Stay Ahead With Linux Security HOWTOs

network securityencryptionaccess control

OpenSSH Secure Remote Access Setup And Configuration Guide

Telnet is a popular way to access a remote system, unfortunately, it is incredibly insecure.. Telnet, along with rlogin, rcp, and rsh, are known to be insecure ways of connecting to a remote system. They are unencrypted and send login information in plain text. Because of this, anyone between the telnet client and the telnet server can intercept the packets and gain private information. Secure SHell (SSH) is a replacement for these types of remote access schemes. OpenSSH (the version of SSH that is talked about in this tip) uses Secure Socket Layer (specifically OpenSSL) to create an encrypted tunnel between the SSH client and the SSH server. With this tunnel in place, everything sent between the two computers is encrypted, so if a packet sniffer between the two systems is capturing packets, it will not be able to make use of the data collected. Installation Download and install the rpms: openssl-0.9.5a-3.i386.rpm openssh-2.1.1p4-1.i386.rpm openssh-server-2.1.1p4-1.i386.rpm openssh-clients-2.1.1p4-1.i386.rpm Setup After reading man sshd, although it is probably correct as is, read /etc/ssh/sshd_config. Since OpenSSH uses TCP_WRAPPERS, add the hosts to be allowed to use SSH into /etc/hosts.allow and block everyone else in /etc/hosts.deny. An example for /etc/hosts.allow that allows everyone in the 192.168.1 subnet to use SSH is: sshd: 192.168.1.0/255.255.255.0 In /etc/hosts.deny, add this line to default block everyone from using Secure SHell: sshd: ALL Start sshd by running: /etc/rc.d/init.d/sshd start To use the SSH client, first you must make a key. Run /usr/bin/ssh-keygen ssh-keygen creates a public and private key to be used for encryption and decryption of data sent through the encrypted tunnel. Here is a sample run of ssh-keygen: [sabaka00@CC989892-A sabaka00]# ssh-keygen Generating RSA keys: ...............................ooooooO...ooooooO Key generation complete. Enter file in which to save the key (/sabaka00/.ssh/identity): Enterpassphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /sabaka00/.ssh/identity. Your public key has been saved in /sabaka00/.ssh/identity.pub. The key fingerprint is: c2:ff:74:c5:e5:7d:b7:23:56:bb:11:8c:8a:97:77:7a sabaka00@CC989892-A [sabaka00@CC989892-A sabaka00]# For more information about ssh-keygen, read man ssh-keygen. Once you have created the public and private keys, copy the public key, normally found at $HOME/.ssh/identity.pub, to the host that is going to be connected to. The key should be in $HOME/.ssh/authorized_keys of the user that will be logged into on the remote system. Make sure the public key is on a single line in the authorized_keys file. Use After the keys are set up on the local and remote systems, connect to an SSH server like this: ssh -l -i host An example would be: [sabaka00@CC989892-A sabaka00]$ ssh -l sabaka00 192.168.1.1 This email address is being protected from spambots. You need JavaScript enabled to view it..1.1's password: Last login: Fri Aug 4 22:53:42 2000 from localhost.localdomain [This email address is being protected from spambots. You need JavaScript enabled to view it..1.1 sabaka00]$ Read man ssh for more information about the different command-line options for ssh. More Information For more information on SSH, see the SSH-FAQ and the SSH-HOWTO. For more information about OpenSSH, go to the OpenSSH website . For more information about OpenSSL, go to the OpenSSL website . . OpenSSH provides secure remote access to computers over untrusted networks through encryption. This guide outlines essential steps for setting it up.. OpenSSH Configuration, Remote Access Security, SSH Key Setup. . Anthony Pell

Aug 14, 2000 • Anthony Pell How to Learn Tips and Tricks