SSH- Secure Shell is a cryptographic network protocol for secure data
communication, remote command-line login, remote command execution, and
other secure network services between two networked computers that
connects, via a secure channel over an insecure network, a server and a
client.
Package- openssh
Port- 22
Daemon- sshd
Script- /etc/init.d/sshd
Configuration file-/etc/ssh/sshd_config
# yum install openssh* -y (Install open-ssh package)
# ssh 192.168.10.2 (Access the System )
YES (finger print)
password
login success
# cat /root/ssh/know_hosts
# ssh user1 192.168.10.2
# ssh user1 server1.exampl.com
# ssh -X 192.168.10.2 ( for gui commond)
BLOCK FORWARDING
# vim /etc/ssh/sshd_conf
#X11Forwarding yes comment(line 108)
{ AUTHENTICATION BY PORT NUMBER)
# vim /etc/ssh/sshd_conf
Port 22 remove the comment (line 13)
port 2222 (place of port 22)
:wq
# ssh -p 2222 192.168.10.2
{ TO BLOCK ROOT}
# vim /etc/ssh/sshd_conf
Denyusers root (add this line no 12) (means only root deny others allowed)
Alloowusers root (means only root allow and others are deny)
:wq
# vim /etc/ssh/sshd_conf
MaxAuthTries 2 (remove comment line no 44)
MaxSessions 4 (remove comment linr no 45)
:wq
{SSH WITH KEY AUTHENTICATION}
2 Types of ssh key authentication
1- RSA (RSA provides encryption, digital signatures and key distribution.)
2- DSA (DSA provides only digital signatures.)
RSA
# ssh-keygen
enter
enter
enter
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
2c:03:d6:6c:12:a6:91:00:6d:ab:8c:94:c1:a8:c3:83 root@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
|*o..o |
|.o++ + |
|+.+.+ + |
|E=.. + . |
|+o. o S |
|o. o |
| |
| |
| |
+-----------------+
# cd /root/ssh1
# ll
# ssh-copy-id -i 192.168.10.2 (next machine ip)
.ssh/authorized_keys
# ssh 192.168.0.100 { on same system}
# cat /root/.ssh/authoried_keys
DSA
# ssh-keygen -t dsa
enter
enter
enter
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
75:ea:c6:e4:e2:f3:a4:72:58:98:f1:56:3a:3d:58:3e root@localhost.localdomain
The key's randomart image is:
+--[ DSA 1024]----+
| |
| |
| . . |
| . .oo |
| =SBo |
| o B=E |
| +..*o |
| o.o= |
| ooo. |
+-----------------+
# ssh-copy-id -i /root/.ssh/id_dsa.pub 192.168.0.100
Now try logging into the machine, with "ssh '192.168.0.100'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
# ssh 192.168.0.100
# cat /root/.ssh/authorised_keys
(ssh session time out)
# vim /etc/ssh/sshd_config
ClientAliveInerval 300
:wq
# /etc/init.d/sshd restart
_____________________________________________________________________________________________
Package- openssh
Port- 22
Daemon- sshd
Script- /etc/init.d/sshd
Configuration file-/etc/ssh/sshd_config
# yum install openssh* -y (Install open-ssh package)
# ssh 192.168.10.2 (Access the System )
YES (finger print)
password
login success
# cat /root/ssh/know_hosts
# ssh user1 192.168.10.2
# ssh user1 server1.exampl.com
# ssh -X 192.168.10.2 ( for gui commond)
BLOCK FORWARDING
# vim /etc/ssh/sshd_conf
#X11Forwarding yes comment(line 108)
{ AUTHENTICATION BY PORT NUMBER)
# vim /etc/ssh/sshd_conf
Port 22 remove the comment (line 13)
port 2222 (place of port 22)
:wq
# ssh -p 2222 192.168.10.2
{ TO BLOCK ROOT}
# vim /etc/ssh/sshd_conf
Denyusers root (add this line no 12) (means only root deny others allowed)
Alloowusers root (means only root allow and others are deny)
:wq
# vim /etc/ssh/sshd_conf
MaxAuthTries 2 (remove comment line no 44)
MaxSessions 4 (remove comment linr no 45)
:wq
{SSH WITH KEY AUTHENTICATION}
2 Types of ssh key authentication
1- RSA (RSA provides encryption, digital signatures and key distribution.)
2- DSA (DSA provides only digital signatures.)
RSA
# ssh-keygen
enter
enter
enter
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
2c:03:d6:6c:12:a6:91:00:6d:ab:8c:94:c1:a8:c3:83 root@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
|*o..o |
|.o++ + |
|+.+.+ + |
|E=.. + . |
|+o. o S |
|o. o |
| |
| |
| |
+-----------------+
# cd /root/ssh1
# ll
# ssh-copy-id -i 192.168.10.2 (next machine ip)
.ssh/authorized_keys
# ssh 192.168.0.100 { on same system}
# cat /root/.ssh/authoried_keys
DSA
# ssh-keygen -t dsa
enter
enter
enter
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
75:ea:c6:e4:e2:f3:a4:72:58:98:f1:56:3a:3d:58:3e root@localhost.localdomain
The key's randomart image is:
+--[ DSA 1024]----+
| |
| |
| . . |
| . .oo |
| =SBo |
| o B=E |
| +..*o |
| o.o= |
| ooo. |
+-----------------+
# ssh-copy-id -i /root/.ssh/id_dsa.pub 192.168.0.100
Now try logging into the machine, with "ssh '192.168.0.100'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
# ssh 192.168.0.100
# cat /root/.ssh/authorised_keys
(ssh session time out)
# vim /etc/ssh/sshd_config
ClientAliveInerval 300
:wq
# /etc/init.d/sshd restart
_____________________________________________________________________________________________