From KevinWiki

Revision as of 20:45, 31 March 2013 (view source) Kevin (Talk | contribs) (→known_hosts) ← Older edit		Revision as of 15:41, 26 April 2013 (view source) Kevin (Talk | contribs) Newer edit →
Line 136:		Line 136:
	$ ssh-keygen -f "/home/USERNAME/.ssh/known_hosts" -R 1.2.3.4		$ ssh-keygen -f "/home/USERNAME/.ssh/known_hosts" -R 1.2.3.4
	</pre>		</pre>
		+
		+
		+	= Troubleshooting =
		+	== SSH timed out too quickly ==
		+	*Problem:
		+	** Accessing a server through SSH and use it.
		+	** don't use it for a short period of time (like less than 1 minute).
		+	** Then the server doesn't respond anymore.
		+	* Possible Solution:
		+	** Edit <code>/etc/ssh/ssh_config</code> file. Add the following line.
		+	<pre>
		+	ServerAliveInterval 30
		+	</pre>
		+	** The client will check if the server is still alive every 30 seconds.

---

Revision as of 15:41, 26 April 2013

Contents 1 Secure Shell (SSH) 1.1 Change Port Number 2 Tunneling 3 SCP 4 SSH Key 4.1 Generate RSA Key 4.2 SSH Key Encryption Level 4.3 Transfer Client Key to Host 4.4 Set up to Use only SSH Key to Log in 4.5 Login without Using SSH Key 5 known_hosts 6 Troubleshooting 6.1 SSH timed out too quickly

Secure Shell (SSH)

Secure Shell (SSH) is a network protocol which transfers data using a secure channel between two networks.

Change Port Number

• Changing the port number for ssh can be one solution to ignore ssh brute force attack.
• Open /etc/ssh/sshd_config file and change the port number.

# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 22

e.g)
Port 1234

• and change the following lines

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

to like these lines below

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
AllowUsers username

Tunneling

-Creating a tunnel through ssh

$ ssh id@<remote machine address> -L <port number on local machine>:<local machine address>:<port on remote machine>

-To forward traffic from port 4881 on the local machine to port 8080 on the remote machine the IP of which is 192.168.0.10.

$ ssh id@192.168.0.10 -L 4881:localhost:8080

-To test a Java web application, running on tomcat server on a remote machine.

$ ssh id@remote.address -L 8080:localhost:8080

-To just forward a port, -N option can be used.

$ ssh id@192.168.0.10 -NL 4881:localhost:8080

-N      Do not execute a remote command.  This is useful for just forwarding ports (protocol version 2 only).

SCP

-Copy a file in the 'dir' directory on the remote machine to the directory 'home' on the local machine.

$ scp -pr username@remote_address:dir/file /home/

-p      Preserves modification times, access times, and modes from the original file.
-r      Recursively copy entire directories.

-Copy a file on the local machine to remote machine

$ scp -p localfile remote.address:dir

SSH Key

Generate RSA Key

$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ ssh-keygen -t rsa

SSH Key Encryption Level

The default ssh key encryption level is 2048. To increase it to 4096

$ ssh-keygen -t rsa -b 4096

Transfer Client Key to Host

$ scp -P PORT_NUMBER ~/.ssh/id_rsa.pub user@hostname:.ssh/uploaded_key.pub 
$ ssh user@hostname.com "cat ~/.ssh/uploaded_key.pub >> ~/.ssh/authorized_keys" 

Or,

ssh-copy-id <username>@<host> 
ssh-copy-id -i ~/.ssh/rsa_file.pub <username>@<host> 

To specify the port number

ssh-copy-id -i ~/.ssh/rsa_file.pub "username@host -p 1234" 

If it fails with the following error message.

Received disconnect from 1.2.3.4: Too many authentication failures for user

Set -o PubkeyAuthentication=no option.

ssh-copy-id -i ~/.ssh/rsa_file.pub "username@host -p 1234 -o PubkeyAuthentication=no"

Set up to Use only SSH Key to Log in

Set up to use only ssh key instead of username and password to log in to the server

edit /etc/ssh/sshd_config

PermitRootLogin no
PasswordAuthentication no

e.g.)

# by Kevin (1 line)
PasswordAuthentication no

If logging in with SSH key fails with the following error message.

Agent admitted failure to sign using the key.

run ssh-add

$ ssh-add your-key 
Enter passphrase for your-key: 
Identity added: your-key (your-key)

Login without Using SSH Key

If SSH access failed with the following error,

$ ssh username@host 
ssh: connect to host kevin-l port 22: No route to host

try this.

$ ssh -o PubkeyAuthentication=no username@host

known_hosts

• Way to remove key from ~/.ssh/known_hosts

$ ssh-keygen -f "/home/USERNAME/.ssh/known_hosts" -R IP_ADDRESS 

e.g.)

$ ssh-keygen -f "/home/USERNAME/.ssh/known_hosts" -R 1.2.3.4 

Troubleshooting

SSH timed out too quickly

• Problem:
  • Accessing a server through SSH and use it.
  • don't use it for a short period of time (like less than 1 minute).
  • Then the server doesn't respond anymore.
• Possible Solution:
  • Edit /etc/ssh/ssh_config file. Add the following line.

    ServerAliveInterval 30

• • The client will check if the server is still alive every 30 seconds.