Difference between revisions of "User:Scott/09"
Jump to navigation
Jump to search
| (9 intermediate revisions by the same user not shown) | |||
| Line 9: | Line 9: | ||
Resources [[user:scott/07]] | Resources [[user:scott/07]] | ||
Notes [[user:scott/08]] | Notes [[user:scott/08]] | ||
| + | Open-SSH [[user:scott/09]] | ||
{{TOC limit|limit=1}} | {{TOC limit|limit=1}} | ||
__TOC__ | __TOC__ | ||
| − | * | + | =SSH to Talon= |
| − | * | + | |
| − | * | + | ==transfer to foyer, and then to talon.== |
| − | + | ||
| − | + | $ ssh-keygen | |
| + | |||
| + | $ ssh scott@foyer.freegeek.org | ||
| + | |||
| + | - Debug: $ ssh -vvv scott@foyer.freegeek.org 2> ssh-debug.out | ||
| + | |||
| + | $ ssh scott@talon | ||
| + | |||
| + | $ ls /usr/local/laptop-eval/ | ||
| + | $ sftp://scott@talon/home/scott/laptop-eval | ||
| + | |||
| + | ==Secure-Copy from local-host to scott@foyer== | ||
| + | |||
| + | *Example syntax (scp) | ||
| + | *http://www.hypexr.org/linux_scp_help. | ||
| + | |||
| + | $ tar zvcf scott-laptop-photos.tar.gz /path/to/pictures | ||
| + | |||
| + | $ scp scott-laptop-photos.tar.gz scott@foyer.freegeek.org:~ | ||
| + | |||
| + | ==Secure-Copy from scott@foyer to scott@talon== | ||
| + | |||
| + | $ scp scott-laptop-photos.tar.gz talon:/usr/local/laptop-eval/photos/ | ||
| + | |||
| + | [[#top|top]] | ||
| + | |||
| + | =open-SSH Fundamentals= | ||
| + | http://www.youtube.com/watch?v=xLpVFLchF4o | ||
| + | |||
| + | ==Install SSH== | ||
| + | sudo apt-get install openssh-client | ||
| + | sudo apt-get install openssh-server | ||
| + | |||
| + | ==Test ssh install== | ||
| + | ssh localhost | ||
| + | |||
| + | ==configure the OpenSSH server== | ||
| + | /etc/ssh/sshd_config | ||
| + | man sshd_config | ||
| + | |||
| + | ==copy the original file and protect it from writing== | ||
| + | sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original | ||
| + | sudo chmod a-w /etc/ssh/sshd_config.original | ||
| + | |||
| + | ==Configure sshd_config== | ||
| + | |||
| + | gksudo gedit /etc/ssh/sshd_config | ||
| + | |||
| + | ==add the following directives /etc/ssh/sshd_config== | ||
| + | |||
| + | #sjnChangedPort = 443 | ||
| + | #Port 22 | ||
| + | Port 443 | ||
| + | |||
| + | #sjnChangedServerKeyBits | ||
| + | #ServerKeyBits 768 | ||
| + | ServerKeyBits 2048 | ||
| + | |||
| + | #sjnChangeLogLevel | ||
| + | #LogLevel INFO | ||
| + | LogLevel VERBOSE | ||
| + | |||
| + | #sjnChangeLogInGraceTime = 120 | ||
| + | LoginGraceTime 1m | ||
| + | |||
| + | #sjnChangeRootLogin = yes | ||
| + | PermitRootLogin no | ||
| + | |||
| + | #sjnAuthorizedKeysFile | ||
| + | #AuthorizedKeysFile %h/.ssh/authorized_keys | ||
| + | |||
| + | #sjnChangePasswordAuthentication = yes | ||
| + | PasswordAuthentication no | ||
| + | (then add public key to client) | ||
| + | |||
| + | #sjnChangeBanner (later) | ||
| + | #Banner /etc/issue.net | ||
| + | #Banner /home/scott/sshxxx.txt | ||
| + | |||
| + | #sjnChangePAM | ||
| + | #UsePAM yes | ||
| + | UsePAM no | ||
| + | |||
| + | ==start/stop/restart sshd== | ||
| + | |||
| + | sudo /etc/init.d/ssh start | ||
| + | sudo service ssh start | ||
| + | |||
| + | sudo /etc/init.d/ssh stop | ||
| + | sudo service ssh stop | ||
| + | |||
| + | sudo /etc/init.d/ssh restart | ||
| + | sudo service ssh restart | ||
| + | |||
| + | ==Authentication== | ||
| + | *SSH keys allow authentication between two hosts without the need of a password | ||
| + | |||
| + | ==Generate keys on Linux== | ||
| + | ===on local machine do:=== | ||
| + | ssh-keygen -t rsa | ||
| + | ~/.ssh/id_rsa (private key) | ||
| + | ~/.ssh/id_rsa.pub (public key) | ||
| + | |||
| + | ===copy "Public Key" ---> To Remote Server=== | ||
| + | |||
| + | scp ~/.ssh/id_rsa.pub user@remote:~/.ssh/my_key | ||
| + | |||
| + | append id_rsa.pub to | ||
| + | ~/.ssh/known_hosts | ||
| + | |||
| + | by entering: | ||
| + | ssh-copy-id username@remotehost | ||
| + | |||
| + | |||
| + | =Use Putty for Windows= | ||
| + | ==Download Putty== | ||
| + | http://www.chiark.greenend.org.uk/~sgtatham/putty/ | ||
| + | ==PuTTYgen == | ||
| + | select SSH-2 RSA - change from 1024 to 2048 | ||
| + | click generate | ||
| + | |||
| + | type in password | ||
| + | save private key | ||
| + | |||
| + | open pageant and add your key | ||
| + | |||
| + | go back to the server | ||
| + | change password authentication = yes | ||
| + | then we can get in via putty to copy the public key | ||
| + | |||
| + | then ssh into server with password | ||
| + | |||
| + | ===copy "Public Key" ---> To Remote Server=== | ||
| + | after ssh into server with password | ||
| + | |||
| + | ~$ cd .ssh | ||
| + | ~/.ssh$ nano authorized_keys | ||
| + | |||
| + | copy key and paste into authorized_keys | ||
| + | |||
| + | go back to the server(you can ssh in now) | ||
| + | change password authentication = no | ||
| + | re-start ssh | ||
| + | |||
| + | ==go back to PuTTY to save session== | ||
| + | click on ssh ---> auth and browse for key | ||
Latest revision as of 16:52, 26 November 2011
Notes -------------------------------- Home Page user:scott Tech Support user:scott/02 Dir & Files user:scott/03 Network user:scott/04 Troubleshoot user:scott/05 Laptops user:scott/06 Resources user:scott/07 Notes user:scott/08 Open-SSH user:scott/09
SSH to Talon
transfer to foyer, and then to talon.
$ ssh-keygen
$ ssh scott@foyer.freegeek.org - Debug: $ ssh -vvv scott@foyer.freegeek.org 2> ssh-debug.out
$ ssh scott@talon $ ls /usr/local/laptop-eval/ $ sftp://scott@talon/home/scott/laptop-eval
Secure-Copy from local-host to scott@foyer
- Example syntax (scp)
- http://www.hypexr.org/linux_scp_help.
$ tar zvcf scott-laptop-photos.tar.gz /path/to/pictures $ scp scott-laptop-photos.tar.gz scott@foyer.freegeek.org:~
Secure-Copy from scott@foyer to scott@talon
$ scp scott-laptop-photos.tar.gz talon:/usr/local/laptop-eval/photos/
open-SSH Fundamentals
http://www.youtube.com/watch?v=xLpVFLchF4o
Install SSH
sudo apt-get install openssh-client sudo apt-get install openssh-server
Test ssh install
ssh localhost
configure the OpenSSH server
/etc/ssh/sshd_config man sshd_config
copy the original file and protect it from writing
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original sudo chmod a-w /etc/ssh/sshd_config.original
Configure sshd_config
gksudo gedit /etc/ssh/sshd_config
add the following directives /etc/ssh/sshd_config
#sjnChangedPort = 443 #Port 22 Port 443
#sjnChangedServerKeyBits #ServerKeyBits 768 ServerKeyBits 2048
#sjnChangeLogLevel #LogLevel INFO LogLevel VERBOSE
#sjnChangeLogInGraceTime = 120 LoginGraceTime 1m
#sjnChangeRootLogin = yes PermitRootLogin no
#sjnAuthorizedKeysFile #AuthorizedKeysFile %h/.ssh/authorized_keys
#sjnChangePasswordAuthentication = yes PasswordAuthentication no (then add public key to client)
#sjnChangeBanner (later) #Banner /etc/issue.net #Banner /home/scott/sshxxx.txt
#sjnChangePAM #UsePAM yes UsePAM no
start/stop/restart sshd
sudo /etc/init.d/ssh start sudo service ssh start
sudo /etc/init.d/ssh stop sudo service ssh stop
sudo /etc/init.d/ssh restart sudo service ssh restart
Authentication
- SSH keys allow authentication between two hosts without the need of a password
Generate keys on Linux
on local machine do:
ssh-keygen -t rsa ~/.ssh/id_rsa (private key) ~/.ssh/id_rsa.pub (public key)
copy "Public Key" ---> To Remote Server
scp ~/.ssh/id_rsa.pub user@remote:~/.ssh/my_key
append id_rsa.pub to ~/.ssh/known_hosts by entering: ssh-copy-id username@remotehost
Use Putty for Windows
Download Putty
http://www.chiark.greenend.org.uk/~sgtatham/putty/
PuTTYgen
select SSH-2 RSA - change from 1024 to 2048 click generate type in password save private key
open pageant and add your key
go back to the server change password authentication = yes then we can get in via putty to copy the public key
then ssh into server with password
copy "Public Key" ---> To Remote Server
after ssh into server with password
~$ cd .ssh ~/.ssh$ nano authorized_keys copy key and paste into authorized_keys go back to the server(you can ssh in now) change password authentication = no re-start ssh
go back to PuTTY to save session
click on ssh ---> auth and browse for key