Ssh

From DesigningPatterns

Jump to: navigation, search

Contents

Background

wikipedia:ssh is a protocol that allows secure communications between hosts. Linux and the BSD operating system use the wikipedia:Openssh ssh implementation by default. ssh can use wikipedia:Public-key_cryptography in order to authenticate connections without passwords being sent over the network. Many applications, like subversion and FreeNX, tunnel their services over ssh.

Installation

Add or change AuthorizedKeysFile .ssh/authorized_keys2 in /etc/ssh/sshd_config (FreeNX apparently requires this).

Designing Patterns uses public key cryptography to authenticate connections, both because it's more secure than exchanging passwords and because, if setup properly, it is easier (users do not need to enter passwords each time a connection is established). 

yum install keychain

The following block already should be added to /usr/designingpatterns/etc/profile 

case $- in
*i*)    # do things for interactive shell
    . /usr/designingpatterns/etc/auth
    ;;
  *)      # do things for non-interactive shell
    ;;
esac

where /usr/designingpatterns/etc/auth contains: 

#
# Setup keychain/ssh-agent
# See http://www.ibm.com/developerworks/linux/library/l-keyc2/
#
/usr/bin/keychain ~/.ssh/id_rsa ~/.ssh/id_dsa
source ~/.keychain/${HOSTNAME}-sh > /dev/null

This will ensure that an ssh-agent instance is running every time a user spawns an interactive login shell and, if necessary, prompt the user to enter passphrases for his private keys (the private keys are stored in an encrypted form on disk, and the passphrase is necessary in order to decrypt the private key).

Users

Each user should run 

ssh-keygen -t rsa

in order to generate a key pair. The public key id_rsa.pub should be appended to the ~user_name/.ssh/authorized_keys2 or ~user_name/.ssh/authorized_keys either manually or with ssh-copy-id of each host that the user needs to access.

Users must be allowed explicitly to log into a host by adding each user name to the AllowUsers line of /etc/ssh/sshd_config.

Reference

  • Part I, part II, and and part III is a good series of articles about ssh authentication. It describes the basics of ssh-agent and keychain (the information about keychain, in particular what file it places the ssh-agent information, is a bit dated).
  • This blog entry has some good ssh tips.
Retrieved from "http://wiki.designingpatterns.com/index.php/Ssh"
Personal tools