Small ssh introduction

Some of my students, family, or friends still fear the black box with white charecters, sometimes called the shell, the command line, or the terminal. However, if you have embraced the concept and the opportunity of what you can achieve with just some simple commands typed into a box, I will give you here a small manual how to even use this power remotely. The magic command is ssh, the secure shell. Linux and MacOSX usually offer this feature by default (sometimes you have to install openssh-server), however, even windows can easily offer this using cygwin. In debian or ubuntu like system you want to issue sudo apt-get install openssh-server to install the server (to make it possible to display the command line from a different computer). A client on MacOSX and Linux systems you just type ssh into a command line, fo rwindows you either want cygwin or putty.

Let's now imagine, we have installed ssh on our computer named work (let's further assume that it is reachable by the IP-address 192.168.20.15 - try if you can type into a command line on another computer ping work and also ping 192.168.20.15). Let's further assume we have another computer running an non graphic (not putty) ssh client. Let's assume this other computer is called home and accessible with the IP-address 192.168.20.120.

On work you usually log in as the user myuser. Try now to type in a command line on computer work like ssh myuser@work. You will see something like th e following (first time you try, you will be asked to accept the key and have to type yes + return key), then it will ask you for the password of your user at work. After entering this, you will see the command line of the work computer appearing on yout home computer. Fascinating, isn't it?

ulno@home:~$ ssh myuser@work

The authenticity of host 'work (192.168.20.15)' can't be established.

ECDSA key fingerprint is 0f:b7:44:81:a5:f9:a5:04:0b:ad:11:2f:82:5f:1d:b7.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'work,192.168.20.15' (ECDSA) to the list of known hosts.

myuser@work's password:

Welcome to Ubuntu 12.10 (GNU/Linux 3.5.0-17-generic x86_64)

  • Documentation: https://help.ubuntu.com/

145 packages can be updated.

65 updates are security updates.

Last login: Mon Jan 28 19:47:16 2013

myuser@work:~$

However, this is actually only how things start to become interesting. Maybe you don't want to type in your password each time, when you login to the work computer. If you don't want to type your password each time, you can generate a local keypair on your home computer and copy the public key to the remote computer. To generate a key type in the following command on your work computer.

ssh-keygen

Confirm all questions just with return (this will allow you not to type any password later, you can though also protect your key with a password). Depending on your operating systems, you will usually now find your keys in .ssh:

ls .ssh/

id_rsa id_rsa.pub

id_rsa is your private key, id_rsa is your public key.

Type cat id_rsa to show your key (you should get something like the following result).

ulno@home:~$ cat .ssh/id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKNYsOJGE7o4pQVvyp9UBFJyogn1C3QsyUA56lRS9Dd3svC33uSKsHEkiJPTCA9+fV8xiPtO6z/VXLk4jddNvBx/WcrrRiQIY6d0iTi40RDmEmNG83t7XiXNZ1Lh+VlG5rPkys1aG/FQbXDYllynEQvjfANxzdBJsUBqdMicYGe3tooHsmnKGIR3MBMTrluNJcaDj8gK2b0P+Mu6Y4M8TsNc/pwFsu+ZJpV9hQrdc1GDxHqpELAHf+npZt/ALtHDVGQFy9ifgjqMo31+YDmqC5ssFrNkiJFWPhjiJrbHjoqsLF/7fy63zDOHLJI8cneO+6EUHi/0s+BakR0R81ZVxN ulno@home

Be careful, if somebody gets their hands on your is_rsa file, they can pretned to be you (at least to another computer). Copy the key starting with ssh_rsa and ending with ulno@home into your clipboard (select and press ctrl-c or on Linux ctrl-shift-c) and execute the following commands (after logging in with ssh) on your work computer:

myuser@work:~$ mkdir .ssh # create a directory for the authenticated key (things starting with # are comments and can be ignored)

myuser@work:~$ chmod 700 .ssh # the stuff in here shoudl kept secret and only be readable by you

myuser@work:~$ echo ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKNYsOJGE7o4pQVvyp9UBFJyogn1C3QsyUA56lRS9Dd3svC33uSKsHEkiJPTCA9+fV8xiPtO6z/VXLk4jddNvBx/WcrrRiQIY6d0iTi40RDmEmNG83t7XiXNZ1Lh+VlG5rPkys1aG/FQbXDYllynEQvjfANxzdBJsUBqdMicYGe3tooHsmnKGIR3MBMTrluNJcaDj8gK2b0P+Mu6Y4M8TsNc/pwFsu+ZJpV9hQrdc1GDxHqpELAHf+npZt/ALtHDVGQFy9ifgjqMo31+YDmqC5ssFrNkiJFWPhjiJrbHjoqsLF/7fy63zDOHLJI8cneO+6EUHi/0s+BakR0R81ZVxN > .ssh/authorized_keys # create the file to check your keys without password, make sure to use your own key and be careful not to have line breaks while copying

myuser@work:~$ ls -l .ssh/authorized_keys # mkae sure that this is also only readable by you

This should be all, if you try now to exit your remote work pc and login again with ssh, it should not ask your anymore for a password.

Also don't miss reading about tunneling with ssh (you can build your own proxy and virtual netwrok with this). Links for this are for exampel the following:

Comments