Using the Secure Shell Package

Previous page
Table of content
Next page

The Secure Shell package (SSH) provides shell services similar to other remote execution, remote copy, and remote login commands (such as the old UNIX rsh, rcp , and rlogin commands), but encrypts the network traffic. It uses private-key cryptography, so it is ideal for use with Internet-connected computers. The Fedora and RHEL distributions contain the following client and server software packages for SSH: openssh, openssh- clients , and openssh-server packages.

Starting the SSH Service

If you have installed the openssh-server software package, the SSH server is automatically configured to start. The SSH daemon is started from the /etc/init.d/sshd start-up script. To make sure the service is set up to start automatically, type the following (as root user ): 

 #  chkconfig --list sshd  sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

This shows that the sshd service is set to run in system states 2, 3, 4, and 5 (normal boot-up states) and set to be off in all other states. You can turn on the SSH service, if it is off, for your default run state, by typing the following as root user: 

 #  chkconfig sshd on

This line turns on the SSH service when you enter run levels 2, 3, 4, or 5. To start the service immediately, type the following: 

 #  /etc/init.d/sshd start

Using the ssh, sftp, and scp Commands

Three commands you can use with the SSH service are ssh, sftp , and scp . Remote users use the ssh command to log in to your system securely. The scp command lets remote users copy files to and from a system. The sftp command provides a safe way to access FTP sites.

Like the normal remote shell services, secure shell looks in the /etc/ hosts .equiv file and in a user's .rhost file to determine whether it should allow a connection. It also looks in the ssh-specific files /etc/shosts.equiv and .shosts . Using the shosts.equiv and the .shosts files is preferable because it avoids granting access to the nonencrypted remote shell services. The /etc/shosts.equiv and .shosts files are functionally equivalent to the traditional hosts.equiv and .rhosts files, so the same instructions and rules apply. (Type man hosts.equiv for further information.)

Now you are ready to test the SSH service. From another computer on which SSH has been installed (or even from the same computer if another is not available), type the ssh command followed by a space and the name of the system you are connecting to. For example, to connect to the system ratbert.glaci.com , type: 

 #  ssh ratbert.glaci.com

If this is the first time ever you have logged in to that system using the ssh command, it will ask you to confirm that you really want to connect. Type yes and press Enter when it asks this: 

 The authenticity of host 'ratbert.glaci.com (199.170.177.18)' can't be established. RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx. Are you sure you want to continue connecting (yes/no)?

It should then prompt you for a user name and password in the normal way. The connection will then function like a normal telnet connection. The only difference is that the information is encrypted as it travels over the network. You should now also be able to use the ssh command to run remote commands from a shell on the remote system.

The scp command is similar to the rcp command for copying files to and from Linux systems. Here is an example of using the scp command to copy a file called memo from the home directory of the user named jake to the /tmp directory on a computer called maple : 

 $  scp /home/jake/memo maple:/tmp  jake@maple's password:  ********  memo 100%**************** 153 0:00

Enter the password for your user name (if a password is requested ). If the password is accepted, the remote system indicates that the file has been copied successfully.

Similarly, the sftp command starts an interactive FTP session with an FTP server that supports SSH connections. Many security-conscious people prefer sftp to other ftp clients because it provides a secure connection between you and the remote host. Here's an example: 

 $  sftp ftp.handsonhistory.com  Connecting to ftp.handsonhistory.com jake@ftp.handsonhistory.com's password:  ********  sftp>

At this point you can begin an interactive FTP session. You can use get and put commands on files as you would using any FTP client, but with the comfort of knowing that you are working on a secure connection.

Tip 

The sftp command, as with ssh and scp , requires that the SSH service be running on the server. If you can't connect to a FTP server using sftp , the SSH service may not be available.

Using ssh, scp and sftp without Passwords

For machines that you use a great deal, it is often helpful to set them up so that you do not have to use a password to log in. The following procedure shows you how to do that.

These steps will take you through setting up password-less authentication from one machine to another. In this example, the local user is named chester on a computer named host1. The remote user is also chester on a computer named host2.

  1. Log in to the local computer (in this example, I log in as chester to host1 ).

    Note 

    Run step 2 only once as local user on your local workstation. Do not run it again unless you lose your ssh keys. When configuring subsequent remote servers, skip right to step 4.

  2. Type the following to generate the ssh key: 

     $  ssh-keygen -t dsa  Generating public/private dsa key pair. Enter file in which to save the key (/home/chester/.ssh/id_dsa): <Enter> Enter passphrase (empty for no passphrase): ***** Enter same passphrase again: ***** Your identification has been saved in /home/chester/.ssh/id_dsa. Your public key has been saved in /home/chester/.ssh/id_dsa.pub. The key fingerprint is: 3b:c0:2f:63:a5:65:70:b7:4b:f0:2a:c4:18:24:47:69 chester@host1

  3. Accept the default key file location by pressing Enter and enter a password for your passphrase. The password should be a long one - 16 characters or more would be fine.

  4. You must secure the permissions of your authentication keys by closing permissions to your home directory, .ssh directory and authentication files as follows : 

     $  chmod go-w $HOME  $  chmod 700 $HOME/.ssh  $  chmod go-rwx $HOME/.ssh/*

  5. Type the following to copy the key to the remote server (replace chester with the remote user name and host2 with the remote hostname): 

     $  cd ~/.ssh  $  scp id_dsa.pub chester@host2:/tmp  chester@host2's password:  *******

  6. Type the following to add the ssh key to the remote user's authorization keys (the code should be on one line, not wrapped): 

     $  ssh chester@host2 'cat /tmp/id_dsa.pub >>   /home/chester/.ssh/authorized_keys2'
    Note 

    The previous two steps will ask for passwords. This is okay.

  7. In order for the sshd daemon to accept the authorized_keys2 file you created, your home directories and authentication files must have secure permissions. To secure those files and directories, type the following: 

     $  ssh chester@host2 chmod go-w $HOME  $  ssh chester@host2 chmod 700 $HOME/.ssh  $  ssh chester@host2 chmod go-rwx $HOME/.ssh/*

  8. Type the following to remove the key from the temporary directory: 

     $  ssh chester@host2 rm /tmp/id_dsa.pub

It is important to note that once you have this working, it will work regardless of how many times the IP address changes on your local computer. IP address has nothing to do with this form of authentication.



Previous page
Table of content
Next page
Fedora 6 and Red Hat Enterprise Linux Bible
Fedora 6 and Red Hat Enterprise Linux Bible
ISBN: 047008278X
EAN: 2147483647
Year: 2007
Pages: 279
Authors: Christopher Negus
BUY ON AMAZON
Project Management JumpStart
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
Postfix: The Definitive Guide
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
What is Lean Six Sigma
VBScript in a Nutshell, 2nd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy