Maybe somebody make how to configure & use ssh?
client----serwer.
ssh configuration.
Re: ssh configuration.
For your local network or the public internet?
If you want ssh on your local network just fire up the ssh(d) daemon on the server (make it autostart too if you want). The default config works. Then run on the client 'ssh server' or if your user name differs or you want to login as a different user run 'ssh user@server'. There's also 'scp file user@server:dest' to copy a file. Again user can be omitted than the user you're logged in as is used. And much more like sshfs, ...
Couldn't be more straightforward.
That's not to be used if publically accessible on the internet as the default setup is especially because of password-based authentication not safe for the public internet. But it's easy to use and convenient for local, trusted networks.
If you want ssh on your local network just fire up the ssh(d) daemon on the server (make it autostart too if you want). The default config works. Then run on the client 'ssh server' or if your user name differs or you want to login as a different user run 'ssh user@server'. There's also 'scp file user@server:dest' to copy a file. Again user can be omitted than the user you're logged in as is used. And much more like sshfs, ...
Couldn't be more straightforward.
That's not to be used if publically accessible on the internet as the default setup is especially because of password-based authentication not safe for the public internet. But it's easy to use and convenient for local, trusted networks.
Re: ssh configuration.
To add some information to Shador:
To enable ssh on the server:
To connect to it on the client, just use "ssh" or "scp" command, or you could also use "remmina" to graphically connect to it and transfer files.
To enable ssh on the server:
Code: Select all
chmod +x /etc/rc.d/rc.sshd && service start sshd
Re: ssh configuration.
For large files can use rsync with ssh so file transfers can be interrupted and resumed later.
rsync -avP -e ssh file user@server:dest
rsync -avP -e ssh file user@server:dest
Re: ssh configuration.
Actually the chmod +x command is not needed. service start sshd already does this implicitly. And the graphical frontend available under System Tools is even easier for enabling/starting or disabling/stopping a service.JRD wrote:To add some information to Shador:
To enable ssh on the server:To connect to it on the client, just use "ssh" or "scp" command, or you could also use "remmina" to graphically connect to it and transfer files.Code: Select all
chmod +x /etc/rc.d/rc.sshd && service start sshd
Re: ssh configuration.
Ok.
1. I generated keys on "local" and "remote" host (local network 192 ... )
2. Copy key to remote host
3. Connect to remote host
4. And add my public key ( I want login to remote without a password).
What about security? Privilege (.ssh and files into)?
hosts.deny and hosts.allow ?
What else?
1. I generated keys on "local" and "remote" host (local network 192 ... )
Code: Select all
$ ssh-keygen -t rsa
Code: Select all
scp /home/local/.ssh/id_rsa.pub remote@192...:~/id_rsa.pub
Code: Select all
$ ssh remote@192...
Code: Select all
$ cat id_rsa.pub >> .ssh/authorized_keys
hosts.deny and hosts.allow ?
What else?
Re: ssh configuration.
This is not exactly secure, as anybody getting access to a machine with the private key on it or access to that private key, gets access to all other machines. So permissions of the private key file should be at least so that nobody except that one user can read that file (600). But that's forced by ssh anyway I think.
Still I recommend to put a key on the file and to use ssh-agent to store the password for your session so you only have to enter it once per session. This is quite comfortable and much more secure. Although for use on a local, trusted and firewalled network it shouldn't matter. On Xfce ssh-agent is started with your session automatically so all it needs to store the key is:
I have for example an autostart like this that prompts me for the password once I log in:
On other DEs that don't start ssh-agent e.g. openbox you might need this to some startup file like .xinitrc:
if you make the ssh service publicly available on the internet e.g. by opening ports on your router you should at least do this:
So only key-based authentication for non-root users is allowed and login to root is disabled. Because once somebody gets access to that account, you've got a very big problem. If he gets access to another account, you've got a problem too, but then he still has your root password to crack to get you into really big trouble.
Still I recommend to put a key on the file and to use ssh-agent to store the password for your session so you only have to enter it once per session. This is quite comfortable and much more secure. Although for use on a local, trusted and firewalled network it shouldn't matter. On Xfce ssh-agent is started with your session automatically so all it needs to store the key is:
Code: Select all
ssh-add
Code: Select all
terminator -x ssh-add
Code: Select all
SSHAGENT=/usr/bin/ssh-agent
SSHAGENTARGS="-s"
if [ -z "$SSH_AUTH_SOCK" -a -x "$SSHAGENT" ]; then
eval `$SSHAGENT $SSHAGENTARGS`
trap "kill $SSH_AGENT_PID" 0
fi
Code: Select all
PermitRootLogin no
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication no