Monday, November 26, 2012

OpenSSH

4:50 AM By Rajashekar Reddy BusiReddy 0 comments


OpenSSH
OpenSSH is a free, open source implementation of the SSH (Secure SH ell) protocols. It replaces telnet, ftp, rlogin, rsh, and rcp with secure, encrypted network connectivity tools.
All communications using OpenSSH tools, including passwords, are encrypted. Telnet and ftp use plain text passwords andsend all information unencrypted. T he information can be intercepted, the passwords can be retrieved,and your system could be compromised by an unauthorized person logging in to your system using oneof the intercepted passwords. T he OpenSSH set of utilities should be used whenever possible to avoidthese security problems.
Service Profile
Service: sshd
Package: openssh
Configuration file: /etc/ssh/ssh_config     
/etc/ssh/sshd_config      
/etc/ssh/ssh_host_dsa_key     
/etc/ssh/ssh_host_dsa_key.pub        
/etc/ssh/ssh_host_key   
/etc/ssh/ssh_host_key.pub      
/etc/ssh/ssh_host_rsa_key      
/etc/ssh/ssh_host_rsa_key.pub        
Daemon:sshd
Objective :  To provide secure communications between two systems using a client/server architecture and allows users to log into server host systems remotely.
Install the package
[root@raju~]#yum install openssh* -y
Run the service
[root@raju~]#chkconfig sshd on

[root@raju~]#service sshd restart

To connect to an OpenSSH server from a client machine, you must have the openssh-clients and openssh packages installed on the client machine.
Using the ssh Command
The ssh command is a secure replacement for the rlogin, rsh, and telnet commands. It allows you to log in to a remote machine as well as execute commands on a remote machine.
Logging in to a remote machine with ssh is similar to using telnet. To log in to a remote machine  named desktop1.example.com  type the following command at a shell prompt:
ssh desktop1.example.com 
The first time when you ssh use  to a remote machine, you will see a message similar to the following:
The authenticity of host ' desktop1.example.com’  can't be established.
DSA key fingerprint is 94:68:3a:3a:bc:f3:9a:9b:01:5d:b3:07:38:e2:11:0c.
Are you sure you want to continue connecting (yes/no)?
Type yes to continue. This will add the server to your list of known hosts (~/.ssh/known_hosts/) as
seen in the following message:
Warning: Permanently added ‘desktop1.example.com  ' (RSA) to the list of known hosts.
Next, you will see a prompt asking for your password for the remote machine. After entering your password, you will be at a shell prompt for the remote machine. If you do not specify a username the username that you are logged in as on the local client machine is passed to the remote machine. If you want to specify a different username, use the following command:
ssh username@desktop1.example.com 

You can also use the syntax ssh -l username desktop1.example.com 
The ssh command can be used to execute a command on the remote machine without logging in to a shell prompt. The syntax is ssh hostname command.
For example, if you want to execute the command
ls /usr/share/doc  on the remote machine desktop1.example.com  , type the following command at a
shell prompt:
ssh desktop1.example.com  ls /usr/share/doc
After you enter the correct password, the contents of the remote directory /usr/share/doc will be
displayed, and you will return to your local shell prompt.
Using the scp Command
T he scp command can be used to transfer files between machines over a secure, encrypted connection. It is similar to rcp.
The general syntax to transfer a local file to a remote system is as follows:
scp <localfile>username@tohostname:<remotefile>
The <localfile> specifies the source including path to the file, such as /var/log/m aillog. T he
<remotefile> specifies the destination
For the remote system, if you do not have a preceding /, the path will be relative to the home directory of username, typically /hom e/username/.
The general syntax to transfer a remote file to the local system is as follows:
scp username@tohostname:<remotefile><newlocalfile>
T he <remotefile> specifies the source including path, and <newlocalfile> specifies the destination including path.
Multiple files can be specified as the source files. For example, to transfer the contents of the directory downloads/ to an existing directory called uploads/ on the remote machine desktop1.example.com type the following at a shell prompt:
scp downloads/* username@ desktop1.example.com:upl o ads/
Using the sftp Command
The sftp utility can be used to open a secure, interactive FT P session. It is similar to ftp except that it uses a secure, encrypted connection.
The general syntax is sftp username@hostname.com
 Once authenticated, you can use a set of commands similar to those used by FT P.
The sftp utility is only available in OpenSSH version 2.5.0p1 and higher.
Generating Key Pairs
If you do not want to enter your password every time you use ssh, scp, or sftp to connect to a remote machine, you can generate an authorization key pair.
Keys must be generated for each user. To generate keys for a user, use the following steps as the userwho wants to connect to remote machines. If you complete the steps as root, only root will be able to use the keys.

To generate an RSA key pair for version 2 of the SSH protocol, follow these steps:
1.     Generate an RSA key pair by typing the following at a shell prompt:
2.      ssh-keygen -t rsa
3.     Generating public/private rsa key pair.
4.     Enter file in which to save the key (/home/john/.ssh/id_rsa):
5.     Press Enter to confirm the default location (that is, ~/.ssh/id_rsa) for the newly created key.
6.     Enter a passphrase, and confirm it by entering it again when prompted to do so. For security reasons, avoid using the same password as you use to log in to your account.
After this, you will be presented with a message similar to this:
Your identification has been saved in /home/john/.ssh/id_rsa.
Your public key has been saved in /home/john/.ssh/id_rsa.pub.
The key fingerprint is:
e7:97:c7:e2:0e:f9:0e:fc:c4:d7:cb:e5:31:11:92:14 john@penguin.example.com
The key's randomart image is:
+--[ RSA 2048]----+
|             E.  |
|            . .  |
|             o . |
|              . .|
|        S .    . |
|         + o o ..|
|          * * +oo|
|           O +..=|
|           o*  o.|
+-----------------+
7.     Change the permissions of the ~/.ssh/ directory:
8.      chmod 755 ~/.ssh
9.     Copy the content of ~/.ssh/id_rsa.pub into the ~/.ssh/authorized_keys on the machine to which you want to connect, appending it to its end if the file already exists.
10.            Change the permissions of the ~/.ssh/authorized_keys file using the following command:
 chmod 644 ~/.ssh/authorized_keys

Stay Connected With Free Updates!

Subscribe via Email

Follow me!
Leave Your Comment Below If You Like This Post

About the Author


0 comments:

Subscribe to: Post Comments (Atom)