LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 02-26-2006, 05:27 AM   #1
satinet
Senior Member
 
Registered: Feb 2004
Location: England
Distribution: Slackware 11, Sabayon 3.1
Posts: 1,464

Rep: Reputation: 46
HOWTO - ssh slackware (and any linux)


Hello,

This is short guide to explain howto get ssh going between to slackware or other NIX boxes. i am going to guide you through setting up ssh, but i am not going to explain the why's and wherefores over every thing regarding ssh. there are far more knowledgeable people than i do that. this is intended to get you going quicky.

SSH uses public /private keys to authenticate connections. this verifies who the host are and ssh uses a hight level of encryption. SCP used ssh for remote file copies.

You will need to perform the step on both / all machines

Usage

ssh <IP/hostname>
to forward X apps
ssh -X <IP/hostname>
for other user names
ssh -X <username>@<remotehost>

scp <files> <remotehosts>:/<directory>
mulitmple files
scp -rp <files> <remotehost>:/directory


Configuration
in slack the default config is fine. However, in other linuxs make sure in /etc/ssh/ssh_conf and /etc/ssh/ssh_conf that ssh protocol 2 is being used - this is more secure.


Host Keys
Hosts need to have a way to identify themselves that if verifiable:

first get it running on both boxes:

Quote:
chmod +x /etc/rc.d/rc.sshd
not reboot boot or issue /etc/rc.d/rc.sshd start.

then you need to generate your HOST keys(i will use RSA though u may use DSA):

Quote:
cd /etc/ssh

ssh-keygen -t rsa -b 2048 -f ssh_host_rsa_key
over write the existing keys.
when asked for passphare dont use one - this is for machine to machine. machines can't type.

at this point you should ssh from each box to the other. this will create the ~/.ssh folder:

known hosts

at this point you should ssh from each box to the other. this will create the ~/.ssh folder. you should be able to ssh and scp between machines easily.... but you will be asked about accepting the public key the 1st time you want to to remote copy /login. this will be put in /root/.ssh mentioned above.

Quote:
root@blue:~# ssh 192.168.0.5
The authenticity of host '192.168.0.5 (192.168.0.5)' can't be established.
RSA key fingerprint is <something here that's complex>.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.5' (RSA) to the list of known hosts.
root@192.168.0.5's password:
this will go into /root/.ssh/known_hosts

User Pass phrases

okay so your machines know about each other.... what about this password stuff?? bit trying?

ok

Quote:
cd /root/.ssh/
ssh-keygen -t rsa
accept the default location. (/root/.ssh/id_rsa)

this time use a pass phrase of your choice.
the passphrase will be used to authenticate rather than username/passwd. to make this work we need to copy to id_rsa.pub from one host to the other's authorized keys:

Quote:
scp id_rsa.pub 192.168.0.12:/root/.ssh/authorized_keys
However, note this over writes the files. if you have more than one authorized key, append the public key to the file rather than over write it. (copy over and >> to the file)

put in your IP address / host name rather than 192.168.0.12. after you've done this on both hosts try doing an ssh from one box to another. You will be prompted for the pass phrase of the sending machine's user's ssh key.


No passwords - still Secure
ok so now you just have to use the passphrases. not enough?? ok

so run
Quote:
ssh-agent
ssh-add
ssh add will prompt you for the passphrase you generated for the system you are on now.
now try a to ssh to the other host. hopefully you should be automagically logged in without passwords...

Running ssh-agent
okay, slackware doesnt have a .bash_profile by default. ssh-agent is the things that passes the pass phrases....

lets create one.

cd to /root

vi .bash_profile (note the . )

type in eval `ssh-agent`
or add to your existing profile.

if it's a new profile chmod 400 it.


now go for a reboot.

next time you log in type ssh-add to add your passphrase again. and you will not have to used passwords in ssh until you next reboot....

magic

However, each time you log in a new instance of ssh-agent will be loaded. i found this which is great (add it to your .bash_profile instead if you prefer):

Code:
# Start/Reuse SSH Agent - restart or re-use an existing agent
SSH_AGENT_CACHE=/tmp/ssh_agent_eval_`whoami`
if [ -s "${SSH_AGENT_CACHE}" ]
then
echo "Reusing existing ssh-agent"
eval `cat "${SSH_AGENT_CACHE}"`
# Check that agent still exists
kill -0 "${SSH_AGENT_PID}" 2>-
if [ $? -eq 1 ]
then
echo "ssh-agent pid ${SSH_AGENT_PID} no longer running"
# Looks like the SSH-Agent has died, it'll be restarted below
rm -f "${SSH_AGENT_CACHE}"
fi
fi

if [ ! -f "${SSH_AGENT_CACHE}" ]
then
echo "Starting new ssh-agent"
touch "${SSH_AGENT_CACHE}"
chmod 600 "${SSH_AGENT_CACHE}"
ssh-agent >> "${SSH_AGENT_CACHE}"
chmod 400 "${SSH_AGENT_CACHE}"
eval `cat "${SSH_AGENT_CACHE}"`
fi
you still need to run "ssh-add" once every reboot....

from
http://forums.macosxhints.com/showthread.php?t=50836

so but that in your .bash_profile if you use more than one root log in.


Errata

note i am just pulling this together for the benefit of LQ users. there are plenty of more indepth guides out there. this is a quick and dirty guide - you probably won't learn much.

i hope this comes as some use so to people...

if you get stuck or have a question please post (or a criticism)

note you can use none root logins for remote copy / login. same procedure (hosts keys still done as root.)

:-)

Last edited by satinet; 03-01-2006 at 10:50 AM.
 
Old 02-26-2006, 07:12 AM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
satinet, this looks pretty good but it would be better if you could submit it as a Linux answer or to the LQ Wiki. If you just post it as a thread it will likely get lost beside all the questions.
 
Old 02-26-2006, 07:16 AM   #3
satinet
Senior Member
 
Registered: Feb 2004
Location: England
Distribution: Slackware 11, Sabayon 3.1
Posts: 1,464

Original Poster
Rep: Reputation: 46
David,

i just did it because lots of people are getting confused about networking - using samba to copy linux to linux etc.

Yeah i did do that after writing it. but i'm not sure it got posted correctly.

is there a way to check?

Thanks.

maybe i should do one for NFS too.
 
Old 02-26-2006, 07:23 AM   #4
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
The LA submission was successful however they are reviewed by LQ for accuracy before being published.

Thanks for taking the time to enter it there as well.
 
Old 02-26-2006, 07:49 AM   #5
satinet
Senior Member
 
Registered: Feb 2004
Location: England
Distribution: Slackware 11, Sabayon 3.1
Posts: 1,464

Original Poster
Rep: Reputation: 46
ok cool. its a mini howto for the impatient!

i'll get something together for NFS and maybe samba. but that's a bit of a sticky wicket so to speak.

might do something on DSL as well.....
 
Old 02-26-2006, 10:05 AM   #6
SaintsOfTheDiamond
Member
 
Registered: Jan 2006
Location: Lexington, KY
Distribution: Arch and a little Slack
Posts: 139

Rep: Reputation: 15
Very cool. I'll give it a look when I have some time .. I'm sure I'll have tons of dumb questions.
 
Old 02-26-2006, 04:35 PM   #7
lenny45
Member
 
Registered: Feb 2006
Location: Houston, Texas
Distribution: Mepis
Posts: 140

Rep: Reputation: 15
good job Sat....! will give it a shot fore to long.
 
Old 02-26-2006, 09:43 PM   #8
SaintsOfTheDiamond
Member
 
Registered: Jan 2006
Location: Lexington, KY
Distribution: Arch and a little Slack
Posts: 139

Rep: Reputation: 15
Sweet! This did exactly what I was trying to do.

One quick question though. I got them "talking" by just issuing the commands in the "Usage" section above. Do I still need to go through the rest of it to make sure it's a secure connection or am I good. Yeah, I'm a bit ADD.
 
Old 02-27-2006, 01:42 AM   #9
satinet
Senior Member
 
Registered: Feb 2004
Location: England
Distribution: Slackware 11, Sabayon 3.1
Posts: 1,464

Original Poster
Rep: Reputation: 46
not that's fine. the rest is just if you want to stream line things a bit more.....
 
Old 02-27-2006, 01:49 AM   #10
spooon
Senior Member
 
Registered: Aug 2005
Posts: 1,755

Rep: Reputation: 48
Quote:
Originally Posted by satinet
to forward X apps
ssh -X <IP/hostname>
You can note that some apps won't work with "-X" and need the "-Y" flag instead. OpenSSH since 3.8 (a few years ago) changed -X to be untrusted and -Y preserves the original functionality.
 
Old 02-27-2006, 02:34 AM   #11
MS3FGX
Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 351Reputation: 351Reputation: 351Reputation: 351
I am a bit concerned about how this guide appears to be root-user centric.

You really shouldn't be doing much of anything as root, let alone remote logins. And having a RSA key login for remote SSH commands, so a user isn't even prompted for the root password on the remote machine to run a root command, that can't be good.
 
Old 02-27-2006, 02:41 AM   #12
satinet
Senior Member
 
Registered: Feb 2004
Location: England
Distribution: Slackware 11, Sabayon 3.1
Posts: 1,464

Original Poster
Rep: Reputation: 46
fair comment.

however, the guide still works for none root users. just do the same thing. however, then it helps to keep user names etc consistent.

you can use non root user's if you prefer.

in any event i feel a 2048 bit RSA encryption is unlikely to be the weakest point in the security of most people's system. if you prefer dsa just substitute where is says rsa for dsa.

why shouldn't you be doing anything as root? on a lan i think this is perfectly secure.

Last edited by satinet; 02-27-2006 at 03:50 AM.
 
Old 02-27-2006, 07:53 AM   #13
drewhead
LQ Newbie
 
Registered: Jan 2006
Distribution: Slackware
Posts: 21

Rep: Reputation: 1
You might also want to mention this is a mini-howto to get OpenSSH working. Unfortunately OpenSSH isn't the only game in town. And while someone would have to intentionally install fsecure's non-commercial on a slack install, it is possible that the 'other NIX' boxes are using this same but different software. It took me a while to figure out that our Sun boxes at work were using fsecure's sshd, and the fact that OpenSSH and fsecure don't play nice together still infuriates me. F-Secure uses .ssh2, stores things in different files, and I've never figured out how to make the keys interchangable.

The point is that these directions don't work if you're using F-secure and OpenSSH in a mixed enviroment. Hooray for you if you have a 100% OpenSSH enviroment. I wish I did.
 
Old 02-27-2006, 08:01 AM   #14
satinet
Senior Member
 
Registered: Feb 2004
Location: England
Distribution: Slackware 11, Sabayon 3.1
Posts: 1,464

Original Poster
Rep: Reputation: 46
Well, what you say is interesting. but the title of my post includes "slackware" which is what i aim the guide at - and similar linuxs.

I actually used a netbsd box and a slackware box to test it. (both open ssh of course).

i guess it's just a quick and dirty guide for linux users....
 
Old 02-27-2006, 09:46 AM   #15
kite
Member
 
Registered: Aug 2003
Location: Shenzhen, China
Distribution: Slackware
Posts: 301

Rep: Reputation: 47
Thanks for your share. suppose I need to copy files from a windows machine to a slackware machine or revert, what you will suggest?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Chrooted SSH HowTo LXer Syndicated Linux News 0 01-29-2006 01:31 PM
Chroot SSH small howto. ldp Linux - Security 1 01-12-2005 05:50 AM
getting to X via SSH linux - linux HOWTO Lleb_KCir Linux - General 7 01-07-2005 11:53 AM
HowTo: SSH Shals Linux - Security 6 04-25-2004 10:58 AM
????ssh in different ports howto? pudhiyavan Linux - General 2 01-29-2004 09:56 PM


All times are GMT -5. The time now is 07:24 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration