|
Written by hakimkt
|
|
Wednesday, 26 January 2005 |
SSH (Secure Shell) protocol is the encrypted way to access a remote server from
your workstation using the console.Once you're connected and logged on the
remote machine, you can do stuff( what you are allowed to do) there, directly
from your computer. By using SSH, you encrypt the traffic and compress it, so it
can be more faster, also you can run ftp, pop, and even ppp via it so your
data(username, password for e.g.) will pass along the internet encrypted The
traditional network services like ftp, pop or telnet are convenient but
inherently unsafe, since they all make you send a password and data in clear
text over an increasingly unsafe network. The original SSH has been developed by
a Finnish company. Due to copyright restraints and patented algorithms, the Free
Software world now uses OpenSSH, a free SSH work-alike.
In order for ssh to work properly, the remote machine must be running an sshd
daemon, or an equivalent. The SSH server runs on a UNIX machine (it is
theoretically possible to put an SSH server on an NT server, but it has not been
done to my knowledge). SSH comes in two major, partly incompatible versions, 1.x
and 2.x. You won't be able to connect to an SSH 1.x server with an SSH 2.x
client. OpenSSH 2.x supports both versions.If you are running a unix system
(linux for example), you can do SSH from your console , otherwise, if you are
running windows you'll have to get an SSH client, Putty is very good for
it.
First you have to find out about public key cryptography. Public key
cryptography uses a public key to encrypt data and a private key to decrypt it.
The name public key comes from the fact that you can make the encryption key
public without compromising the secrecy of the data or the decryption key. What
this means is that it is safe to send your public key (i.e. the contents of the
~/.ssh/identity.pub file) in electronic mail or by other means e.g. to have a
system administrator of a remote site install that key into your
~/.ssh/authorized_keys file. For anyone to actually gain access they need the
corresponding private key (i.e. the decrypted contents of ~/.ssh/identity) to
identify themselves.SSH saves it's settings and your encryption keys in the
~/.ssh subdirectory (a subdirectory in your home directory).
If you've
never used the machine you're on to ssh before, or if you have not
deemed
your machine "trusted", you will recieve the following
message:
userid> ssh beatbox
Host key not found from the list of
known hosts.
Are you sure you want to continue connecting (yes/no)?
yes
Host 'beatbox' added to the list of known hosts.
userid@beatbox's
password:
If you want to login with a different username then your
local username you
will type something like this:
userid> ssh username@hostname
To
further protect your private key you should enter a passphrase to encrypt the
key when it is stored in the filesystem. This will prevent people from using it
even if they gain access to your files.
The very first step is to use
ssh-keygen to create an authentication key for yourself. In most cases the
defaults for this command are what you want.Always, type in a good pass-phrase
when prompted for one. It can be multiple words (i.e. spaces are just fine
within the phrase), so you could choose a sentence that you can remember.
Changing some of the words by misspelling them or by changing some of the
letters into digits is highly recommended to increase the strength of your pass
phrase.
Here is a sample session. Note that the pass-phrase
is not
echoed back as you type it:
beowulf% ssh-keygen
Initializing random
number generator...
Generating p: .++ (distance 6)
Generating q:
........++ (distance 110)
Computing the keys...
Testing the keys...
Key
generation complete.
Enter file in which to save the key
($HOME/.ssh/identity): [RETURN]
Enter passphrase (empty for no passphrase):
litt1e 1amp jumb3d
Enter same passphrase again: litt1e 1amp jumb3d
Your
identification has been saved in /u/kim/.ssh/identity.
Your public key
is:
1024 37 [lots of numbers] kim@beowulf.gw.com
Your public key has been saved in
/u/kim/.ssh/identity.pub
Now that you are connected, you can safely
work on the remote machine thus no one can see what you are actually doing even
if they sniff the traffic, all the comunication is high encrypted and
secure.
by hakimkt
kuwait
 Add as favourites (48)
|
- Please keep the topic of messages relevant to the subject of the article.
- Personal verbal attacks will be deleted.
- Please don't use comments to plug your web site. Such material will be removed.
- Just ensure to *Refresh* your browser for a new security code to be displayed prior to clicking on the 'Send' button.
- Keep in mind that the above process only applies if you simply entered the wrong security code.
|
|
Be first to comment this article
