Secure Shell

From KevinWiki

Contents 1 Secure Shell (SSH) 1.1 Change Port Number 2 Tunneling 3 SCP 4 SSH Key 4.1 Generate RSA Key 4.2 SSH Key Encryption Level 4.3 Transfer Client Key to Host 4.4 Set up to Use only SSH Key to Log in

Secure Shell (SSH)

Secure Shell (SSH) is a network protocol which transfers data using a secure channel between two networks.

Change Port Number

• Changing the port number for ssh can be one solution to ignore ssh brute force attack.
• Open /etc/ssh/sshd_config file and change the port number.

# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 22

e.g)
Port 1234

• and change the following lines

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

to like these lines below

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
AllowUsers username

Tunneling

-Creating a tunnel through ssh

$ ssh id@<remote machine address> -L <port number on local machine>:<local machine address>:<port on remote machine>

-To forward traffic from port 4881 on the local machine to port 8080 on the remote machine the IP of which is 192.168.0.10.

$ ssh id@192.168.0.10 -L 4881:localhost:8080

-To test a Java web application, running on tomcat server on a remote machine.

$ ssh id@remote.address -L 8080:localhost:8080

-To just forward a port, -N option can be used.

$ ssh id@192.168.0.10 -NL 4881:localhost:8080

-N      Do not execute a remote command.  This is useful for just forwarding ports (protocol version 2 only).

SCP

-Copy a file in the 'dir' directory on the remote machine to the directory 'home' on the local machine.

$ scp -pr username@remote_address:dir/file /home/

-p      Preserves modification times, access times, and modes from the original file.
-r      Recursively copy entire directories.

-Copy a file on the local machine to remote machine

$ scp -p localfile remote.address:dir

SSH Key

Generate RSA Key

$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ ssh-keygen -t rsa

SSH Key Encryption Level

The default ssh key encryption level is 2048. To increase it to 4096

$ ssh-keygen -t rsa -b 4096

Transfer Client Key to Host

$ scp -P PORT_NUMBER ~/.ssh/id_rsa.pub user@hostname:.ssh/uploaded_key.pub 
$ ssh user@hostname.com "cat ~/.ssh/uploaded_key.pub >> ~/.ssh/authorized_keys" 

Or,

ssh-copy-id <username>@<host>
ssh-copy-id -i ~/.ssh/rsa_file.pub <username>@<host>

Set up to Use only SSH Key to Log in

Set up to use only ssh key instead of username and password to log in to the server

edit /etc/ssh/sshd_config

PermitRootLogin no
PasswordAuthentication no

e.g.)

# by Kevin (1 line)
PasswordAuthentication no