In my previous post we learnt about what is ssh? now in this post
we know that how to works with ssh?
so lets start:
The key characteristics that makes a remote login program an
efficient one is pointed out in the below list.
The first and the foremost is the privacy of the communication.
This means the connection, which provides a remote shell login, must be
encrypted to prevent eaver dropping.
There must be a mechanism to check whether the data send by either
party is not altered, or tampered with. In short, integrity check is a must.
Identity of both the server and the client must be provided to
each other, to establish a proper authentication.
there are some added features apart from the secure authentication
and data encryption provided by ssh. Some of the well known features of SSH are
mentioned below.
1. SSH Tunneling
2.
TCP port forwarding
When we discuss encryption and data security, there are two types
of primarily used cryptographic systems:
1.
One is Public Key cryptography(or sometimes called as asymmetric
cryptography)
2.
Secret key cryptography (or sometimes called as symmetric
cryptography).
How Do SSH Keys Work?
An SSH server can authenticate clients using a variety of
different methods. The most basic of these is password authentication, which is
easy to use, but not the most secure.
SSH key pairs are two cryptographically secure keys that can be
used to authenticate a client to an SSH server. Each key pair consists of a
public key and a private key.
The private key is retained by the client and should be kept
absolutely secret. Any compromise of the private key will allow the attacker to
log into servers but public key can be shared freely without any negative
consequences. The public key is uploaded to a remote server that you want to be
able to log into with SSH. The key is added to a special file within the user
account you will be logging into called ~/.ssh/authorized_keys.
When a client attempts to authenticate using SSH keys, the server
can test the client on whether they are in possession of the private key. If
the client can prove that it owns the private key, a shell session is active
for client.
Working with SSH:
A connection is always initiated by the client to the server.
If the client is communicating with the server for the first time.
The client will get a warning on his screen which will be something like the
below.
[root@example.com ~]# ssh 192.168.0.254
The authenticity of host '192.168.0.254 (192.168.0.254)' can't
be established.
RSA key fingerprint is
c7:14:f4:85:5f:52:cb:f9:53:56:9d:b3:0c:1e:a3:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'example.com' (RSA) to the list of
known hosts.
it will prompt you for your password on the remote system. If the
username that you specified exists and you type in the remote password for it
correctly then the system should let you in. If it doesn't, try again and if it
still fails, you might check with the administrator that you have an account on
that machine and that your username and password is correct.
How to Create SSH Keys:
The command 'ssh-keygen -t dsa'.
[root@example.com ~]#ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key
(/home/localuser/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in
/home/localuser/.ssh/id_dsa.
Your public key has been saved in
/home/localuser/.ssh/id_dsa.pub.
The key fingerprint is:
a9:49:2e:2a:5e:33:3e:a9:de:4e:77:11:58:b6:90:26
localuser@example.com
It will prompt you for the location of the keyfile. Unless you
have already created a keyfile in the default location, you can accept the
default by pressing 'enter'.
Next it will ask you for a passphrase and ask you to confirm it.
The idea behind what you should use for a passphrase is different from that of
a password.
The key's randomart image is:
+--[ RSA 2048]----+
| ..o |
| E o= . |
| o. o |
| .. |
| ..S |
| o o. |
| =o.+. |
|. =++.. |
|o=++. |
+-----------------+
How to Embed your Public Key when Creating your Server:
If you do not have the ssh-copy-id program available, then you
must use this manual method for installing your ssh key on the remote host. Now
copy your public key which is in ~/.ssh/id_dsa.pub to the remote machine.
[root@example.com ~]#scp ~/.ssh/id_dsa.pub
192.168.0.254@example.com:.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNqqi1mHL
nryb1FdbePrSZQdmXRZxGZbo0gTfglysq6KMNUNY2VhzmYN
9JYW39yNtjhVxqfW6ewc+eHiL+IRRM1P5ecDAaL3V0ou6ecSurU
+t9DR4114mzNJ5SqNxMgiJzbXdhR+j55GjfXdk0FyzxM3a5qpVcGZEXiAzG
zhHytUV51+YGnuLGaZ37nebh3UlYC+KJev4MYIVww0tWmY+9GniRSQlgLLUQZ+F
BUjaqhwqVqsHe4F/woW1IHe7mfm63GXyBavVc+llrEzRbMO111MogZUcoWDI9w7UIm
8ZOTnhJsk7jhJzG2GpSXZHmly/a/buFaaFnmf username@example.com
When you create your Droplet, the public SSH keys that you
selected will be placed in the ~/.ssh/authorized_keys
file of the root user's account. This will allow you to log into the server
from the computer with your private key.
How To Copy a Public Key to your Server:
To use the utility, you simply need to specify the remote host
that you would like to connect to and the user account that you have password
SSH access to. This is the account where your public SSH key will be copied.
[root@example.com ~]#ssh-copy-id root@example.com
The authenticity of host '111.111.11.111 (111.111.11.111)' can't
be established.
ECDSA key fingerprint is
fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new
key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed --
if you are prompted now it is to install the new keys
username@111.111.11.111's password:
Type in the password (your typing will not be displayed for
security purposes) and press ENTER. The utility will connect to the account on
the remote host using the password you provided. It will then copy the contents
of your ~/.ssh/id_rsa.pub key into a
file in the remote account's home ~/.ssh directory called authorized_keys.
your
id_rsa.pub key has been uploaded to the remote account. You can continue onto
the next section.
For close
the session of SSH:
192.168.0.254@example.com# exit
logout
Connection to localhost closed.
No comments:
Post a Comment