Difference between revisions of "User:Scott/09"
Jump to navigation
Jump to search
| Line 61: | Line 61: | ||
gksudo gedit /etc/ssh/sshd_config | gksudo gedit /etc/ssh/sshd_config | ||
| − | ==add the following | + | ==add the following directives /etc/ssh/sshd_config== |
| + | |||
| + | #sjnChangedPort = 443 | ||
| + | #Port 22 | ||
| + | Port 443 | ||
| + | |||
| + | #sjnChangedServerKeyBits | ||
| + | #ServerKeyBits 768 | ||
| + | ServerKeyBits 2048 | ||
| + | |||
| + | #sjnChangeLogLevel | ||
| + | #LogLevel INFO | ||
| + | LogLevel VERBOSE | ||
| + | |||
| + | #sjnChangeLogInGraceTime = 120 | ||
| + | LoginGraceTime 1m | ||
| + | |||
| + | #sjnChangeRootLogin = yes | ||
PermitRootLogin no | PermitRootLogin no | ||
| − | + | ||
| − | + | #sjnAuthorizedKeysFile | |
| − | # | + | #AuthorizedKeysFile %h/.ssh/authorized_keys |
| − | + | ||
| − | + | #sjnChangePasswordAuthentication = yes | |
| − | # | + | PasswordAuthentication no |
| − | + | (then add public key to client) | |
| − | |||
| − | |||
| − | |||
==start/stop/restart sshd== | ==start/stop/restart sshd== | ||
Revision as of 22:29, 25 November 2011
Notes -------------------------------- Home Page user:scott Tech Support user:scott/02 Dir & Files user:scott/03 Network user:scott/04 Troubleshoot user:scott/05 Laptops user:scott/06 Resources user:scott/07 Notes user:scott/08 SSH user:scott/09
SSH to Talon
transfer to foyer, and then to talon.
$ ssh-keygen
$ ssh scott@foyer.freegeek.org - Debug: $ ssh -vvv scott@foyer.freegeek.org 2> ssh-debug.out
$ ssh scott@talon $ ls /usr/local/laptop-eval/ $ sftp://scott@talon/home/scott/laptop-eval
Secure-Copy from local-host to scott@foyer
$ tar zvcf scott-laptop-photos.tar.gz /path/to/pictures $ scp scott-laptop-photos.tar.gz scott@foyer.freegeek.org:~
Secure-Copy from scott@foyer to scott@talon
$ scp scott-laptop-photos.tar.gz talon:/usr/local/laptop-eval/photos/
SSH Fundamentals
Install SSH
sudo apt-get install openssh-client sudo apt-get install openssh-server
Test ssh install
ssh localhost
configure the OpenSSH server
/etc/ssh/sshd_config man sshd_config
copy the original file and protect it from writing
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original sudo chmod a-w /etc/ssh/sshd_config.original
Configure sshd_config
gksudo gedit /etc/ssh/sshd_config
add the following directives /etc/ssh/sshd_config
#sjnChangedPort = 443 #Port 22 Port 443
#sjnChangedServerKeyBits #ServerKeyBits 768 ServerKeyBits 2048
#sjnChangeLogLevel #LogLevel INFO LogLevel VERBOSE
#sjnChangeLogInGraceTime = 120 LoginGraceTime 1m
#sjnChangeRootLogin = yes PermitRootLogin no
#sjnAuthorizedKeysFile #AuthorizedKeysFile %h/.ssh/authorized_keys
#sjnChangePasswordAuthentication = yes PasswordAuthentication no (then add public key to client)
start/stop/restart sshd
sudo /etc/init.d/ssh start sudo service ssh start
sudo /etc/init.d/ssh stop sudo service ssh stop
sudo /etc/init.d/ssh restart sudo service ssh restart
Authentication
- SSH keys allow authentication between two hosts without the need of a password
Generate keys
on local machine do:
ssh-keygen -t rsa ~/.ssh/id_rsa (private key) ~/.ssh/id_rsa.pub (public key)
copy "Public Key" ---> To Remote Server
scp ~/.ssh/id_rsa.pub user@remote:~/.ssh/my_key
append id_rsa.pub to ~/.ssh/known_hosts by entering: ssh-copy-id username@remotehost