LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Linux Answers > Applications / GUI / Multimedia
User Name
Password

Notices


By satinet at 2006-02-26 07:08
This is short guide to explain howto get ssh going between to slackware or other NIX boxes. I am going to guide you through setting up ssh, but I am not going to explain the why's and wherefores over every thing regarding ssh. there are far more knowledgeable people than I that can do that. This is intended to get you going quickly.

SSH uses public/private keys to authenticate connections. This verifies who the hosts are and ssh uses a high level of encryption. SCP used ssh for remote file copies.

You will need to perform the step on both/all machines

Usage

Code:
ssh <IP/hostname>
to forward X apps
Code:
ssh -X <IP/hostname>
for other user names
Code:
ssh -X <username>@<remotehost>
scp <files> <remotehosts>:/<directory>
multiple files
Code:
scp -rp <files> <remotehost>:/directory

Configuration
in slack the default config is fine. However, in other linuxs make sure in /etc/ssh/ssh_conf and /etc/ssh/ssh_conf that ssh protocol 2 is being used - this is more secure.


Host Keys
Hosts need to have a way to identify themselves that if verifiable:

first get it running on both boxes:

Code:
chmod +x /etc/rc.d/rc.sshd
not reboot boot or issue /etc/rc.d/rc.sshd start.

then you need to generate your HOST keys (I will use RSA though you may use DSA):

Code:
cd /etc/ssh

ssh-keygen -t rsa -b 2048 -f ssh_host_rsa_key
over write the existing keys.
When asked for passphare dont use one - this is for machine to machine. machines can't type.

Known Hosts

At this point you should be able to ssh and scp between machines easily.... but you will be asked about accepting the public key the 1st time you want to to remote copy/login. this will be put in /root/.ssh

Code:
root@blue:~# ssh 192.168.0.5
The authenticity of host '192.168.0.5 (192.168.0.5)' can't be established.
RSA key fingerprint is <something here that's complex>.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.5' (RSA) to the list of known hosts.
root@192.168.0.5's password:
this will go into /root/.ssh/known_hosts

User Pass Phrases

Okay so your machines know about each other.... what about this password stuff?? Bit trying?

ok

Code:
cd /root/.ssh/
ssh-keygen -t rsa
Accept the default location. (/root/.ssh/id_rsa)

This time use a pass phrase of your choice.
The passphrase will be used to authenticate rather than username/passwd. to make this work we need to copy to id_rsa.pub from one host to the other's authorized keys:

Code:
scp id_rsa.pub 192.168.0.12:/root/.ssh/authorized_keys
Put in your IP address / host name rather than 192.168.0.12. after you've done this on both hosts try doing an ssh from one box to another. You will be prompted for the pass phrase of the sending machine's user's ssh key.


No passwords - still Secure
Ok so now you just have to use the passphrases. not enough?? ok

So run
Code:
ssh-agent
ssh-add
ssh add will prompt you for the passphrase you generated for the system you are on now.
Now try a to ssh to the other host. hopefully you should be automagically logged in without passwords...

Running ssh-agent
Okay, slackware doesnt have a .bash_profile by default. ssh-agent is the things that passes the pass phrases....

Lets create one.

cd to /root

vi .bash_profile (note the . )

type in eval `ssh-agent`
or add to your existing profile.

if it's a new profile chmod 400 it.


now go for a reboot.

next time you log in type ssh-add to add your passphrase again. and you will not have to used passwords in ssh until you next reboot....

magic

However, each time you log in a new instance of ssh-agent will be loaded. I found this which is great:

Code:
# Start/Reuse SSH Agent - restart or re-use an existing agent
SSH_AGENT_CACHE=/tmp/ssh_agent_eval_`whoami`
if [ -s "${SSH_AGENT_CACHE}" ]
then
echo "Reusing existing ssh-agent"
eval `cat "${SSH_AGENT_CACHE}"`
# Check that agent still exists
kill -0 "${SSH_AGENT_PID}" 2>-
if [ $? -eq 1 ]
then
echo "ssh-agent pid ${SSH_AGENT_PID} no longer running"
# Looks like the SSH-Agent has died, it'll be restarted below
rm -f "${SSH_AGENT_CACHE}"
fi
fi

if [ ! -f "${SSH_AGENT_CACHE}" ]
then
echo "Starting new ssh-agent"
touch "${SSH_AGENT_CACHE}"
chmod 600 "${SSH_AGENT_CACHE}"
ssh-agent >> "${SSH_AGENT_CACHE}"
chmod 400 "${SSH_AGENT_CACHE}"
eval `cat "${SSH_AGENT_CACHE}"`
fi
You still need to run "ssh-add" once every reboot....

from http://forums.macosxhints.com/showthread.php?t=50836 so put that in your .bash_profile if you use more than one root log in.


Errata

Note i am just pulling this together for the benefit of LQ users. There are plenty of more indepth guides out there. This is a quick and dirty guide - you probably won't learn much.

I hope this comes as some use so to people...

If you get stuck or have a question please post (or a criticism)

Note you can use none root logins for remote copy / login. same procedure (hosts keys still done as root.)

:-)


  



All times are GMT -5. The time now is 03:49 AM.

Main Menu
Advertisement
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration