Secure Shell, ssh, is the modern, reasonably secure, method of remotely connecting to another computer. The previous standard, telnet, transmits passwords in clear text and is therefore easy for snoopers to see. Even if you're not concerned about your own account, there have been numerous exploits that give an attacker root(Administrative) access to a computer once they have a successful user-level login; from there they "own" the
computers and can use them, for example, as "sleeper cells" to run denial-of-service attacks, flooding networks with useless traffic. So use ssh whenever possible, for the well-being of the entire Internet.
New users of Linux often find the language used to describe different folders, computers etc, very confusing.
This was the case when I first read this article. Therefore I decided to make this a little simpler for the new user.
To do this we will assign the following scenario to using ssh.
Mary has a laptop machine she is the sole user of. Her username is mary and she has called her computer "laptop" her address is shown as mary@laptop in the terminal (bash)
Bob has a desktop computer he has called it "desktop" and his user name is "bob" therefore his address is shown as bob@desktop when he is in a terminal.
We will use this format to understand how to set up ssh. We will use Mary as the example. She wants to be able to send files to Bob's machine, backup her directories to a central backup file they both share etc.
Steps
- Installing ssh: it comes installed by default on all Linux distributions, and on all modern Macintosh computers.
- Windows users can get it by running the base install of Cygwin, or simply downloading Putty.
- The following steps assume Unix (Linux, Mac OS/X) or Cygwin syntax, however.
3) The simplest, though not the best, way is to simply use it as you would telnet; this
encrypts the traffic using system defaults:
$ ssh me@remote.my
In all these examples, me is your username on the remote computer, and remote.my is the computer to which you are connecting. So for Mary her username is 'mary and she wants to connect to Bob's computer (the remote one) so bob will first set her up as a user on his machine.
Mary would then type from the prompt $ ssh mary@desktop.
She will be prompted for her password once she is connected to Bob's machine. If Mary's username on the local system (the laptop) is the same as that on the remote (the desktop), she can leave off the username altogether:
$ ssh desktop
4) A better way is to use shared keys.
* First generate your key using ssh-keygen:
$ ssh-keygen -t dsa -b 2048
2048 bits is rather paranoid, but doesn't result in noticeable delays on most machines; or you can use the more common 1024. DSA is more secure than RSA.
* Then when you first connect to the remote system, you'll see a dialogue something like this:
jcomeau@ns003:~$ ssh tty.freeshell.org
The authenticity of host 'tty.freeshell.org (192.168.73.1)' can't be established.
RSA key fingerprint is 53:2b:ba:92:a7:88:ca:c1:ff:c2:1c:d1:53:11:fc:4e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'tty.freeshell.org,192.168.73.1' (RSA) to the list of known hosts.
jcomeau@tty.freeshell.org's password:
Last login: Mon Jan 7 19:33:21 2008 from 189.130.14.207
$
* On the remote system (Bob's desktop), Mary must make sure there is a hidden ssh directory and
authorization key file:
$ mkdir -m700 .ssh
$ touch .ssh/authorized_keys
$ chmod 600 .ssh/authorized_keys
If the directory already exists, an error message to that effect will appear, it can safely be ignored. Now
log out, usually with the key sequence ctrl-D.
* Copy your public key to the remote machine: (from laptop to desktop) these are the commands Mary will
type on the laptop:
$ cat .ssh/id_dsa.pub | ssh mary@desktop "cat >> .ssh/authorized_keys"
Pay careful attention to the "punctuation"! The right angle-brackets must be double as shown, or you'll
wipe out any keys you already have; and the quotes must be as shown, or you won't get the desired result.
* Now when Mary ssh's to 'desktop', she won't be asked for a password at all! The protocol takes care of
the authentication, using her public key on the remote (Bob's desktop), and the private key on the local computer (Mary's laptop).
5) Multiple users can be set up on a central machine with each being able to connect securely using ssh and if combined with Rysnc can create very efficient methods of backing up and transferring files safely, quickly and securely
