh. These are used to validate the identity of the remote host. This is all you need to allow users to access this machine. All they need is a copy of the public host key in their ~/.ssh/known_hosts files and an account to log into. Some Linux distributions create two key pairs when you install OpenSSH one RSA key pair and one DSA key pair:

$ ls /etc/ssh ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub

If your system does not create these for you, or you wish to change them, see Recipe Recipe 17.3 to learn how to generate new host keys.

This is what the public rsa key looks like:

$ cat ssh_host_rsa_key.pub ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA5pSqNmtqRzK2JaLr8qkIQ41nBDLI2JRJ6gRBmwg9gwK3S8xXnMUHIs u8wh5S1oei8hs47x2I9cnNpxHfj1wQWwqP6lVyelDfD+y+uWIz0UGzUXN5IrqYZ70EdQ4Xn++Jl1kmFG6Ll6KySb07 0OX0nlC09rNxisHL5GC0qi1+qM= root@windbag

The key itself must be one long, unbroken line it must not have line breaks, as it does on this page. Copy it to a removeable disk, transfer it to your local ~/.ssh/known_hosts file, and modify it in this manner:

windbag.test.net,192.168.1.6 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA5pSqNmtqRzK2JaLr8qkIQ41nB DLI2JRJ6gRBmwg9gwK3S8xXnMUHIsu8wh5S1oei8hs47x2I9cnNpxHfj1wQWwqP6lVyelDfD+y+uWIz0UGzUXN5Irq YZ70EdQ4Xn++Jl1kmFG6Ll6KySb070OX0nlC09rNxisHL5GC0qi1+qM=

As you can see, the hostname and IP address must be written at the beginning of the line, and the hostname must be deleted from the end of the line.

The .pub, or public, keys are world-readable, but private keys must be readable only by the key owner.

17.2.4 See Also

  • ssh(1)

  • SSH, The Secure Shell: The Definitive Guide, by Daniel J. Barrett and Richard Silverman (O'Reilly)

     < Day Day Up > 

    Previous page
    Table of content
    Next page
    Linux Cookbook
    Linux Cookbook
    ISBN: 0596006403
    EAN: 2147483647
    Year: 2004
    Pages: 434
    Authors: Carla Schroder
    BUY ON AMAZON
    ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
    MySQL Stored Procedure Programming
    Introduction to 80x86 Assembly Language and Computer Architecture
    Twisted Network Programming Essentials
    What is Lean Six Sigma
    Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy