SSH
From LimeWiki
Contents |
Introduction
SSH stands for Secure Shell, and is generally used to connect 2 devices together using a secure channel (in order to provide more privacy.)
Most common use
While it it used on an extremely wide variety of devices, SSH is most commonly used for Linux/Unix environments.
Who uses it?
Server/Network administrators will use it to connect to servers, and other networked devices. (commonly known as connecting via ssh.)
Brief history
There are currently two versions of the SSH protocol in use, which are SSH1 and SSH2.
The SSH1 protocol can be exploited through its connection setup protocol and is therefore not commonly used anymore.
The SSH2 protocol however, is a more robust connection-setup protocol and is more flexible. There are 2 commercial versions of SSH, One of them is derived from ssh.com and the other one is OpenSSH, which is free to use and is therefore used more often. OpenSSH is included with most Linux distributions, such as all of the ones Limestone Networks offers (CentOS, Ubuntu, Debian, FreeBSD.)
SSH – Key’s instead of passwords.
SSH packets being sent from the SSH client to the server are encrypted with a form of shared-key cryptography, using a random key which is generated for each new connection and thrown away when that connection is over. The client and the server use public-key cryptography to agree on the session key, and either party may request a re-keying of the session at any time.
Once you become familiar with SSH keys, communication and file copying between servers / clients will be secure, quicker, and more convenient.
Here’s an example on setting it up between a CentOS Client and CentOS Server:
On the client, do the following: Goto the .ssh directory, which is located under /root – full path is /root/.ssh Now let’s create our private and public keys and put them into a file.
ssh-keygen -t dsa -b 1024 -f id_dsa_something -C 'Client'
This created a 1024 bit key, and creates 2 files.
1. id_dsa_something - This holds your client’s PRIVATE Key.
2. id_dsa_something.pub - This holds your server’s PUBLIC key.
Now, let's place the key id_dsa_something.pub into the servers authorized_keys file. Located at:
/root/.ssh/authorized_keys, If this file is not already there, we will create it.
We’ll copy the key over via a file copying program called rsync
rsync -av -e ssh id_dsa_something.pub SERVERSIP:/root/.ssh/
Make sure to change SERVERSIP to the servers IP address. After doing this command, you will be prompted for the root password of the server, type it and press enter.
Now, on the server, do the following:
cd /root/.ssh cat id_dsa_something.pub >> authorized_hosts chmod 600 authorized_hosts
The 2nd command copies the contents of id_dsa_something.pub into authorized_keys file. The 3rd command gives it the correct permissions to be run by the system.
Now, back on the client, do the following:
cd /root/.ssh eval `ssh-agent` ssh-add id_dsa_something ssh-add -l
2nd command: Starts the SSH agent program. 3rd and 4th command: Adds your private key into memory.
Simply SSH into the server.
ssh serversIP
When prompted, type in the root password. Now exit out and try to SSH into the server from the client once more. This time – you shouldn’t be prompted for a password.
Securing via iptables (linux packet filtering)
More information securing SSH via iptables (IP filtering) can be found at:
