Simple usage

In [19]:
grep -i ssh /etc/services

# ftp: 20, 21
# telnet: 23

ssh		22/tcp				# SSH Remote Login Protocol
ssh		22/udp
In [ ]:
apt-get install openssh-client
In [7]:
ls -l /usr/bin/slogin

lrwxrwxrwx 1 root root 3 Aug 11 20:55 /usr/bin/slogin -> ssh
In [ ]:
ssh 192.168.56.4 # same user as we logged in with, user@host$
In [13]:
ssh milad@192.168.56.4 ls -l .ssh # issue command without connecting into the remote machine

total 4
-rw-------. 1 milad milad 389 Dec 31 21:54 authorized_keys

Config

In [7]:
nano .ssh/config

Host srv1
    HostName 192.168.56.5
    User milad
    Port 22

Verify ssh fingerprint

In [6]:
cat .ssh/known_hosts | head -1

|1|xTYhQn7iqwKon6UeUSothBrzMUU=|r295lLgKaYB5L0XT5FOHiPR1xF8= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA5DJEiZYdLRS5738n9dBZNnfFAUHovnq3061IsgWFwzRHWcdKIa3D4TzfZKQN/5d4gjBSznzawT1LP9GCEeWEE=
In [ ]:
ssh localhost # will give you the fingerprint of localhost
In [5]:
# Gather ssh public keys
ssh-keyscan -t ecdsa localhost
ssh-keyscan -t ecdsa 192.168.56.4

# 192.168.56.4:22 SSH-2.0-OpenSSH_6.6.1
192.168.56.4 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA5DJEiZYdLRS5738n9dBZNnfFAUHovnq3061IsgWFwzRHWcdKIa3D4TzfZKQN/5d4gjBSznzawT1LP9GCEeWEE=
In [ ]:
cat /etc/ssh/ssh_host_ecdsa_key.pub # same as ssh-keyscan -t ecdsa localhost
In [4]:
ssh-keyscan -t ecdsa localhost > ssh.ecdsa 2> /dev/null
ssh-keygen -lf ssh.ecdsa

256 SHA256:0MY+8jktivMDvak0C1THTqmDbhWYrQBT//AsR1YQoV4 192.168.56.4 (ECDSA)
In [ ]:
ssh
The authenticity of host '192.168.56.4 (192.168.56.4)' can't be established. ECDSA key fingerprint is SHA256:0MY+8jktivMDvak0C1THTqmDbhWYrQBT//AsR1YQoV4. Are you sure you want to continue connecting (yes/no)?
In [ ]:
ssh -o FingerprintHash=md5
The authenticity of host '192.168.56.4 (192.168.56.4)' can't be established. ECDSA key fingerprint is MD5:84:2f:86:b3:6d:86:0b:f3:cf:fe:95:de:20:e6:8d:6b. Are you sure you want to continue connecting (yes/no)?

Create a pair of key

In [ ]:
ssh-keygen -t rsa -b 4096 -C 'milad@tuxgeek.ir' -P '1234'
# RSA> min: 1024 - default: 2048
# DSA> 1024 Exact
Enter file in which to save the key (/home/milad/.ssh/id_rsa): Your identification has been saved in id_rsa.

Copy ID in a safe way

In [ ]:
ssh-copy-id root@srv1
ssh-copy-id root@192.168.56.4
ssh-copy-id 192.168.56.4 # same as user we logged in
ssh-copy-id -i new_rsa milad@srv1

Default behaviour without -i, is to check if ‘ssh-add -L’

If there was no key in agent then:
The default_ID_file is the most recent file that matches: ~/.ssh/id*.pub
Just use touch(1) on your preferred key's .pub file to rein‐state it as the most recent.

In [15]:
ssh srv1 cat .ssh/authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIj1ydevrYKJ4Kyr5cnD/fRxbNAcsdF83Xog4OXSEBa0tvRN6qYYaJbGMCGN7p1bJBMDep8JVN5mhNu25WoOlq1HLYgpFNlH/E/4+bdhyzqxt+FO3N77w6zJj30jR0NDIf9Z/aRZBYz/feFsKmswU0qn49YyQcl2KfImmKlDS+Vv/9QsKN2BLXTHMHUxlvLs416Ou7hPwYx6Aw7Zal763eUtV144JXQEKrYnjeZalcbVNQ2FghsDFglfFJfS9HD6TTS1U+iQljSMMQ6h4ea4/7pDadOgA24GZybT6KKomJP/756ifYolM29/3DWizHA4k/KKwqQ/JWXuk4/wDaoSDb new_rsa

SSH Agent & SSH Add

  • is a program to hold private keys
  • ssh-agent is usually started in the beginning of an X-session or a login session
  • all other windows or programs are started as clients to the ssh-agent program.
In [ ]:
exec dbus-launch --sh-syntax --exit-with-session ssh-agent openbox-session
# or login managers like lightdm
In [ ]:
ssh-agent bash
In [ ]:
eval "$(ssh-agent -s)"
In [ ]:
ssh-add ~/.ssh/id_rsa

ssh-add:

  • -l List fingerprints of all identities.
  • -L List public key parameters of all identities.
  • -d Delete identity.
  • -D Delete all identities.
  • -x Lock agent.
  • -X Unlock agent.

Disable ssh with password

In [6]:
ssh root@srv1 cat /etc/ssh/sshd_config
# PermitRootLogin without-password | yes | no # To disable tunneled clear text passwords, change to no here! # PasswordAuthentication yes
In [ ]:
systemctl restart sshd.service

SCP

In [8]:
scp /etc/hosts srv1:/tmp/hosts

hosts                                         100%  201     0.2KB/s   00:00
In [9]:
scp root@192.168.56.4:/tmp/ze /tmp

ze                                            100%   10     0.0KB/s   00:00

SFTP

In [ ]:
sftp root@srv1
  • cd
  • ls
  • pwd

  • mkdir

  • get -p remoteFile [localPath]

  • put -p localFile [remotePath]

  • lls

  • lcd
  • lpwd
  • lmkdir

SSHFS

The practical effect of this is that the end user can seamlessly interact with remote  
files being securely served over SSH just as if they were local files on his/her computer.
  • mounting
    • sshfs [user@]host:[dir] mountpoint [options]
  • unmounting
    • fusermount -u mountpoint
In [4]:
sshfs pc101:/home/milad/ mnt/
In [5]:
fusermount -u ~/mnt

Lecture notes

License

Creative Commons License

Linux Notes by Milad As (Ravexina) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

ravexina's gitlab

ravexina's github