Installing Open-ssh server on ubuntu linux
OpenSSH
is a FREE version of the SSH connectivity tools that technical users of the
Internet rely on. Users of telnet, rlogin, and ftp may not realize that their
password is transmitted across the Internet unencrypted, but it is. OpenSSH
encrypts all traffic (including passwords) to effectively eliminate
eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH
provides secure tunneling capabilities and several authentication methods, and
supports all SSH protocol versions.
Ubuntu
SSHD Installation
Type
the following two command to install both ssh client and server:
#
sudo apt-get install openssh-server openssh-client
How To Configure SSH?
When you change
the configuration of SSH, you are changing the settings of the sshd server.
In Ubuntu, the
main sshd configuration file is located at /etc/ssh/sshd_config.
Back
up the current version of this file before editing:
open ssh configuration using vi editor
You will want to leave most of the options in this file
alone. However, there are a few you may want to take a look at:
The port declaration specifies which port the sshd server
will listen on for connections. By default, this is 22.
If you are having difficulties with SSH, increasing the
amount of logging may be a good way to discover what the issue is
These parameters specify some of the login information.
LoginGraceTime specifies how many seconds to keep the
connection alive without successfully logging in. It may be a good idea to set
this time just a little bit higher than the amount of time it takes you to log
in normally.
PermitRootLogin selects
whether root is allowed to log in.
In most cases, this should be
changed to "no" when you have created user account that has access to
elevated privileges (through su or sudo) and can log in through ssh.
strictModes is a safety guard that will refuse a login
attempt if the authentication files are readable by everyone.
This prevents login attempts when the configuration files
are not secure.
These parameters configure an ability called X11 Forwarding. This allows you
to view a remote system's graphical user interface (GUI) on the local system.
This option must be enabled on
the server and given with the client during connection with the "-X"
option.
If
you changed any settings in this file, make sure you restart your sshd server to
implement your modifications
How To Log Into SSH with Keys
While it is helpful to be able to log in to a remote system using
passwords, it's often a better idea to set up key-based authentication
How Does Key-based Authentication Work?
Key-based authentication works by creating a pair of
keys: a private
key and a public key.
The private key is located on the client machine and is
secured and kept secret.
The public key can be given to anyone or placed on any server
you wish to access.
When you attempt to connect
using a key-pair, the server will use the public key to create a message for
the client computer that can only be read with the private key.
The client computer then sends
the appropriate response back to the server and the server will know that the
client is legitimate.
This entire process is
done in the background automatically after you set up keys.
How To Create SSH Keys?
SSH keys should be
generated on the computer you wish to log in from. This is usually your local computer.
Press enter to accept the
defaults. Your keys will be created at ~/.ssh/id_rsa.pub and~/.ssh/id_rsa.
Change into the .ssh directory by typing
Look at the permissions of the files
As you can see, the id_rsa file is readable and writable only to the
owner. This is how it should be to keep it secret.
The id_rsa.pub file, however, can be shared and has
permissions appropriate for this activity.
How To Transfer Your Public Key to the Server?
This will start an SSH session, which you will need to
authenticate with your password.
After
you enter your password, it will copy your public key to the server's
authorized keys file, which will allow you to log in without the password next
time.
Client-Side Options
There are a number of optional flags that you can select
when connecting through SSH.
Some of these may be necessary
to match the settings in the remote host's sshd file.
For
instance, you if you changed the port number in your sshd configuration, you
will need to match that port on the client-side by typing:
If you only wish to execute a single command on
a remote system, you can specify it after the host like so
You will connect to the remote machine, authenticate, and
the command will be executed.
As we said before, if X11 forwarding is enabled on
both computers, you can access that functionality by typing:
To stop ssh server, type command as
# sudo /etc/init.d/ssh stop
To start ssh server type command as
# sudo /etc/init.d/ssh start
To restart ssh server type command as
# sudo /etc/init.d/ssh restart
Now we can easily login through putty from Host machines(Windows) to Remote machines (Ubuntu). We can copy/send files from Host machine (Windows) to Remote machines (Ubuntu) using Winscp tool.
Install Winscp tool in windows to send files to remote machines using SSH.
Install Winscp tool in windows to send files to remote machines using SSH.
No comments:
Post a Comment