User:Scott/09

From FreekiWiki
Jump to navigation Jump to search
        Notes
--------------------------------
Home Page      user:scott
Tech Support   user:scott/02
Dir & Files    user:scott/03
Network        user:scott/04
Troubleshoot   user:scott/05
Laptops        user:scott/06
Resources      user:scott/07
Notes          user:scott/08 
SSH            user:scott/09 

Template:TOC limit

SSH to Talon

transfer to foyer, and then to talon.

$ ssh-keygen
$ ssh scott@foyer.freegeek.org

- Debug: $ ssh -vvv scott@foyer.freegeek.org 2> ssh-debug.out 
$ ssh scott@talon

$ ls /usr/local/laptop-eval/
$ sftp://scott@talon/home/scott/laptop-eval

Secure-Copy from local-host to scott@foyer

$ tar zvcf scott-laptop-photos.tar.gz /path/to/pictures

$ scp scott-laptop-photos.tar.gz scott@foyer.freegeek.org:~

Secure-Copy from scott@foyer to scott@talon

$ scp scott-laptop-photos.tar.gz talon:/usr/local/laptop-eval/photos/ 

top

SSH Fundamentals

Install SSH

sudo apt-get install openssh-client
sudo apt-get install openssh-server

Test ssh install

ssh localhost

configure the OpenSSH server

/etc/ssh/sshd_config
man sshd_config

copy the original file and protect it from writing

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
sudo chmod a-w /etc/ssh/sshd_config.original

Configure sshd_config

gksudo gedit /etc/ssh/sshd_config

add the following directives /etc/ssh/sshd_config

#sjnChangedPort = 443
#Port 22
Port 443
#sjnChangedServerKeyBits
#ServerKeyBits 768
ServerKeyBits 2048
#sjnChangeLogLevel
#LogLevel INFO
LogLevel VERBOSE
#sjnChangeLogInGraceTime = 120
LoginGraceTime 1m
#sjnChangeRootLogin = yes
PermitRootLogin no
#sjnAuthorizedKeysFile
#AuthorizedKeysFile	%h/.ssh/authorized_keys
#sjnChangePasswordAuthentication = yes
PasswordAuthentication no
(then add public key to client)
#sjnChangeBanner (later)
#Banner /etc/issue.net
#Banner /home/scott/sshxxx.txt
#sjnChangePAM
#UsePAM yes
UsePAM no

start/stop/restart sshd

sudo /etc/init.d/ssh start
sudo service ssh start
sudo /etc/init.d/ssh stop
sudo service ssh stop
sudo /etc/init.d/ssh restart
sudo service ssh restart

Authentication

  • SSH keys allow authentication between two hosts without the need of a password

Generate keys on Linux

on local machine do:

 ssh-keygen -t rsa
~/.ssh/id_rsa     (private key)
~/.ssh/id_rsa.pub (public key)

copy "Public Key" ---> To Remote Server

scp ~/.ssh/id_rsa.pub user@remote:~/.ssh/my_key
append id_rsa.pub to
~/.ssh/known_hosts 

by entering: 
ssh-copy-id username@remotehost


Use Putty for Windows

Download Putty

http://www.chiark.greenend.org.uk/~sgtatham/putty/

PuTTYgen

select SSH-2 RSA - change from 1024 to 2048
click generate

type in password
save private key
open pageant and add your key
go back to the server 
change password authentication = yes
then we can get in via putty to copy the public key
then ssh into server with password

copy "Public Key" ---> To Remote Server

after ssh into server with password
~$ cd .ssh
~/.ssh$ nano authorized_keys

copy key and paste into authorized_keys

go back to the server(you can ssh in now)
change password authentication = no
re-start ssh