Difference between revisions of "GNU Linux/SSH"

From WhyAskWhy.org Wiki
Jump to: navigation, search
m (Quick stub entry)
m (Added quick/dirty section content)
Line 87: Line 87:
* https://library.linode.com/networking/socks-proxy
* https://library.linode.com/networking/socks-proxy
== How to view the fingerprint of the ssh host key ==
* http://www.enricozini.org/2008/tips/ssh-host-key-fingerprint/
* http://www.lysium.de/blog/index.php?/archives/186-How-to-get-ssh-server-fingerprint-information.html

Revision as of 23:17, 23 February 2014

According to Wikipedia:

Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client (running SSH server and SSH client programs, respectively).

Using Public and Private Keys with SSH

Here's an example of generating a public/private key pair for private key authentication on a remote server. I'm using 4096 bit key length at the suggestion of one of the tutorial author's sites below (added complexity in breaking it). If you enter a tough password for the key it will be encrypted and that much harder to use for malicious purposes. If you don't use a password however, it can be used for automated tasks. You'll need to carefully weight the costs/benefits of your choice before deploying the key to remote servers.

ubuntu@ubuntu:~$ ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -C "Chuck Norris tough"

Generating public/private rsa key pair.
Created directory '/home/ubuntu/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/ubuntu/.ssh/id_rsa.
Your public key has been saved in /home/ubuntu/.ssh/id_rsa.pub.
The key fingerprint is:
50:a0:9d:eb:61:bf:c8:6e:7a:76:bb:5a:05:e1:2e:58 Chuck Norris tough
The key's randomart image is:
+--[ RSA 4096]----+
|      ..o        |
|     o + .       |
|    . E o        |
|     o + .       |
|    . = S .      |
|     o + .       |
|      . o        |
|     .+o..       |
|    .*=o+o       |

ubuntu@ubuntu:~$ cat ~/.ssh/id_rsa.pub | ssh root@turtle 'cat - >> ~/.ssh/authorized_keys'

The authenticity of host 'turtle (' can't be established.
RSA key fingerprint is b2:5c:0d:27:ed:12:a2:0c:33:51:9a:45:2f:2d:2f:6d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'turtle,' (RSA) to the list of known hosts.
root@turtle's password: 

The next time you connect from the user account where you're keeping the keys (in this case the ubuntu user) to the remote account where you deployed the keys, you should not be prompted for that user's password. Instead, you'll be prompted for the private key's password if you chose one, or let in without a password prompt at all if you chose an empty private key password. For the purposes of this entry, I did not choose a password (I'll use this approach for automated tasks).

ubuntu@ubuntu:~$ ssh root@turtle

Linux turtle 2.6.32-43-generic #97-Ubuntu SMP Wed Sep 5 16:43:09 UTC 2012 i686 GNU/Linux
Ubuntu 10.04.4 LTS

Welcome to Ubuntu!
 * Documentation:  https://help.ubuntu.com/

0 packages can be updated.
0 updates are security updates.

New release 'precise' available.
Run 'do-release-upgrade' to upgrade to it.

Last login: Fri Sep 21 20:51:29 2012 from ubuntu.local


Setting up a secure tunnel via SSH

How to view the fingerprint of the ssh host key