Hits: 5,271
Home >> Software >> OpenSSH

OpenSSH Intro

Basic Commands

OpenSSH http://www.openssh.org is the standard Secure SHell for almost all Linux distrubtions. It should be used in place of both telnet and ftp as they are not encrypted protocols. With OpenSSH you can both securely issue shell commands (ssh) and copy files (scp) to remote hosts. To start off, the basic way to ssh for a secured shell, use this syntax:

$ ssh username@host

If you want to ssh as the same user you can omit the username@ and just provide the hostname. It is a good habbit to use username@ since this is required for scp and also you happen to be logged in as another user. To copy a file using ssh use scp.

#scp (source) (target)
$ scp ./myfile.txt username@hostname:/home/username/

In this example, the file ./myfile.txt is sent to /home/username under the user 'username' on machine hostname. You can also replace /home/username with :. which is expanded to username's home directory. It is mandatory to have username@hostname:(path) or scp will copy your file locally. You can of course reverse the copy and say:

$ scp -r username@hostname:./MyDocs .

Notice the -r to recursively copy the directory ./MyDocs to the current directory.

OpenSSH Keys

Using keys can both save time and increase security since you are not repeated asked for a password. Phassphrases should also be much longer then a normal 8-12 character password yet are not as hard to rememeber. To use keys, you first need to generate a key.

$ ssh-keygen -b 2048 -t rsa

This will generate a 2048 bit RSA key pair. You will be asked for location and then for the passphrase. Good suggestions are one of your favorite quote, a line from your favorite poem, etc. Be sure and not use something that people could guess if they knew you too well.

Now that you have a key, you can use ssh-agent to remember your key locally and use it for all OpenSSH secure connections. To do this we simply run ssh. In my setup, I have a few lines added to my /etc/profile which is sourced by all shells.

# launch ssh-agent if not already running
if [ -z $SSH_AGENT_PID ]; then
        /usr/bin/ssh-agent -s > $HOME/.ssh-agent
        source $HOME/.ssh-agent > /dev/null
fi

Now that you have ssh-agent running, you need to add a key to the keyring. This is done with ssh-add and then typing in your passphrase.

$ ssh-add

Automated Login with Keys

Now that you have your keys made, and added to your ssh-agent, you can have remote machines accept you automatically based on your keys. For this, we make an authorized_keys file on our remote machine. You need to copy and paste your public key from your local keyring. By default, ~/.ssh/id_rsa.pub.

# on remote machine
$ vi ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys

That's it! Now you should be able to log into the box remotely without entering a password/passphrase. Assuming you have your ssh-agent running and key added. As you have guessed, this can work great for scripts too. It is also possible to not use a passphrase, just press enter when asked. However, this is very bad if anyone ever got a hold of your secret key they could log in as you.