Secure Shell

From KevinWiki

(Difference between revisions)
Jump to: navigation, search
(SSH Tunneling)
Line 69: Line 69:
$ scp -p localfile remote.address:dir
$ scp -p localfile remote.address:dir
</pre>
</pre>
 +
 +
== SSH Key ==
 +
 +
=== Generate RSA Key ===
 +
$ mkdir ~/.ssh
 +
$ chmod 700 ~/.ssh
 +
$ ssh-keygen -t rsa
 +
 +
=== SSH Key Encryption Level ===
 +
The default ssh key encryption level is 2048. To in crease it to 4096
 +
$ ssh-keygen -t rsa -b 4096
 +
 +
 +
=== Transfer Client Key to Host ===
 +
$ scp -P PORT_NUMBER ~/.ssh/id_rsa.pub user@hostname:.ssh/uploaded_key.pub
 +
$ ssh user@hostname.com "cat ~/.ssh/uploaded_key.pub >> ~/.ssh/authorized_keys"
 +
 +
Or,
 +
ssh-copy-id <username>@<host>
 +
ssh-copy-id -i ~/.ssh/rsa_file.pub <username>@<host>
 +
 +
 +
=== Set up to Use only SSH Key to Log in ===
 +
Set up to use only ssh key instead of username and password to log in to the server
 +
 +
edit /etc/ssh/sshd_config
 +
 +
PermitRootLogin no
 +
PasswordAuthentication no
 +
 +
e.g.)
 +
# by Kevin (1 line)
 +
PasswordAuthentication no

Revision as of 14:49, 28 July 2012

Contents

Secure Shell (SSH)

Secure Shell (SSH) is a network protocol which transfers data using a secure channel between two networks.

Change Port Number

  • Changing the port number for ssh can be one solution to ignore ssh brute force attack.
  • Open /etc/ssh/sshd_config file and change the port number.
# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 22
e.g)
Port 1234
  • and change the following lines
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

to like these lines below

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
AllowUsers username


Tunneling

-Creating a tunnel through ssh

$ ssh id@<remote machine address> -L <port number on local machine>:<local machine address>:<port on remote machine>

-To forward traffic from port 4881 on the local machine to port 8080 on the remote machine the IP of which is 192.168.0.10.

$ ssh id@192.168.0.10 -L 4881:localhost:8080

-To test a Java web application, running on tomcat server on a remote machine.

$ ssh id@remote.address -L 8080:localhost:8080

-To just forward a port, -N option can be used.

$ ssh id@192.168.0.10 -NL 4881:localhost:8080
-N      Do not execute a remote command.  This is useful for just forwarding ports (protocol version 2 only).

SCP

-Copy a file in the 'dir' directory on the remote machine to the directory 'home' on the local machine.

$ scp -pr username@remote_address:dir/file /home/
-p      Preserves modification times, access times, and modes from the original file.
-r      Recursively copy entire directories.


-Copy a file on the local machine to remote machine

$ scp -p localfile remote.address:dir

SSH Key

Generate RSA Key

$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ ssh-keygen -t rsa

SSH Key Encryption Level

The default ssh key encryption level is 2048. To in crease it to 4096

$ ssh-keygen -t rsa -b 4096


Transfer Client Key to Host

$ scp -P PORT_NUMBER ~/.ssh/id_rsa.pub user@hostname:.ssh/uploaded_key.pub 
$ ssh user@hostname.com "cat ~/.ssh/uploaded_key.pub >> ~/.ssh/authorized_keys" 

Or,

ssh-copy-id <username>@<host>
ssh-copy-id -i ~/.ssh/rsa_file.pub <username>@<host>


Set up to Use only SSH Key to Log in

Set up to use only ssh key instead of username and password to log in to the server

edit /etc/ssh/sshd_config

PermitRootLogin no
PasswordAuthentication no

e.g.)

# by Kevin (1 line)
PasswordAuthentication no
Personal tools