This link has been bookmarked by 212 people . It was first bookmarked on 02 Mar 2006, by Joel Liu.
-
11 Mar 12
-
17 Feb 12
-
05 Nov 11
-
25 Aug 11
-
11 Aug 11
-
06 Jul 11
-
Compression
-
-
17 Apr 11
-
10 Jan 11
-
07 Jan 11
-
20 Dec 10
-
-
What this means is that it is safe to send your public key (i.e. the contents of the
~/.ssh/id_rsa.pubfile) in electronic mail or by other means e.g. to have a system administrator of a remote site install that key into your~/.ssh/authorized_keysfile. For anyone to actually gain access they need the corresponding private key (i.e. the decrypted contents of~/.ssh/id_rsa) to identify themselves. -
ssh-keygen -t rsa
-
To allow access to a system for a given identity place the public key in your
~/.ssh/authorized_keysfile on that system. All keys listed in that file are allowed access. -
scp -p ~/.ssh/authorized_keys hrothgar:.ssh/
-
Use a text editor to add more keys to the file. If you use cut and paste to copy the key make sure each key entry is a single line in the file. The keys to add are always the public keys (from files with the
.pubextension). -
If access to the remote system is still denied you should check the permissions of the following files on it:
-
The permissions should allow writing only by you (the owner). This example shows the most relaxed permissions you could use.
-
To make the remote system allow access you must change the permissions to disallow writing by others than the owner.
-
You can change the default remote account name by creating a configuration file entry for the host.
-
The
sshcommand can also be used to run commands on remote systems without logging in. The output of the command is displayed and control returns to the local system. Here is an example which will display all the users logged in on the remote system. -
beowulf% ssh hrothgar who
-
Use the
-nto prevent the remote system from trying to read from the terminal starting thextermand put the process in the background. A new window from the remote system should appear shortly on your display. -
You can copy files from the local system to a remote system or vice versa, or even between two remote systems using the
scpcommand. To specify a file on a remote system simply prefix it with the name of the remote host followed by a colon.If you leave off the filename of the copy or specify a directory only the name of the source file will be used. An easy way of retrieving a copy of a remote file into the current directory while keeping the name of the source file is to use a single dot as the destination.
-
The
-poption is not required. It indicates that the modification and access times as well as modes of the source file should be preserved on the copy. This is usually desirable.You can copy several files in a single command if the destination is a directory.
-
Relative filenames resolve differently on the local system than on the remote system. On the local system the current directory is assumed (as usual with all commands). On the remote system the command runs in the home directory! Thus relative filenames will be relative to the home directory of the remote account.
-
NOTE: When you specify remote machines in both the source and the destination the connection to copy the files is made directly between those hosts. The files are not copied through the local system. Sometimes this makes a difference in a firewalled or otherwise restricted environment.
-
KeepAliveyes/no (yes)- Controls whether TCP keepalive messages are used. When enabled it is possible to detect network outages and automatically close your connections (which is good). However, if you are connected over a dialup link that automatically dials when there is traffic, you will want to turn this off to avoid unnecessarily bringing up the line
-
-
02 Nov 10
-
uses a public key to encrypt data and a private key to decrypt it.
-
it is safe to send your public key (i.e. the contents of the
~/.ssh/id_rsa.pubfile) -
in electronic mail
-
your
~/.ssh/authorized_keysfile -
private key (i.e. the decrypted contents of
~/.ssh/id_rsa) -
To further protect your private key you should enter a passphrase to encrypt the key when it is stored in the filesystem.
-
This will prevent people from using it even if they gain access to your files.
-
Creating
-
ssh-keygento create an authentication key -
type in a good pass-phrase when prompted for one
-
your input is in bold
-
ssh-keygen -t rsa
-
Generating public/private rsa key pair.
-
file in which to save the key (/u/kim/.ssh/id_rsa): [RETURN]
-
passphrase
-
identification
-
d_rsa
-
id_rsa.pub.
-
public key
-
pass-phrase
-
the
-poption -
old passphrase
-
new passphrase
-
Authorizing
-
To allow access to a system for a given identity place the public key in your
~/.ssh/authorized_keys -
All keys listed in that file are allowed access.
-
cd ~/.ssh
-
cp id_rsa.pub authorized_keys
-
You could now copy the
~/.ssh/authorized_keysfile to other systems to allow access from the local system. -
One way to copy the file is to use the
scpcommand, like this: -
scp -p ~/.ssh/authorized_keys hrothgar:.ssh/
-
password: YourPasswordHere
-
The keys to add are always the public keys (from files with the
.pubextension). -
NOTE: To gain access to restricted systems you might need to send your public key in electronic mail to the administrator of the system.
-
home directory
-
~/.sshdirectory -
~/.ssh/authorized_keysfile -
The permissions should allow writing only by you (the owner).
-
drwxr-xr-x
-
drwxr-xr-x
-
-rw-r--r--
-
chmod go-w . .ssh .ssh/authorized_keys
-
Logging into remote systems
-
slogin hrothgar
-
passphrase for key '/u/kim/.ssh/id_rsa': 1amp jumb3d
-
-lswitch to specify the remote account name. -
beowulf%
-
-l suominen
-
panix%
-
Running commands on remote systems
-
to run commands on remote systems without logging in.
-
The output of the command is displayed and control returns to the local system
-
ssh hrothgar who
-
Copying files between systems
-
copy files from the local system to a remote system or vice versa, or even between two remote systems using the
scpcommand. -
To specify a file on a remote system simply prefix it with the name of the remote host followed by a colon.
-
scp -p hrothgar:aliases .
-
The
-poption is not required. -
scp -p hrothgar:.login hrothgar:.logout panix.com:.
-
~/.ssh/config
-
Compressionyes/no (no) -
KeepAliveyes/no (yes) -
Useraccount (local account)- Specify the remote account name. Add this to avoid having to use the
-loption when issuing commands.
-
-
26 Oct 10
-
18 Sep 10
-
30 Aug 10
-
17 Aug 10
-
20 Apr 10
-
04 Apr 10
-
24 Mar 10
-
12 Mar 10
-
01 Mar 10
-
26 Feb 10
-
18 Feb 10
-
16 Feb 10
-
12 Feb 10
-
21 Jan 10
-
18 Jan 10
-
06 Jan 10
-
26 Dec 09
-
Public key cryptography uses a public key to encrypt data and a private key to decrypt it. The name public key comes from the fact that you can make the encryption key public without compromising the secrecy of the data or the decryption key.
What this means is that it is safe to send your public key (i.e. the contents of the
~/.ssh/id_rsa.pubfile) in electronic mail or by other means e.g. to have a system administrator of a remote site install that key into your~/.ssh/authorized_keysfile. For anyone to actually gain access they need the corresponding private key (i.e. the decrypted contents of~/.ssh/id_rsa) to identify themselves.To further protect your private key you should enter a passphrase to encrypt the key when it is stored in the filesystem. This will prevent people from using it even if they gain access to your files.
-
-
17 Sep 09
-
10 Sep 09
-
18 Aug 09
-
24 Jul 09
-
23 Jul 09
-
10 Jul 09
-
08 Jul 09
Sarab PannuThe following sections hope to provide enough information to setup a user new to ssh with the appropriate files necessary for accessing remote hosts in a secure manner. Improvements to and comments about this document are welcome.
-
22 Jun 09
-
05 Apr 09
-
10 Mar 09
-
01 Feb 09
-
30 Jan 09
-
03 Jan 09
-
24 Nov 08
-
05 Sep 08
-
25 Jul 08
-
22 Jul 08
-
08 Jul 08
-
18 Jun 08
-
04 Jun 08
-
03 Jun 08
-
08 May 08
-
29 Apr 08
-
23 Mar 08
-
20 Mar 08
-
12 Mar 08
-
26 Feb 08
-
25 Feb 08
-
23 Feb 08
-
28 Jan 08
-
27 Jan 08
-
15 Jan 08
-
17 Dec 07
-
26 Nov 07
-
15 Oct 07
-
09 Oct 07
-
04 Aug 07
-
20 Jul 07
-
24 May 07
-
08 Apr 07
-
06 Feb 07
-
10 Dec 06
-
27 Nov 06
-
13 Nov 06
-
28 Oct 06
-
24 Oct 06
-
The examples now show ssh version 2 commands, using OpenSSH. There are several security vulnerabilities in protocol version 1. Everyone should have already migrated to version 2 by now, so it was about time for me to also reflect best practises in this document. I also updated the link section at the end of the document to better reflect today’s software selection.
-
-
05 Oct 06
-
30 Sep 06
-
29 Sep 06
-
18 Aug 06
-
01 Aug 06
-
14 Jul 06
-
11 Jul 06
-
09 Jul 06
-
04 Jul 06
-
03 Jul 06
-
The following sections hope to provide enough information to setup a user new to ssh with the appropriate files necessary for accessing remote hosts in a secure manner.
-
-
23 Jun 06
-
26 May 06
-
01 May 06
-
30 Apr 06
-
02 Apr 06
-
16 Mar 06
-
10 Mar 06
-
26 Feb 06
-
The following sections hope to provide enough information to setup a user new to ssh with the appropriate files necessary for accessing remote hosts in a secure manner.
-
-
25 Feb 06
-
15 Feb 06
-
14 Feb 06
Page Comments
Would you like to comment?
Join Diigo for a free account, or sign in if you are already a member.