OpenSSH is a free open source set of computer tools used to provide secure and encrypted communication over a computer network by using the SSH protocol. It is a set of computer programs that use the ssh protocol.
SSH stand for Secure Shell, it is used to connect to a remote computer securely. Compare to Telnet, SSH is secure wherein the client and server connection is authenticated using a digital certificate and passwords are encrypted. Hence, It’s widely used by system administrator to control remote Linux servers.it is a protocol which allows users to connect to a remote system using a client-server architecture.
Installing SSH:
To install OpenSSh you need openssh, openssh-server and openssh-clients packages. The openssh package requires openssl-libs to be installed on the system its provide very important cryptography libraries.
| To install OpenSSh install [root@asim ~]# yum install openssh* Or [root@asim ~]#yum install openssh-server [root@asim ~]#yum install openssh-clients [root@asim ~]#yum install openssh-libs |
| Configure file for sshd [root@asim ~]# cat /etc/ssh/sshd_config |
| Make a copy of the original configuration file before doing any changes [root@asim ~]# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig |
| To view and edit the ssh configuration file [root@asim ~]# vim /etc/ssh/sshd_config |
| To restart the ssh service [root@asim ~]# systemctl restart sshd |
| To start the ssh service [root@asim ~]# systemctl start sshd |
| To check status of ssh [root@asim ~]# systemctl status sshd |
| To test SSH local session [root@asim ~]# ssh root@localhost The authenticity of host ‘localhost (::1)’ can’t be established. PByUg4YXM8DKbWpRmDQlNqVdKYvm1HmbxGTo23zEeAs ECDSA key fingerprint is SHA256:. ECDSA key fingerprint is MD5:e1:ec:7a:d9:a6:79:f9:4f:78:96:c7:91:83:71:78:dc. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘localhost’ (ECDSA) to the list of known hosts. root@localhost’s password: Last login: Sun Jun 30 08:08:19 2019 |
| To login through SSH using default port [root@asim ~]# ssh cms@192.168.122.1 The authenticity of host ‘192.168.122.1 (192.168.122.1)’ can’t be established. ECDSA key fingerprint is SHA256:PByUg4YXM8DKbWpRmDQlNqVdKYvm1HmbxGTo23zEeAs. ECDSA key fingerprint is MD5:e1:ec:7a:d9:a6:79:f9:4f:78:96:c7:91:83:71:78:dc. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘192.168.122.1’ (ECDSA) to the list of known hosts. cms@192.168.122.1’s password: Last login: Thu Jun 13 10:36:19 2019 SSH Key-Based Authentication: |
User can authenticate ssh logins without a password by using public key authentication. SSH key pairs are two cryptographically secure keys that can be used to authenticate a client to an SSH server. Each key pair consists of a public key and a private key. The private key is retained by the client and should be kept absolutely, secret. The associated public key can be shared freely. The public key can b used to encrypt messages that only the private key can decrypt. The public key is uploaded to a remote server that you want to be able to log into with SSH. When a client attempts to authentication using SSH keys, the server can test the client on whether they are in possession of the private key. If the client can prove it owns the private key, a shell session is release and the command is executed.
Generate a SSH key pair on local system
| Generating public/private rsa key pair. Enter file in which to save the key (/home/cms/.ssh/id_rsa): Created directory ‘/home/cms/.ssh’. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/cms/.ssh/id_rsa. Your public key has been saved in /home/cms/.ssh/id_rsa.pub. The key fingerprint is: SHA256:OQbjIz/JrA5kf6oM85vAjXYAetLPCYq0YEug+U/XKAw cms@asim.eiheducation.com The key’s randomart image is: +—[RSA 2048]—-+ | | | | |o o | |=o . o . | |*=E . o S | |BB*B * * . | |**ooO X . | |.*.= * . | | *+= | +—-[SHA256]—–+ |
| Default location of key pairs user [cms@asim ~]$ cd ~/.ssh [cms@asim .ssh]$ |
| Private key in user home directory [cms@asim .ssh]$ cat id_rsa |
| Public key in user home directory [cms@asim .ssh]$ cat id_rsa.pub |
| Copying your public key to remote system [cms@asim .ssh]$ cp id_rsa.pub cms1@remote_host @remote_host or @ remote host ip address |
| Connecting to remote system [cms@asim .ssh]$ ssh cm1s@remote_host |
| To restart the ssh service [root@asim ~]# systemctl restart sshd |
| To start the ssh service [root@asim ~]# systemctl start sshd |
| To check the status of ssh service [root@asim ~]# systemctl status sshd |
| Uncomment password authentication and set passwordAuthentication no -Value no to disable password authentication pubkeyAuthentication yes -Uncomment enable public key authentication PermitRootLogin Yes -Uncomment to permit root for ssh [root@asim ~]# vim /etc/ssh/sshd_config |
| To restart the ssh service [root@asim ~]# systemctl restart sshd |
| To start the ssh service [root@asim ~]# systemctl start sshd |
| To check the status of ssh service [root@asim ~]# systemctl status sshd |
