Difference between revisions of "User:Scott/09"

From FreekiWiki
Jump to navigation Jump to search
 
(5 intermediate revisions by the same user not shown)
Line 9: Line 9:
 
  Resources      [[user:scott/07]]
 
  Resources      [[user:scott/07]]
 
  Notes          [[user:scott/08]]  
 
  Notes          [[user:scott/08]]  
  SSH           [[user:scott/09]]  
+
  Open-SSH       [[user:scott/09]]
  
 
{{TOC limit|limit=1}}
 
{{TOC limit|limit=1}}
Line 30: Line 30:
  
 
==Secure-Copy from local-host to scott@foyer==
 
==Secure-Copy from local-host to scott@foyer==
 +
 +
*Example syntax (scp)
 +
*http://www.hypexr.org/linux_scp_help.
 +
 
  $ tar zvcf scott-laptop-photos.tar.gz /path/to/pictures
 
  $ tar zvcf scott-laptop-photos.tar.gz /path/to/pictures
 
   
 
   
Line 40: Line 44:
 
[[#top|top]]
 
[[#top|top]]
  
=SSH Fundamentals=
+
=open-SSH Fundamentals=
 +
http://www.youtube.com/watch?v=xLpVFLchF4o
  
 
==Install SSH==
 
==Install SSH==
Line 110: Line 115:
 
*SSH keys allow authentication between two hosts without the need of a password
 
*SSH keys allow authentication between two hosts without the need of a password
  
==Generate keys==
+
==Generate keys on Linux==
 
===on local machine do:===
 
===on local machine do:===
 
   ssh-keygen -t rsa
 
   ssh-keygen -t rsa
Line 117: Line 122:
  
 
===copy "Public Key"  ---> To Remote Server===
 
===copy "Public Key"  ---> To Remote Server===
 +
 
  scp ~/.ssh/id_rsa.pub user@remote:~/.ssh/my_key
 
  scp ~/.ssh/id_rsa.pub user@remote:~/.ssh/my_key
  
Line 124: Line 130:
 
  by entering:  
 
  by entering:  
 
  ssh-copy-id username@remotehost
 
  ssh-copy-id username@remotehost
 +
 +
 +
=Use Putty for Windows=
 +
==Download Putty==
 +
http://www.chiark.greenend.org.uk/~sgtatham/putty/
 +
==PuTTYgen ==
 +
select SSH-2 RSA - change from 1024 to 2048
 +
click generate
 +
 +
type in password
 +
save private key
 +
 +
open pageant and add your key
 +
 +
go back to the server
 +
change password authentication = yes
 +
then we can get in via putty to copy the public key
 +
 +
then ssh into server with password
 +
 +
===copy "Public Key"  ---> To Remote Server===
 +
after ssh into server with password
 +
 +
~$ cd .ssh
 +
~/.ssh$ nano authorized_keys
 +
 +
copy key and paste into authorized_keys
 +
 +
go back to the server(you can ssh in now)
 +
change password authentication = no
 +
re-start ssh
 +
 +
==go back to PuTTY to save session==
 +
click on ssh ---> auth and browse for key

Latest revision as of 16:52, 26 November 2011

        Notes
--------------------------------
Home Page      user:scott
Tech Support   user:scott/02
Dir & Files    user:scott/03
Network        user:scott/04
Troubleshoot   user:scott/05
Laptops        user:scott/06
Resources      user:scott/07
Notes          user:scott/08 
Open-SSH       user:scott/09

Template:TOC limit

SSH to Talon

transfer to foyer, and then to talon.

$ ssh-keygen
$ ssh scott@foyer.freegeek.org

- Debug: $ ssh -vvv scott@foyer.freegeek.org 2> ssh-debug.out 
$ ssh scott@talon

$ ls /usr/local/laptop-eval/
$ sftp://scott@talon/home/scott/laptop-eval

Secure-Copy from local-host to scott@foyer

$ tar zvcf scott-laptop-photos.tar.gz /path/to/pictures

$ scp scott-laptop-photos.tar.gz scott@foyer.freegeek.org:~

Secure-Copy from scott@foyer to scott@talon

$ scp scott-laptop-photos.tar.gz talon:/usr/local/laptop-eval/photos/ 

top

open-SSH Fundamentals

http://www.youtube.com/watch?v=xLpVFLchF4o

Install SSH

sudo apt-get install openssh-client
sudo apt-get install openssh-server

Test ssh install

ssh localhost

configure the OpenSSH server

/etc/ssh/sshd_config
man sshd_config

copy the original file and protect it from writing

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
sudo chmod a-w /etc/ssh/sshd_config.original

Configure sshd_config

gksudo gedit /etc/ssh/sshd_config

add the following directives /etc/ssh/sshd_config

#sjnChangedPort = 443
#Port 22
Port 443
#sjnChangedServerKeyBits
#ServerKeyBits 768
ServerKeyBits 2048
#sjnChangeLogLevel
#LogLevel INFO
LogLevel VERBOSE
#sjnChangeLogInGraceTime = 120
LoginGraceTime 1m
#sjnChangeRootLogin = yes
PermitRootLogin no
#sjnAuthorizedKeysFile
#AuthorizedKeysFile	%h/.ssh/authorized_keys
#sjnChangePasswordAuthentication = yes
PasswordAuthentication no
(then add public key to client)
#sjnChangeBanner (later)
#Banner /etc/issue.net
#Banner /home/scott/sshxxx.txt
#sjnChangePAM
#UsePAM yes
UsePAM no

start/stop/restart sshd

sudo /etc/init.d/ssh start
sudo service ssh start
sudo /etc/init.d/ssh stop
sudo service ssh stop
sudo /etc/init.d/ssh restart
sudo service ssh restart

Authentication

  • SSH keys allow authentication between two hosts without the need of a password

Generate keys on Linux

on local machine do:

 ssh-keygen -t rsa
~/.ssh/id_rsa     (private key)
~/.ssh/id_rsa.pub (public key)

copy "Public Key" ---> To Remote Server

scp ~/.ssh/id_rsa.pub user@remote:~/.ssh/my_key
append id_rsa.pub to
~/.ssh/known_hosts 

by entering: 
ssh-copy-id username@remotehost


Use Putty for Windows

Download Putty

http://www.chiark.greenend.org.uk/~sgtatham/putty/

PuTTYgen

select SSH-2 RSA - change from 1024 to 2048
click generate

type in password
save private key
open pageant and add your key
go back to the server 
change password authentication = yes
then we can get in via putty to copy the public key
then ssh into server with password

copy "Public Key" ---> To Remote Server

after ssh into server with password
~$ cd .ssh
~/.ssh$ nano authorized_keys

copy key and paste into authorized_keys

go back to the server(you can ssh in now)
change password authentication = no
re-start ssh

go back to PuTTY to save session

click on ssh ---> auth and browse for key