Difference between revisions of "User:Scott/09"
Jump to navigation
Jump to search
| Line 9: | Line 9: | ||
Resources [[user:scott/07]] | Resources [[user:scott/07]] | ||
Notes [[user:scott/08]] | Notes [[user:scott/08]] | ||
| + | SSH [[user:scott/09]] | ||
{{TOC limit|limit=1}} | {{TOC limit|limit=1}} | ||
__TOC__ | __TOC__ | ||
| − | + | =SSH to Talon= | |
| − | + | ||
| − | + | ==transfer to foyer, and then to talon.== | |
| − | + | ||
| − | + | $ ssh-keygen | |
| − | * | + | |
| + | $ ssh scott@foyer.freegeek.org | ||
| + | |||
| + | - Debug: $ ssh -vvv scott@foyer.freegeek.org 2> ssh-debug.out | ||
| + | |||
| + | $ ssh scott@talon | ||
| + | |||
| + | $ ls /usr/local/laptop-eval/ | ||
| + | $ sftp://scott@talon/home/scott/laptop-eval | ||
| + | |||
| + | ==Secure-Copy from local-host to scott@foyer== | ||
| + | $ tar zvcf scott-laptop-photos.tar.gz /path/to/pictures | ||
| + | |||
| + | $ scp scott-laptop-photos.tar.gz scott@foyer.freegeek.org:~ | ||
| + | |||
| + | ==Secure-Copy from scott@foyer to scott@talon== | ||
| + | |||
| + | $ scp scott-laptop-photos.tar.gz talon:/usr/local/laptop-eval/photos/ | ||
| + | |||
| + | [[#top|top]] | ||
| + | |||
| + | =SSH Fundamentals= | ||
| + | |||
| + | ==Install SSH== | ||
| + | sudo apt-get install openssh-client | ||
| + | sudo apt-get install openssh-server | ||
| + | |||
| + | ==Test ssh install== | ||
| + | ssh localhost | ||
| + | |||
| + | ==configure the OpenSSH server== | ||
| + | /etc/ssh/sshd_config | ||
| + | man sshd_config | ||
| + | |||
| + | ==copy the original file and protect it from writing== | ||
| + | sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original | ||
| + | sudo chmod a-w /etc/ssh/sshd_config.original | ||
| + | |||
| + | ==Configure sshd_config== | ||
| + | |||
| + | gksudo gedit /etc/ssh/sshd_config | ||
| + | |||
| + | ==add the following two directives to the end of the file== | ||
| + | PermitRootLogin no | ||
| + | AllowUsers USERNAME | ||
| + | |||
| + | #Port 22 | ||
| + | Port 2222 | ||
| + | |||
| + | #PubkeyAuthentication yes | ||
| + | PubkeyAuthentication yes | ||
| + | |||
| + | #Banner /etc/issue.net | ||
| + | Banner /etc/issue.net | ||
| + | |||
| + | ==start/stop/restart sshd== | ||
| + | |||
| + | sudo /etc/init.d/ssh start | ||
| + | sudo service ssh start | ||
| + | |||
| + | sudo /etc/init.d/ssh stop | ||
| + | sudo service ssh stop | ||
| + | |||
| + | sudo /etc/init.d/ssh restart | ||
| + | sudo service ssh restart | ||
| + | |||
| + | ==Authentication== | ||
| + | *SSH keys allow authentication between two hosts without the need of a password | ||
| + | |||
| + | ==Generate keys== | ||
| + | ===on local machine do:=== | ||
| + | ssh-keygen -t rsa | ||
| + | ~/.ssh/id_rsa (private key) | ||
| + | ~/.ssh/id_rsa.pub (public key) | ||
| + | |||
| + | ===copy "Public Key" ---> To Remote Server=== | ||
| + | scp ~/.ssh/id_rsa.pub user@remote:~/.ssh/my_key | ||
| + | |||
| + | append id_rsa.pub to | ||
| + | ~/.ssh/known_hosts | ||
| + | |||
| + | by entering: | ||
| + | ssh-copy-id username@remotehost | ||
Revision as of 23:20, 25 November 2011
Notes -------------------------------- Home Page user:scott Tech Support user:scott/02 Dir & Files user:scott/03 Network user:scott/04 Troubleshoot user:scott/05 Laptops user:scott/06 Resources user:scott/07 Notes user:scott/08 SSH user:scott/09
SSH to Talon
transfer to foyer, and then to talon.
$ ssh-keygen
$ ssh scott@foyer.freegeek.org - Debug: $ ssh -vvv scott@foyer.freegeek.org 2> ssh-debug.out
$ ssh scott@talon $ ls /usr/local/laptop-eval/ $ sftp://scott@talon/home/scott/laptop-eval
Secure-Copy from local-host to scott@foyer
$ tar zvcf scott-laptop-photos.tar.gz /path/to/pictures $ scp scott-laptop-photos.tar.gz scott@foyer.freegeek.org:~
Secure-Copy from scott@foyer to scott@talon
$ scp scott-laptop-photos.tar.gz talon:/usr/local/laptop-eval/photos/
SSH Fundamentals
Install SSH
sudo apt-get install openssh-client sudo apt-get install openssh-server
Test ssh install
ssh localhost
configure the OpenSSH server
/etc/ssh/sshd_config man sshd_config
copy the original file and protect it from writing
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original sudo chmod a-w /etc/ssh/sshd_config.original
Configure sshd_config
gksudo gedit /etc/ssh/sshd_config
add the following two directives to the end of the file
PermitRootLogin no AllowUsers USERNAME #Port 22 Port 2222 #PubkeyAuthentication yes PubkeyAuthentication yes #Banner /etc/issue.net Banner /etc/issue.net
start/stop/restart sshd
sudo /etc/init.d/ssh start sudo service ssh start
sudo /etc/init.d/ssh stop sudo service ssh stop
sudo /etc/init.d/ssh restart sudo service ssh restart
Authentication
- SSH keys allow authentication between two hosts without the need of a password
Generate keys
on local machine do:
ssh-keygen -t rsa ~/.ssh/id_rsa (private key) ~/.ssh/id_rsa.pub (public key)
copy "Public Key" ---> To Remote Server
scp ~/.ssh/id_rsa.pub user@remote:~/.ssh/my_key
append id_rsa.pub to ~/.ssh/known_hosts by entering: ssh-copy-id username@remotehost