Ssh: Difference between revisions

From Wiki
Jump to navigation Jump to search
← Older editNewer edit →
Line 74: Line 74:
chmod 600 ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
</pre>
</pre>
ALSO: some older Ubuntu's won't accept ecdsa keys.

Revision as of 19:15, 4 February 2015

To log into a remote computer that's running an ssh server: 

ssh -l barney myserver.com

or 

ssh barney@myserver.com

To copy a file to barney's home directory on a remote computer: 

scp test.txt barney@myserver.com:

To copy a directory to barney's home directory on a remote computer: 

scp -r my_dir/ barney@myserver.com:

To copy a file to another directory on a remote computer: 

scp test.txt barney@myserver.com:/tmp

To copy a file from a remote computer to a local computer: 

scp barney@myserver.com:test.txt .

To execute a command on a remote computer (uses home directory as current): 

ssh barney@myserver.com pwd

If the username is the same on both local and remote computers, it may be omitted in the above commands.

SSH server listening on alternate port

If the SSH server is listening on port 1234 instead of the standard 22, modify the commands as follows: 

ssh -p1234 ...

and 

scp -P1234 ...

Public/Private Keys

https://help.ubuntu.com/community/SSH/OpenSSH/Keys

SSH is a client-server protocol. You use an ssh client to connect to a remote host running an ssh server (where you already have an account). Your public key is stored on the remote computer. ssh-agent runs on the local machine, and you must give it your private key and a passphrase to unlock it (with ssh-add).

Port forwarding or tunneling reroutes a TCP/IP connection to pass through an SSH connection.

Public/private key combinations are an alternative to passwords and are useful for automated logins and file transfers. The local user creates a public/private key pair and gives the public key to the remote user. When the local user tries to log in to the remote account, the remote host uses local's public key to encrypt a random string. The local user then decrypts this with his private key and sends it back to the remote host. This authenticates the local user to the remote user account.

To create a public/private key pair: 

ssh-keygen -t rsa -b 8192 (for servers with SSH2 but without ecdsa)
ssh-keygen -t ecdsa -b 521 (currently best security for SSH1)

This creates a public key at ~/.ssh/id_ecdsa.pub and a private key at ~/.ssh/id_ecdsa

To set up key-based login from larry@local to roger@remote:

  • Login as larry@local and run the ssh-keygen command.
  • Copy the text from ~larry/.ssh/id_dsa.pub on local and append it to ~roger/.ssh/authorized_keys on remote.
  • From the larry@local account, type ssh roger@remote. You should not be prompted for roger@remote's password. If you supplied a passphrase when generating the key pair, you will be asked for this. If you left the passphrase blank, you won't be asked for any authentication.

Troubleshooting permissions

chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

ALSO: some older Ubuntu's won't accept ecdsa keys.

Retrieved from "https://wiki.scott5.org/index.php?title=Ssh&oldid=1485"