Scribd Logo
Carica

Benvenuto in Scribd!

  • 05 SSH Access

    Caricato da

    kalichko
    16 visualizzazioni2 pagine
    RHCSA Preparation

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    RHCSA Preparation

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    16 visualizzazioni2 pagine

    05 SSH Access

    Caricato da

    kalichko
    RHCSA Preparation

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 2

    SSH Access Requirements

    - sshd​ service running and offering services at port ​22​.


    - SSH port must be opened, not filtered by firewall.

    ssh command by default tries to reach ssh process on the server port 22.
    Use ​ssh -p​ if followed by the port number ssh service is offered (if not standard ssh service port
    used).
    SSH client for Windows OS is PuTTY.
    Usage:
    ssh​ ​hostname​ -> After connection established, you are prompted for password, if default
    configuration used. When connecting remotely SSH client tries to use user account you are
    logged in with on the local machine.
    ssh​ ​user@remoteserver​ -> use specific user account when connecting to server
    ssh​ ​remoteserver​ ​-l​ ​user​ -> alternative way to connect using specific user account.
    ssh -v​ -> use this option for verbosity during ssh connecting to troubleshoot problems with slow
    ssh performance.
    ~/.ssh/known_hosts​ -> public key fingerprint upon first connection stored in this file, and used to
    verify identity of the remote host.

    Using Graphical Applications in SSH Environment


    By default remote host can not draw screens on your computer without specific permission.
    Two requirements for starting graphical applications through an SSH connection:
    ● X server must be running on the client computer.
    ● Remote host allowed to display screens on the local computer.

    ssh -X​ ​root@server​ -> temporarily allow remote host to draw graphical screens on your
    computer.
    Enable system wide forwarding of X11 applications by appending next line to file
    /etc/ssh/ssh_config​:
    ForwardX11 yes

    Securely Transferring Files Between Systems


    scp​ ​/etc/hosts server:/tmp ​-> copy hosts file to remote server using currently logged in user.
    scp​ ​root@server:/etc/passwd​ ​~​ -> copy passwd file to your home directory by connecting to the
    server with root user.
    scp -r​ ​server:/etc/ /tmp​ -> copy whole subdirectory structure.
    scp -P​ ​<port>​ -> use non default port to connect to server.

    Configuring Key-Based Authentication for SSH


    To make SSH a bit more secure, it will always first try whether login using public/private keys is
    possible. Only if that is not possible is a password login used. The only thing you need to do to
    enable key-based login is to create a key pair.
    When using public/private key-based authentication, the user who wants to connect to a server
    generates a public/private key pair. The private key needs to be kept private and will never be
    distributed. The public key is stored in the home directory of the target user on the SSH server.

    When authenticating using key pairs, the user generates a hash derived from the private key.
    This hash is sent to the server, and if on the server it proves to match the public key that is
    stored on the server, the user is authenticated.

    To create a key pair, use the ​ssh-keygen​ command. The ​ssh-copy-id​ command is next used
    to copy the public key over to the target server.
    For maximum security protect private key with passphrase.

    ssh-keygen​ -> create private/public key pair in ​~/.ssh/​ in ​id_rsa​ and ​id_rsa.pub​.
    ssh-copy-id​ ​root@remoteserver​ -> copy public key from ​id_rsa.pub​ to remote server and store
    it in the ​~/.ssh/authorized_keys​.

    Using the screen Command


    screen​ command is a useful command that allows you to open multiple terminal sessions.
    For usage follow a simple procedure:
    1. Open an SSH session.
    2. From the SSH session, type ​screen​ to open a screen session.
    3. Start whichever task you want to start and keep it running.
    4. Use the ​Ctrl+a​, ​d​ key sequence to detach from the screen session and log out from the
    SSH session.
    5. When you are ready to reconnect, start the SSH session again. It is essential that you
    are using the same user account that you used before.
    6. Attach to the screen session again using ​screen -r ​. You can now conveniently finish the
    work that you have started from the screen session before.

    Screen commands:
    Ctrl+a​, ​?​ -> shows list of all commands that are available.
    Ctrl+a​, ​/​ -> close the screen session.

    screen -ls​ -> show all currently running screen sessions.

    Use screen to work together with other users in the same session. To do this, follow these
    steps:
    1. Make sure that both users are using SSH to connect to the system where you want to
    work on together. Both users must use the same user account when using SSH to
    connect.
    2. One user needs to start a screen session, using the ​screen​ command.
    3. The second user can just connect to the screen session, using ​screen -x​ .

    Potrebbero piacerti anche