Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Debian GNU/Linux Reference Guide
Prev Home Next

9.5.1 Basics of SSH

First install the OpenSSH server and client.

     # apt-get update && apt-get install ssh

/etc/ssh/sshd_not_to_be_run must not be present if one wishes to run the OpenSSH server.

SSH has two authentication protocols:

  • SSH protocol version 1:

    • Potato version only supports this protocol.

    • available authentication methods:

      • RSAAuthentication: RSA identity key based user authentication

      • RhostsAuthentication: .rhosts based host authentication (insecure, disabled)

      • RhostsRSAAuthentication: .rhosts authentication combined with RSA host key (disabled)

      • ChallengeResponseAuthentication: RSA challenge-response authentication

      • PasswordAuthentication: password based authentication

  • SSH protocol version 2:

    • post-Woody versions use this as the primary protocol.

    • available authentication methods:

      • PubkeyAuthentication: public key based user authentication

      • HostbasedAuthentication: .rhosts or /etc/hosts.equiv authentication combined with public key client host authentication (disabled)

      • ChallengeResponseAuthentication: challenge-response authentication

      • PasswordAuthentication: password based authentication

Be careful about these differences if you are migrating to Woody or using a non-Debian system.

See /usr/share/doc/ssh/README.Debian.gz, ssh(1), sshd(8), ssh-agent(1), and ssh-keygen(1) for details.

Following are the key configuration files:

  • /etc/ssh/ssh_config: SSH client defaults. See ssh(1). Notable entries are:

    • Host: Restricts the following declarations (up to the next Host keyword) to be only for those hosts that match one of the patterns given after the keyword.

    • Protocol: Specifies the SSH protocol versions. The default is "2,1".

    • PreferredAuthentications: Specifies the SSH2 client authentication method. The default is "hostbased,publickey,keyboard-interactive,password".

    • PasswordAuthentication: If you want to log in with a password, you have to make sure this is not set no.

    • ForwardX11: The default is disabled. This can be overridden by the command-line option "-X".

  • /etc/ssh/sshd_config: SSH server defaults. See sshd(8). Notable entries are:

    • ListenAddress: Specifies the local addresses sshd should listen on. Multiple options are permitted.

    • AllowTcpForwarding: The default is disabled.

    • X11Forwarding: The default is disabled.

  • $HOME/.ssh/authorized_keys: the lists of the default public keys that clients use to connect to this account on this host. See ssh-keygen(1).

  • $HOME/.ssh/identity: See ssh-add(1) and ssh-agent(1).

The following will start an ssh connection from a client.

     $ ssh [email protected]
     $ ssh -1 [email protected] # Force SSH version 1
     $ ssh -1 -o RSAAuthentication=no -l username foo.host
         # force password on SSH1
     $ ssh -o PreferredAuthentications=password -l username foo.host
         # force password on SSH2

For the user, ssh functions as a smarter and more secure telnet (will not bomb with ^]).


Debian GNU/Linux Reference Guide
Prev Home Next

 
 
  Published under the terms of the GNU General Public License Design by Interspire