Difference between revisions of "Secure Shell"
From Christoph's Personal Wiki
(→See also) |
|||
| Line 19: | Line 19: | ||
That's it! You are now free to log into your remote server without entering a password. This is useful for automating file transfers. However, it ''must'' be used with care. If not executed properly, it is a potential security risk. | That's it! You are now free to log into your remote server without entering a password. This is useful for automating file transfers. However, it ''must'' be used with care. If not executed properly, it is a potential security risk. | ||
| − | == | + | ==Making SSH even more secure== |
| − | * | + | Note: All of the following settings will be implemented in your <code>/etc/ssh/sshd_config</code> file. |
| − | * | + | *Disable SSH protocol 1. Make sure no lines reads <code>Protocol 1</code>. If so, change it to: |
| − | * | + | Protocol 2 |
| + | *Enable key-based logins (see above for how to do this): | ||
| + | PubkeyAuthentication yes | ||
| + | AuthorizedKeysFile .ssh/authorized_keys | ||
| + | *Disable password-based logins (Only do this if you ''first'' enable key-based logins!): | ||
| + | PasswordAuthentication no | ||
| + | *Run on ports other than 22 | ||
| + | Port 1717 # any free port above 1024 | ||
| + | You will then need to point to this port when SSHing into your remote machine | ||
| + | ssh -p 1717 remote.machine | ||
| + | *Disable root logins (Very important!): | ||
| + | PermitRootLogin no | ||
| − | == | + | ==See also== |
| − | * [ | + | *[[SSH Filesystem]] (sshfs) |
| − | * [http://corneliusroot.blogspot.com/2006/12/copying-mass-amounts-of-data-over.html Copying mass amounts of data over a network with bash, rsync, and ssh] | + | *[[Fish protocol]] |
| + | *[[Rsync (command)|rsync]] | ||
| + | |||
| + | ==External links== | ||
| + | *[http://corneliusroot.blogspot.com/2006/12/copying-mass-amounts-of-data-over.html Copying mass amounts of data over a network with bash, rsync, and ssh] | ||
| + | *[[wikipedia:Secure_Shell]] | ||
[[Category:Linux Command Line Tools]] | [[Category:Linux Command Line Tools]] | ||
Revision as of 04:52, 4 January 2008
Secure Shell (or SSH) is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (optionally) to allow the remote computer to authenticate the user.
SSH without passwords
- Step 1: Generate keys (public and private) and leave passphrase blank if you want password-less logins:
ssh-keygen -t dsa
Or,
ssh-keygen -t dsa -b 2048 -f /home/bob/my-key
- Step 2: Copy public key to remote server (Important: Only the public key!):
scp ~/.ssh/id_dsa.pub username@hostname:.ssh/authorized_keys
- Step 3: Set directory/file permissions (if not already set):
chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
- Step 4: Now, SSH into your remote server (password will be required the first time):
ssh username@hostname
That's it! You are now free to log into your remote server without entering a password. This is useful for automating file transfers. However, it must be used with care. If not executed properly, it is a potential security risk.
Making SSH even more secure
Note: All of the following settings will be implemented in your /etc/ssh/sshd_config file.
- Disable SSH protocol 1. Make sure no lines reads
Protocol 1. If so, change it to:
Protocol 2
- Enable key-based logins (see above for how to do this):
PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys
- Disable password-based logins (Only do this if you first enable key-based logins!):
PasswordAuthentication no
- Run on ports other than 22
Port 1717 # any free port above 1024
You will then need to point to this port when SSHing into your remote machine
ssh -p 1717 remote.machine
- Disable root logins (Very important!):
PermitRootLogin no
See also
- SSH Filesystem (sshfs)
- Fish protocol
- rsync
