OPENSSH Service
Define OPEN Secure Shell.Its Principle
Getting ready
$ vagrant up
$ vagrant ssh
How to do it
From the man pages ssh,it OpenSSH SSH client (remote login program).
Installing/Creating OPENSSH service
$ sudo yum install openssh-server openssh-clients
Configuring OPENSSH service
$ sudo systemctl enable sshd
$ sudo systemctl start sshd
$ sudo systemctl status sshd
Managing ssh in Firewall
$ sudo firewall-cmd --add-service=ssh --permanent
or add ssh port 22
$ sudo firewall-cmd --add-port=22 --permanent
Now manage simple remote login
$ ssh [email protected]
The authenticity of host '192.168.56.102 (192.168.56.102)' can't be established.
ECDSA key fingerprint is 3f:e5:4a:28:7e:e8:fc:2c:1e:d3:0e:e9:bd:fb:ca:3e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.56.102' (ECDSA) to the list of known hosts.
[email protected]'s password:
Last login: Fri May 27 11:41:17 2016
SSH Key host on client (when we make remote login they generate Key ID )
$ vim ~/.ssh/known_hosts
192.168.56.102 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHiphHGMc4WIFFb5U5iixc9Qj6unbozJ6DXcs6dZPHNa/1h/tX9J3zF4Zm+Tu7si0D9Mcd4L9P7/GokYu80mo94=
~
For remove the ssh login host key
$ rm ~/.ssh/known_hosts
Now another Host key on the server
$ sudo ls -la /etc/ssh/
drwxr-xr-x. 2 root root 4096 May 24 14:39 .
drwxr-xr-x. 78 root root 8192 May 27 11:45 ..
-rw-r--r--. 1 root root 242153 Nov 20 2015 moduli
-rw-r--r--. 1 root root 2208 Nov 20 2015 ssh_config
-rw-------. 1 root root 4361 Nov 20 2015 sshd_config
-rw-r-----. 1 root ssh_keys 227 May 24 14:39 ssh_host_ecdsa_key
-rw-r--r--. 1 root root 162 May 24 14:39 ssh_host_ecdsa_key.pub
-rw-r-----. 1 root ssh_keys 387 May 24 14:39 ssh_host_ed25519_key
-rw-r--r--. 1 root root 82 May 24 14:39 ssh_host_ed25519_key.pub
-rw-r-----. 1 root ssh_keys 1675 May 24 14:39 ssh_host_rsa_key
-rw-r--r--. 1 root root 382 May 24 14:39 ssh_host_rsa_key.pub
View the Remote login user
$ w -uf
12:00:20 up 1:25, 3 users, load average: 0.04, 0.28, 0.38
USER TTY LOGIN@ IDLE JCPU PCPU WHAT
centos7s :0 10:42 ?xdm? 20:49 0.14s gdm-session-worker [pam/gdm-pas
centos7s pts/0 10:43 2:12 0.30s 0.11s ssh [email protected]
centos7s pts/1 11:07 4.00s 0.17s 0.01s w -uf
Creating/Making Authentication OPENSSH key based
# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): Enter
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): Enter
Enter same passphrase again: Enter
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
4c:bf:d4:bf:d2:b8:e0:4d:55:a8:56:1a:f3:14:0d:2e [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| oo |
| . o.|
| . E = .|
| o . . X . |
| S o = o |
| . o o |
| o .o. |
| . +o .. |
| . oo. |
+-----------------+
$ ssh-copy-id -i [email protected]
$ ls .ssh/
id_rsa id_rsa.pub
OpenSSH Configuration for secure
Permit root secure Remote login password
In server
$ sudo /etc/ssh/sshd_config
PermitRootLogin no
AllowUsers radha shyam
DenyUsers ram
:wq
$ sudo systemctl restart sshd.service
In client
$ ssh [email protected]
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:
Restrict password Authentication using remote ssh
In server
$ sudo /etc/ssh/sshd_config
PasswordAuthentication no
:wq
$ sudo systemctl restart sshd.service
In client
$ ssh [email protected]
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).