Thursday, March 31, 2011

OpenSSH

Well, we need to be able to connect to this new server and we want to do everything from the command-line, so we need to install an SSH server. I am going to use OpenSSH because it just works and is very simple. You can do a lot with OpenSSH including connect to the terminal and transfer files over SFTP, and all very securely. With this there is no good reason to have an FTP server installed.

Install the server...
sudo apt-get install openssh-server
Backup the configuration file...
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
Configure the server to make it a bit more secure by modifying the file located at /etc/ssh/sshd_config. Change it to something non-standard like...port 2222 if you like, but this is not really necessary since it is already secure...but may prevent denial of service types of attacks...


Restart the server...
sudo /etc/init.d/ssh restart
Now try connecting from another computer using the following command from a terminal...
ssh <username>@<ipaddress>

Now, if you want to log in to your remote servers using ssh and not have to bother entering a password, you can use a private / public key to set that up. Below I have created a set of steps starting with what you do from the local computer...

Local Computer:

1. Set the appropriate ownership for the entire ~/.ssh directory and do it recursively
sudo chown -R user:group ~/.ssh

2. Set the appropriate permissions for ~/.ssh/known_hosts so ssh can write to it.
sudo chmod ~/.ssh/known_hosts 700

3. Now run these commands to generate the private/public keys and to put the public key on the remote computer. Just accept all the defaults (leave blank and press enter) for the first command.
ssh-keygen -t rsa
ssh-copy-id -i ~/.ssh/id_rsa.pub user@computer
Remote Computer:
Run this command on the client as well to make sure the key is now managed by the ssh-agent
ssh-add
On the remote computer you just need to make sure that the configuration file used by the ssh deamon (/etc/sshd/sshd_config) has a couple of lines added or uncommented.
RSAAuthentication yes
PubkeyAuthentication yes

After doing this restart the ssh service and you should be able to connect from the local computer without needing to enter your password. You can repeat these step for another remote computer, but of course you do not need to use the ssh-keygen command because you already have private/public keys generated from running it the first time.


Links
https://help.ubuntu.com/10.04/serverguide/C/openssh-server.html

https://help.ubuntu.com/11.10/serverguide/C/openssh-server.html
http://www.debian-administration.org/articles/152

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.