Site-wide Tags:  Linux(17) | CommandLine(12) | Ubuntu(10) | RemoteAccess(7) | Tools(7) | Vim(7) | LiftWeb(5) | SBT(5) | SoftwareDev(5) | Mac(5) | Scripts(4) | WebDev(4) | Diagrams(4) | Lifty(3) | NetworkDrives(3) | Processwire(3) | Security(3) | Fog(3) | VCS(3) | BestPractices(3) | RaspberryPi(2) | WebDesign(2) | Encryption(2) | Windows(2) | SSH(2) | WinCommandPrompt(2) | GitHubRepos(2) | Emacs(2) | PHP(2) | IDE(2) | ErrorMsgs(2) | JVM(2) | Hardware(2) | Bash(2) | Networks(2) | Graphviz(2) | Cloning | Cygwin | Graphics | Java | SystemRecovery | lessc | Maven | Python | PXE | Samba | LXDE | PackageManagement | LifeHacks | LESS |

This site has been archived and will no longer be updated.
You can find my new profile at neilpahl.com. My new blog is at 808.ninja.

Remote Login With SSH And Keypairs

Tags:  Ubuntu   Linux   SSH   Encryption   RemoteAccess   
Created on Sat, 03 Dec 2011.
Last Modified on Wed, 04 Apr 2012.

Motivation Behind This Cheatsheet

For those who need to remotly log into another linux machine.

The Cheatsheet

telnet is dated, and should be avoided if possible. It provides no encryption on the data being transmitted, which can lead to sniffed data and login credentials.

The much better alternative is to use Secure Shell (SSH). The common open source tool for this is to use openSSH (openssh.org).

For our purposes, we will say that BOX1 is trying to login to BOX2. BOX1 will require openssh-client and BOX2 will require openssh-server ( I believe openssh-server includes client as well).

to install on an ubuntu box:

sudo apt-get install openssh

or

sudo apt-get install openssh-server

other Linux distros will use different package managers.

or one can compile from the source code like any other linux software (get source packages from website, extract, ./config , make, make install)


once installed, check out the man page for detailed usage. but generally, the command to connect to server looks like this:

ssh {username}@{domainname/ip}

and then you will be asked to enter password. Or if the username is the same on both boxes the command to connect can be typed liek this:

ssh {domainname/ip}

and then you will be asked to enter username and password.

if you do not want to be prompted for username or password, you will have to generate key pairs.

Using Key Pairs:

to generate the default keypair:

ssh-keygen

it will ask you to confirm the saving location (/home/{user}/.ssh/id_rsa should be ok).

Now, you will have 2 files: id_rsa and id_rsa.pub (note they are using rsa encryption, see ssh-keygen man pages for options resulting in different types of encryption)

id_rsa is your private key, and should be kept on BOX1 at ~/.ssh/id_rsa with restricted permissions. id_rsa.pub is the public key, and the contents should be added to /home/{user}/.ssh/authorized_keys on BOX2.

cat id_rsa.pub >> ~/.ssh/authorized_keys

the public key can be given to anyone, as teh private key cannot be derrived from it. The only thing anyone can do with a public key, is give you access. The private key, however,can be used to get access to systems, so should be guarded strictly.

to use your private key, place the private key file in /home/{user}/.shh/

now when you ssh into BOX2, you will not be promted for a username or password. NOTE: if BOX1 and BOX2 have different usernames, then BOX1 should use:

    ssh {BOX2_username}@{BOX2_Domainname}

Further Discussion

Keypairs are useful not only because it saves us from typing the password, but also helps us automate things. ssh tools can now be used in a shell script, and then into a cron job. An example of a ssh tool would be scp (secure copy). scp copies files remotely and securely using the ssh protocol. This is a better option than ftp because the data will be encrypted. ftp is an insecure method of data transfer as the data is sent in the clear.



PLEASE let me know if I'm doing something wrong, or if you have any suggestions or requests~

blog comments powered by Disqus