Difference between revisions of "Secure Shell"
(→External links) |
|||
Line 34: | Line 34: | ||
*Disable root logins (Very important!): | *Disable root logins (Very important!): | ||
PermitRootLogin no | PermitRootLogin no | ||
+ | |||
+ | ==Todo== | ||
+ | *Access Your Local Subversion Repository from the Road | ||
+ | ssh -NfL 3690:127.0.0.1:3690 USER@64.3.10.24 -p6111 | ||
+ | Then you can access the repository via | ||
+ | svn://127.0.0.1/YOUR-SVN-PATH | ||
+ | |||
+ | *Secure Web Traffic when Traveling | ||
+ | ssh -D 9999 -p6111 USER@64.3.10.24 | ||
+ | then go to Firefox's Preferences->Advanced->Network->Settings->Manual proxy settings with: | ||
+ | SOCKS Host: 127.0.0.1 Port: 9999 | ||
+ | No proxy for: localhost, 127.0.0.1 | ||
==See also== | ==See also== |
Revision as of 06:10, 20 April 2008
Secure Shell (or SSH) is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (optionally) to allow the remote computer to authenticate the user.
SSH without passwords
- Step 1: Generate keys (public and private) and leave passphrase blank if you want password-less logins:
ssh-keygen -t dsa
Or,
ssh-keygen -t dsa -b 2048 -f /home/bob/my-key
- Step 2: Copy public key to remote server (Important: Only the public key!):
scp ~/.ssh/id_dsa.pub username@hostname:.ssh/authorized_keys
- Step 3: Set directory/file permissions (if not already set):
chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
- Step 4: Now, SSH into your remote server (password will be required the first time):
ssh username@hostname
That's it! You are now free to log into your remote server without entering a password. This is useful for automating file transfers. However, it must be used with care. If not executed properly, it is a potential security risk.
Making SSH even more secure
Note: All of the following settings will be implemented in your /etc/ssh/sshd_config
file.
- Disable SSH protocol 1. Make sure no lines reads
Protocol 1
. If so, change it to:
Protocol 2
- Enable key-based logins (see above for how to do this):
PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys
- Disable password-based logins (Only do this if you first enable key-based logins!):
PasswordAuthentication no
- Run on ports other than 22
Port 1717 # any free port above 1024
You will then need to point to this port when SSHing into your remote machine
ssh -p 1717 remote.machine
- Disable root logins (Very important!):
PermitRootLogin no
Todo
- Access Your Local Subversion Repository from the Road
ssh -NfL 3690:127.0.0.1:3690 USER@64.3.10.24 -p6111
Then you can access the repository via
svn://127.0.0.1/YOUR-SVN-PATH
- Secure Web Traffic when Traveling
ssh -D 9999 -p6111 USER@64.3.10.24
then go to Firefox's Preferences->Advanced->Network->Settings->Manual proxy settings with:
SOCKS Host: 127.0.0.1 Port: 9999 No proxy for: localhost, 127.0.0.1
See also
- SSH Filesystem (sshfs)
- Fish protocol
- rsync