Scribd Logo
Upload

Welcome to Scribd!

  • 205 views

    SSH Linux

    Uploaded by

    dcontrerasr7509
    1) The document discusses how to install and configure SSH server and client on a Debian Etch 4.0 system to enable password-less login using public-key authentication. It involves installing OpenSSH packages, editing the SSH daemon configuration file, generating public-private key pairs on the client, and copying the public key to the server's authorized keys file. 2) It also covers enabling SSH agent forwarding on the client so that users can login to the server without entering a password by associating the private key with the public key on the server. 3) Additional steps like restarting SSH services and testing password-less login are described. Configuring an SSH client on Windows is also briefly mentioned.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd

    SSH Linux

    Uploaded by

    dcontrerasr7509
    205 views8 pages
    1) The document discusses how to install and configure SSH server and client on a Debian Etch 4.0 system to enable password-less login using public-key authentication. It involves installing OpenSSH packages, editing the SSH daemon configuration file, generating public-private key pairs on the client, and copying the public key to the server's authorized keys file. 2) It also covers enabling SSH agent forwarding on the client so that users can login to the server without entering a password by associating the private key with the public key on the server. 3) Additional steps like restarting SSH services and testing password-less login are described. Configuring an SSH client on Windows is also briefly mentioned.

    Original Title

    ssh_linux

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    1) The document discusses how to install and configure SSH server and client on a Debian Etch 4.0 system to enable password-less login using public-key authentication. It involves installing OpenSSH packages, editing the SSH daemon configuration file, generating public-private key pairs on the client, and copying the public key to the server's authorized keys file. 2) It also covers enabling SSH agent forwarding on the client so that users can login to the server without entering a password by associating the private key with the public key on the server. 3) Additional steps like restarting SSH services and testing password-less login are described. Configuring an SSH client on Windows is also briefly mentioned.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    205 views8 pages

    SSH Linux

    Uploaded by

    dcontrerasr7509
    1) The document discusses how to install and configure SSH server and client on a Debian Etch 4.0 system to enable password-less login using public-key authentication. It involves installing OpenSSH packages, editing the SSH daemon configuration file, generating public-private key pairs on the client, and copying the public key to the server's authorized keys file. 2) It also covers enabling SSH agent forwarding on the client so that users can login to the server without entering a password by associating the private key with the public key on the server. 3) Additional steps like restarting SSH services and testing password-less login are described. Configuring an SSH client on Windows is also briefly mentioned.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    of 8

    SSH EN GNU/LINUX DEBIAN ETCH 4,0

    Empezaremos instalando el cliente del SSH.

    #apt-get install openssh-client

    Aquí nos solicitara que reiniciemos ciertos servicios, ya depende de nosotros si


    queremos o no hacerlo, en mi caso me solicita reiniciar el exim4.
    Le daremos Aceptar.

    Ahora instalaremos el servidor SSH.

    #apt.-get install openssh-server

    Editaremos el archivo de configuracion del servidor SSH.

    #nano /etc/ssh/sshd_config

    Y le dejaremos de la forma

    # Package generated configuration file


    # See the sshd(8) manpage for details

    # What ports, IPs and protocols we listen for


    Port 22
    # Use these options to restrict which interfaces/protocols sshd will
    bind to
    #ListenAddress ::
    ListenAddress 0.0.0.0
    Protocol 2
    # HostKeys for protocol version 2
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key
    #Privilege Separation is turned on for security
    UsePrivilegeSeparation yes

    # Lifetime and size of ephemeral version 1 server key


    KeyRegenerationInterval 3600
    ServerKeyBits 768

    # Logging
    SyslogFacility AUTH
    LogLevel INFO

    # Authentication:
    LoginGraceTime 120
    PermitRootLogin yes
    StrictModes yes

    RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile /root/.ssh/authorized_keys

    # Don't read the user's ~/.rhosts and ~/.shosts files


    IgnoreRhosts yes
    # For this to work you will also need host keys in
    /etc/ssh_known_hosts
    RhostsRSAAuthentication no
    # similar for protocol version 2
    HostbasedAuthentication no
    # Uncomment if you don't trust ~/.ssh/known_hosts for
    RhostsRSAAuthentication
    #IgnoreUserKnownHosts yes

    # To enable empty passwords, change to yes (NOT


    RECOMMENDED)
    PermitEmptyPasswords no

    # Change to yes to enable challenge-response passwords (beware


    issues with
    # some PAM modules and threads)
    ChallengeResponseAuthentication no

    # Change to no to disable tunnelled clear text passwords


    #PasswordAuthentication yes

    # Kerberos options
    #KerberosAuthentication no
    #KerberosGetAFSToken no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes

    # GSSAPI options
    #GSSAPIAuthentication no
    #GSSAPICleanupCredentials yes

    X11Forwarding yes
    X11DisplayOffset 10
    PrintMotd no
    PrintLastLog yes
    TCPKeepAlive yes
    #UseLogin no

    #MaxStartups 10:30:60
    #Banner /etc/issue.net

    # Allow client to pass locale environment variables


    AcceptEnv LANG LC_*

    Subsystem sftp /usr/lib/openssh/sftp-server

    UsePAM yes
    Ahora crearemos el archivo donde se almacenaran las claves publicas de
    nuestros clientes.

    #cd /root/

    En caso de que este directorio “.ssh” no exista lo crearemos mediante el


    comando

    #mkdir .ssh

    #cd .ssh

    #touch authorized_keys

    Ahora desde nuestro cliente Linux crearemos las llaves que almacenaremos en
    nuestro servidor SSH.

    #ssh-keygen -t rsa //para generar claves en formato rsa.

    #ssh-keygen -t dsa //para generar claves en formato dsa.

    Nos preguntara el donde y como guardar el par de llaves generadas.


    En nuestro caso sera (/root/.ssh/id_rsa), hay que tener en cuenta que en el
    archivo de configuracion debe estar descomentada el parametro
    “AuthorizedKeyFile” pues aca especificaremos donde se almacenaran las
    calves publicas.

    Digitaremos la contraseña de nuestra clave, y listo.

    Ahora en nuestro directorio .ssh, listaremos para visualizar las claves


    generadas.

    #ls -l

    Deberemos ver las llaves tanto privada como publica (id_rsa, id_rsa.pub).

    Ahora desde nuestro cliente Linux, copiaremos nuestra llave publica para
    almacenarlo en el archivo authorized_keys.

    #scp id_rsa.pub root@IP:/root/.ssh/clientelinux.pub

    Ahora en el servidor SSH reenviaremos la clave publica a nuestro archivo de


    authorized_keys.

    La clave de nuestro cliente deberia aparecer en /root/.ssh, por lo cual


    listaremos

    #cd /root/.ssh/

    #ls -l

    Deberia aparecer, entre otras cosas:


    clientelinux.pub

    Reiniciaremos el servicio SSH

    #/etc/init.d/ssh restart

    Ahora, al intentar acceder remotamente desde nuestro cliente SSH.

    #ssh usuario@IPRemota
    Ejemplo:
    #ssh [email protected]

    Nos pregunta que si estamos seguros de continura con la conexion, a lo que le


    responderemos “yes”.

    Luego nos solicita la contraseña de la clave publica que como cliente SSH
    generamos y mandamos al servidor SSH.

    Y listo ya hemos accedido a traves de SSH al servidor por medio de clave


    publica.
    Ahora, hagamos lo mismo solo que hagamos que el usuario remoto acceda sin
    necesidad de digitar ningun tipo de contraseña.

    Es decir, que el servidor relacione nuestra clave privada con la publica enviada
    anteriormente.
    Para realizar esto, deberemos digitar en el cliente un comando que nos permita
    esta relacion publica/privada, y este comando es el “ssh-agent”, con la
    inflexion del mismo “ssh-add”, el cual nos permite agregar una clave privada
    y relacionarla con la publica en nuestro servidor SSH.

    #ssh-add

    Nos pedira la contraseña que le dimos a nuestra clave privada.

    Y listo nos dira que ha sido añadida con exito, a lo cual ahora intentaremos
    nuevamente la conexión ssh y no nos deberia pedir la contraseña.

    #ssh [email protected]

    Y nos entrara directamente al equipo remoto.


    Seria lo mismo si deseamos acceder remotamente mediante un cliente
    Windows.

    Hariamos los pasos de creación de llaves mediante el mismo comando:

    ssh-keygen –t rsa

    Y enviaríamos igual la clave publica a nuestro servidor SSH, de ahí la


    copiaríamos al archivo authorized_keys, y nos logueamos igual con la
    contraseña de la clave publica.

    You might also like