Difference between revisions of "Secure Shell"

From Christoph's Personal Wiki
Jump to: navigation, search
(See also)
Line 19: Line 19:
 
That's it! You are now free to log into your remote server without entering a password. This is useful for automating file transfers. However, it ''must'' be used with care. If not executed properly, it is a potential security risk.
 
That's it! You are now free to log into your remote server without entering a password. This is useful for automating file transfers. However, it ''must'' be used with care. If not executed properly, it is a potential security risk.
  
== See also ==
+
==Making SSH even more secure==
* [[SSH Filesystem]] (sshfs)
+
Note: All of the following settings will be implemented in your <code>/etc/ssh/sshd_config</code> file.
* [[Fish protocol]]
+
*Disable SSH protocol 1. Make sure no lines reads <code>Protocol 1</code>. If so, change it to:
* [[Rsync (command)|rsync]]
+
Protocol 2
 +
*Enable key-based logins (see above for how to do this):
 +
PubkeyAuthentication yes
 +
AuthorizedKeysFile .ssh/authorized_keys
 +
*Disable password-based logins (Only do this if you ''first'' enable key-based logins!):
 +
PasswordAuthentication no
 +
*Run on ports other than 22
 +
Port 1717  # any free port above 1024
 +
You will then need to point to this port when SSHing into your remote machine
 +
ssh -p 1717 remote.machine
 +
*Disable root logins (Very important!):
 +
PermitRootLogin no
  
== External links ==
+
==See also==
* [http://en.wikipedia.org/wiki/Secure_Shell Wikipedia article on '''SSH''']
+
*[[SSH Filesystem]] (sshfs)
* [http://corneliusroot.blogspot.com/2006/12/copying-mass-amounts-of-data-over.html Copying mass amounts of data over a network with bash, rsync, and ssh]
+
*[[Fish protocol]]
 +
*[[Rsync (command)|rsync]]
 +
 
 +
==External links==
 +
*[http://corneliusroot.blogspot.com/2006/12/copying-mass-amounts-of-data-over.html Copying mass amounts of data over a network with bash, rsync, and ssh]
 +
*[[wikipedia:Secure_Shell]]
  
 
[[Category:Linux Command Line Tools]]
 
[[Category:Linux Command Line Tools]]

Revision as of 04:52, 4 January 2008

Secure Shell (or SSH) is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (optionally) to allow the remote computer to authenticate the user.

SSH without passwords

  • Step 1: Generate keys (public and private) and leave passphrase blank if you want password-less logins:
ssh-keygen -t dsa

Or,

ssh-keygen -t dsa -b 2048 -f /home/bob/my-key
  • Step 2: Copy public key to remote server (Important: Only the public key!):
scp ~/.ssh/id_dsa.pub username@hostname:.ssh/authorized_keys
  • Step 3: Set directory/file permissions (if not already set):
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
  • Step 4: Now, SSH into your remote server (password will be required the first time):
ssh username@hostname

That's it! You are now free to log into your remote server without entering a password. This is useful for automating file transfers. However, it must be used with care. If not executed properly, it is a potential security risk.

Making SSH even more secure

Note: All of the following settings will be implemented in your /etc/ssh/sshd_config file.

  • Disable SSH protocol 1. Make sure no lines reads Protocol 1. If so, change it to:
Protocol 2
  • Enable key-based logins (see above for how to do this):
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
  • Disable password-based logins (Only do this if you first enable key-based logins!):
PasswordAuthentication no
  • Run on ports other than 22
Port 1717  # any free port above 1024

You will then need to point to this port when SSHing into your remote machine

ssh -p 1717 remote.machine
  • Disable root logins (Very important!):
PermitRootLogin no

See also

External links