ssh - performs remote logins and remote command execution
scp - copies files between computers
sftp - copies files between computers, with an interactive, ftp-like user interface
sshd - server daemon
ssh-keygen - create and modifies public and private keys
ssh-agent - caches ssh private keys to avoid typing pass-phrases
ssh-add - Manipulates the key cache of ssh-agent
~/.ssh - Directory(per user) for keys and configuration files
/etc/ssh - Directory(system wide) for keys and configuration files
~/.ssh/config - Client config file(per user)
/etc/ssh/sshd_config - client configuration file(system wide)
To invoke a remote command
# ssh -l remoteUser remotehost uptime
Authenticating by public key(OpenSSH)
Problem: you want to set up public-key authentication between an OpenSSH client and an OpenSSH server.
Solution:
Public Key Authentication:-
Public key authentication let's you prove your identity to a remote host using a cryptographic key instead of a login password.
1. Generate a key if necessary:
# mkdir -p ~/.ssh ---- if it doen't already exist
# chmod 700 ~/.ssh
# cd ~/.ssh
# ssh-keygen -t dsa
2. Copy the public key to the remote host:
# scp -p id_dsa.pub remoteuser@remotehost:
passwd: ****
3. Log into the remote host and install the public key:
# ssh -l remoteUser remotehost
Password: *****
# mkdir -p ~/.ssh ---- if it doen't already exist
# chmod 700 ~/.ssh
# cat id_dsa.pub >> ~/.ssh/authorized_keys (appending)
# chmod 600 ~/.ssh/authorized_keys
# mv id_dsa.pub ~/.ssh optional
# logout
4. Log back in via public-key authentication:
# ssh -l remoteUser remotehost
Enter passphrase for key '/home/smith//.ssh/id_dsa': ***
Note: SSH keys are more secure than passwords because keys are never transmitted over the network, where as passwords are.
An SSH "key" is actually a matched pair of keys stored in two files. The private or secret key remains on the client machine, encrypted with a passphrase. The public key is copied to the remote(server)machine.
When establishing a connection the SSH client and server perform a complex negotiation based on the private and public key and if they match, your identity is proven and the connection succeeds.
The SSH server must be configured to permit public-key authentication, which is the default
/etc/ssh/sshd_config
publickeyAuthentication yes ---- if no, change it and restart sshd
Public-Key authentication lets allow you prove your identity to a remote host using a sryptographic key instead of a login password.
scp - copies files between computers
sftp - copies files between computers, with an interactive, ftp-like user interface
sshd - server daemon
ssh-keygen - create and modifies public and private keys
ssh-agent - caches ssh private keys to avoid typing pass-phrases
ssh-add - Manipulates the key cache of ssh-agent
~/.ssh - Directory(per user) for keys and configuration files
/etc/ssh - Directory(system wide) for keys and configuration files
~/.ssh/config - Client config file(per user)
/etc/ssh/sshd_config - client configuration file(system wide)
To invoke a remote command
# ssh -l remoteUser remotehost uptime
Authenticating by public key(OpenSSH)
Problem: you want to set up public-key authentication between an OpenSSH client and an OpenSSH server.
Solution:
Public Key Authentication:-
Public key authentication let's you prove your identity to a remote host using a cryptographic key instead of a login password.
1. Generate a key if necessary:
# mkdir -p ~/.ssh ---- if it doen't already exist
# chmod 700 ~/.ssh
# cd ~/.ssh
# ssh-keygen -t dsa
2. Copy the public key to the remote host:
# scp -p id_dsa.pub remoteuser@remotehost:
passwd: ****
3. Log into the remote host and install the public key:
# ssh -l remoteUser remotehost
Password: *****
# mkdir -p ~/.ssh ---- if it doen't already exist
# chmod 700 ~/.ssh
# cat id_dsa.pub >> ~/.ssh/authorized_keys (appending)
# chmod 600 ~/.ssh/authorized_keys
# mv id_dsa.pub ~/.ssh optional
# logout
4. Log back in via public-key authentication:
# ssh -l remoteUser remotehost
Enter passphrase for key '/home/smith//.ssh/id_dsa': ***
Note: SSH keys are more secure than passwords because keys are never transmitted over the network, where as passwords are.
An SSH "key" is actually a matched pair of keys stored in two files. The private or secret key remains on the client machine, encrypted with a passphrase. The public key is copied to the remote(server)machine.
When establishing a connection the SSH client and server perform a complex negotiation based on the private and public key and if they match, your identity is proven and the connection succeeds.
The SSH server must be configured to permit public-key authentication, which is the default
/etc/ssh/sshd_config
publickeyAuthentication yes ---- if no, change it and restart sshd
Public-Key authentication lets allow you prove your identity to a remote host using a sryptographic key instead of a login password.
No comments:
Post a Comment