SSH Server (Secure Shell )

SSH- Secure Shell is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client.

                                      

Package-                 openssh 
Port-                        22 
Daemon-                 sshd  
Script-                     /etc/init.d/sshd 
Configuration file-/etc/ssh/sshd_config 

# yum install openssh* -y          (Install open-ssh package)
                
# ssh 192.168.10.2                   (Access the System )
YES     (finger print) 
password 
login success 

# cat /root/ssh/know_hosts 

# ssh user1 192.168.10.2
# ssh user1 server1.exampl.com 
#  ssh -X 192.168.10.2  ( for gui commond) 


BLOCK FORWARDING
 


# vim /etc/ssh/sshd_conf 

  #X11Forwarding yes                     comment(line 108) 


{ AUTHENTICATION BY PORT NUMBER) 


# vim /etc/ssh/sshd_conf 

Port 22        remove the comment (line 13) 
port 2222      (place of port 22) 
:wq 

# ssh -p 2222 192.168.10.2


{ TO BLOCK ROOT} 

# vim /etc/ssh/sshd_conf 

Denyusers root    (add this line no 12) (means only root deny others allowed) 

Alloowusers root    (means only root allow and others are deny) 

:wq 


# vim /etc/ssh/sshd_conf 

MaxAuthTries 2          (remove comment line no 44) 
MaxSessions 4           (remove comment linr no 45) 
:wq 



{SSH WITH KEY AUTHENTICATION} 


2 Types of ssh key authentication

1- RSA (RSA provides encryption, digital signatures and key distribution.)

2- DSA (DSA provides only digital signatures.)

RSA 
# ssh-keygen 
enter 
enter 
enter 

Your identification has been saved in /root/.ssh/id_rsa. 
Your public key has been saved in /root/.ssh/id_rsa.pub. 
The key fingerprint is: 
2c:03:d6:6c:12:a6:91:00:6d:ab:8c:94:c1:a8:c3:83 root@localhost.localdomain 
The key’s randomart image is: 
+–[ RSA 2048]—-+ 
|*o..o            | 
|.o++ +           | 
|+.+.+ +          | 
|E=.. + .         | 
|+o.   o S        | 
|o.     o         | 
|                 | 
|                 | 
|                 | 
+—————–+ 




# cd /root/ssh1 
# ll 
# ssh-copy-id -i 192.168.10.2  (next machine ip) 
 .ssh/authorized_keys 
          

# ssh 192.168.0.100      { on same system} 
#  cat /root/.ssh/authoried_keys 


DSA 

# ssh-keygen -t dsa 
enter 
enter 
enter 

Your identification has been saved in /root/.ssh/id_dsa. 
Your public key has been saved in /root/.ssh/id_dsa.pub. 
The key fingerprint is: 
75:ea:c6:e4:e2:f3:a4:72:58:98:f1:56:3a:3d:58:3e root@localhost.localdomain 
The key’s randomart image is: 
+–[ DSA 1024]—-+ 
|                 | 
|                 | 
|          . .    | 
|      .  .oo     | 
|       =SBo      | 
|      o B=E      | 
|       +..*o     | 
|      o.o=       | 
|       ooo.      | 
+—————–+ 


# ssh-copy-id -i /root/.ssh/id_dsa.pub 192.168.0.100 
Now try logging into the machine, with “ssh ‘192.168.0.100’”, and check in: 

  .ssh/authorized_keys 

to make sure we haven’t added extra keys that you weren’t expecting. 




# ssh 192.168.0.100 
# cat /root/.ssh/authorised_keys 










(ssh session time out) 

# vim /etc/ssh/sshd_config 
ClientAliveInerval 300 
:wq 
# /etc/init.d/sshd restart 

Leave a Reply

Your email address will not be published. Required fields are marked *