SSH
der.hans
PLUGd@LuftHans.com
Sat, 10 Mar 2001 10:07:22 -0700 (MST)
Am 08. Mar, 2001 schwäzte Lucas Vogel so:
> I did all that, and I'm running 2.2.x until I know I can run 2.4.2
> securely-last time I left that kernel running someone was playing with
> popper...
>
> Anyhoo, I at least think I have sshd running, but I can't seem to connect to
> it for anything. I ran ssh-keygen for the login I want to connect with and
> created a passphrase. What else should I be doing?
ps auxwww | grep ssh
You should get an entry for sshd.
Default perms from the openssh package allows you to login by just giving
your passwd, the same as for telnet, except it's encrypted. You don't need
a key for that.
Once that's working, you can generate a key, attach to an agent and try an
automagic connection.
You've got a key from ssh-keygen. From that you should get
$HOME/.ssh/identity and $HOME/.ssh/identity.pub files. Append the
$HOME/.ssh/identity.pub file onto the $HOME/.ssh/authorized_keys [1] file
on any computers you want to be able to ssh into.
From the shell you want to connect from run [2]:
eval `ssh-agent`
That gives you an authentication token agent. If that worked running
"ssh-add -l" should tell you that your agent has no tokens. Not being able
to talk to the agent means the agent didn't startup. "ssh-add" will
prompt you for your passphrase. Once you've authenticated "ssh-add -l"
should list that key. At that point you're ready to go.
Don't forget to turn on the ability to forward X stuff, -X, and
authentication tokens, -A, if you want those capabilities. Don't change
your DISPLAY variable on the remote machine after connecting. Doing so
leaves that X traffic unprotected. Using ssh's setup gives you an
encrypted ( and compressed if you want it ) X tunnel between the machines.
ciao,
der.hans
[1] cat $HOME/.ssh/identity.pub >>$HOME/.ssh/authorized_keys
[2] A simpler way to start the agent is "ssh-agent bash". That starts a
new shell that's attached to the agent. Also, if you're running from X you
probably already have an agent running, so you just need to run
"ssh-add" to authenticate.
>
> -----Original Message-----
> From: Kevin Brown [mailto:kevin_brown@qwest.net]
> Sent: Thursday, March 08, 2001 11:24 PM
> To: plug-discuss@lists.PLUG.phoenix.az.us
> Subject: Re: SSH
>
>
> if you installed version 2.4 then check your /etc/rc.d/init.d folder for an
> ssh*
> file and run "/etc/rc.d/init.d/ssh??? start" where ??? is the rest of the
> file
> name. If you installed 2.2 or below then run sshd2 or ssh2d (can't remember
> which). Also before you start the service up go into /etc/ssh2/sshd2_config
> and
> change the line that says "PermitRootLogin yes" to "PermitRootLogin no" to
> keep
> root from being able to log in directly from ssh. You can still su or su -
> to
> root, but have to login first as a normal user.
>
> > I can't seem to get ssh* going. I want ssh running as a daemon on my linux
> > pc at home and connect to it at work via windows client. I have the ssh*
> > rpms installed, what do I do to get this thing working? RTFM didn't
> help...
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post
> to the list quickly and you use Netscape to write mail.
>
> Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
# der.hans@LuftHans.com home.pages.de/~lufthans/ www.YourCompanyHere.net ;-)
# I chose to use the kernel sources as my documentation. ;-) -- Kevin Buettner