ssh (openssh) 101

dansawyer · 01-23-2007, 09:54 AM

All,

The systems are fc6 with openssh installed. I have the O'Reilly book for backup. My question is:

How to set up a ssh login between system A, client, and system B, server?

I tried following some instructions about making and passing a key, however it still asks for a password. Lets assume the user 'john' is configured on both systems. Where is there a howto to configure ssh (openssh) for john on client A to log into server B?

I realize this is basic. However server, which is a firewall, is being hammered by attacks on a regular basis and I would like to configure it to not allow ssh password logins.

Thanks - Dan

kilgoretrout · 01-23-2007, 10:30 AM

This article is pretty good:

http://tips.linux.com/article.pl?sid...045226&tid=100

The important thing to remember is when generating the key, just hit the Enter key when it asks for a passphrase or the key will be associated with whatever passphrase you give and you will always have to give the passphrase when using the key. There are some security issues in doing this since anyone that gets your public key will have automatic ssh access to your box.

dansawyer · 01-23-2007, 11:06 AM

After attempting to follow a script I noticed that one of the pair, server, defaults to rsa while client defaults to dsa. Where are these defaults configured?

fyi Sever is bog standard fc6 while client has a custom kernel.

- Dan

kilgoretrout · 01-23-2007, 12:11 PM

The file is /etc/ssh/ssh_config on the client and /etc/ssh/sshd_config on the server. If your using public key authentication you should disable any other mode of authentication. Here's another article for you on how to set that up:

http://www.g-loaded.eu/2005/11/10/ssh-with-keys/

It goes into a little more detail re the config files and how to add some extra security. It's a little intimedating at first, but once you fool around with it a bit, you will get the hang of it.

For your particular issue, from the above article, you probably don't have this uncommented in sshd_config on the server:

HostKey /etc/ssh/ssh_host_dsa_key

dansawyer · 01-23-2007, 12:34 PM

Thanks for the tips. It is now working.

I would like to configure all the systems to one key type - say dsa. If I set "HostKey /etc/ssh/ssh_host_dsa_key" in sshd_config files and re-login will it re-set the knownhosts to rsa?

Does this even matter?

Thanks - Dan