OpenBSD and FreeBSD resources » SSH http://purebsd.com Tue, 01 Jun 2010 06:01:11 +0000 en hourly 1 http://wordpress.org/?v=3.3.2 SSH – The Secure SHell http://purebsd.com/ssh-the-secure-shell.html http://purebsd.com/ssh-the-secure-shell.html#comments Tue, 01 Jun 2010 05:29:53 +0000 admin http://purebsd.com/?p=52 The SSH protocol was developed to solve the issue of insecure remote logins with programs like telnet, rsh and rlogin. OpenSSH, developed by the OpenBSD team, and all other SSH implementations make use of encryption to transmit data over the internet and intranet.
Sniffing passwords and sensitive data becomes much harder for parties interested in your transmissions.

SSH client

The SSH client, /usr/bin/ssh on OpenBSD systems, is used to login on a remote host or directly execute a program remotely.
Login to remote host:

ssh -l username remote-host.example.org
ssh username@remote-host.example.org

If your username is the same on the remote end as it is where you execute the SSH client, providing a username is not necessary.

At the time of your first login attempt you’re asked by your own SSH client if you’d like to accept the public key of the remote host. Enter “yes” if you verified the authenticity of that key. That public key of the remote host is then saved to ~/.ssh/known_hosts.
That key is checked with the offered public key each time you’re connection again to this remote host. When the offered key differs from the one previously stored, your SSH client will alert you about it and terminates the connection process.
This way, accidentally logging in to a host pretending to be the host you’d like to connect with, can be prevented.
If you see such a warning from your SSH client, verify with your sysadmin if that new key is a valid/authentical public key of the host. There are valid reasons for hosts having a new public key.

scp: secure copy

scp is used to copy files securely to a remote host. Its syntax is not that different from cp orrcp. I think it’s best to just provide some examples of its usage.

Copying files from the current host to remote host:

scp onefile.tgz username@remote-host.example.org:adirectory
scp *.tgz username@remote-host.example.org:/tmp/adirectory
scp -r /tmp/backup username@remote-host.example.org:/tmp/adirectory

Copying files from remote host to this host:

scp 'username@remote-host.example.org:myfiles/onefile.tgz' .
scp 'username@remote-host.example.org:myfiles/*.tgz' .
scp -r 'username@remote-host.example.org:myfiles' /tmp/backup

sftp: secure ftp

sftp is best compared and used as a rather lite edition of a standard text-mode ftp client. As far as I can see it only differs from FTP in that it’s using encryption to transmit data and if I’m not mistaken, all communication between client and server goes through port 22.

SSH daemon

The SSH daemon is the program that accepts and handles the incoming SSH connections. It is run by default on OpenBSD systems and configured pretty secure. The only thing I changed was the option that allows remote logins to root, since I’m rather paranoid (:
To turn off the allowance of remote root logins, edit /etc/sshd_config and change thePermitRootLogin to no:

PermitRootLogin no

sftp-server

The sftp-server is the daemon or server side of the Secure FTP protocol. To be able to use sftp to your host, edit the SSH daemon configuration file /etc/sshd_config. Search for the following line and remove the hash-sign in front of it:

Subsystem sftp /usr/libexec/sftp-server

Then restart your SSH daemon.

]]> http://purebsd.com/ssh-the-secure-shell.html/feed 0