SSH is Secure Shell; i.e., you are on machine A and you want to connect to machine B and do some work (in a terminal session).
You open a terminal on machine A and log in as a non-root user (we'll talk about root access later).
You execute
ssh-keygen which will create a directory,
~/.ssh in the home directory of the user you are logged in as. What
ssh-keygen does is create encrypted key files, one named i
d_rsa and the other
id_rsa.pub that are owned by the userid that created them with appropriate permissions;
id_rsa is readable only by the ower,
id_rsa.pub is readable by any user, both files are write enabled only for the owner.
The resulting directory looks like this:
Code:
ls -l ~/.ssh <this is how you list the directory in the home directory>
total 8
-rw------- 1 joeytest users 1675 Dec 12 10:44 id_rsa
-rw-r--r-- 1 joeytest users 396 Dec 12 10:44 id_rsa.pub
The same thing has to happen on machine B -- by that user -- and on any other machines you want to connect to also by those users.
When that's all done and you're ready to connect to machine B (and you know the user account name and the password that you entered when running
ssh-keygen), you can connect to the remote machine with this command:
Code:
ssh -l trona fubar.lan
The authenticity of host 'fubar.lan (192.168.1.10)' can't be established.
ECDSA key fingerprint is SHA256:awSn9jmaCWsvTqELFoe2dL1NX0+rqZN7CXtX228kaRQ.
Are you sure you want to continue connecting (yes/no)?
You would type the word "yes" when you see that, and you will be prompted for the password and you'll get connected.
That is, I've connected the user
joeytest to the user
trona on
fubar.lan.
That's how you do it. Note that none of that gobbledygook in that authenticity above is usable on anything else, it's what happen on my system, yours will look similar.
Now, by default, you will not be able to connect as root with
ssh from one machine to another even if you know the root passwords on other machines. That's not a bad thing as you can do tremendous damage with root access. It's better to connect remotely and then use either
sudo or
su - on that machine if you absolutely need to do work as root (there is a way and if you want to know ask and I'll tell you but I do discourage it).
Hopefully, your machines have names and fixed-IP addresses or DHCP configured with a name and address. The reason I can connect with a simple "fubar.lan" is that
fubar.lan has a fixed IP address and an entry in the file
/etc/hosts that looks like this:
Code:
192.168.1.10 fubar.lan fubar
that allows me to connect to any system in my network with
ssh systemname rather that entering the complete machine address. Otherwise you must use the complete address of the machine on the remote server. You can also have external addresses in
/etc/hosts, for example
75.126.162.205 www.linuxquestions.org linuxquestions.org
which avoids going through a DNS lookup.
Hope this helps some.
