Telnet is a popular way to access a remote system, unfortunately, it is incredibly insecure. Telnet, along with rlogin, rcp, and rsh, are known to be insecure ways of connecting to a remote system. They are unencrypted and send login information in plain text. Because of this, anyone between the telnet client and the telnet server can intercept the packets and gain private information. Secure SHell (SSH) is a replacement for these types of remote access schemes. OpenSSH (the version of SSH that is talked about in this tip) uses Secure Socket Layer (specifically OpenSSL) to create an encrypted tunnel between the SSH client and the SSH server. With this tunnel in place, everything sent between the two computers is encrypted, so if a packet sniffer between the two systems is capturing packets, it will not be able to make use of the data collected.

Installation

Download and install the rpms: 

  openssl-0.9.5a-3.i386.rpm
  openssh-2.1.1p4-1.i386.rpm
  openssh-server-2.1.1p4-1.i386.rpm
  openssh-clients-2.1.1p4-1.i386.rpm

Setup

After reading man sshd, although it is probably correct as is, read /etc/ssh/sshd_config. Since OpenSSH uses TCP_WRAPPERS, add the hosts to be allowed to use SSH into /etc/hosts.allow and block everyone else in /etc/hosts.deny. An example for /etc/hosts.allow that allows everyone in the 192.168.1 subnet to use SSH is: 

  sshd: 192.168.1.0/255.255.255.0

In /etc/hosts.deny, add this line to default block everyone from using Secure SHell: 

  sshd: ALL

Start sshd by running: 

  /etc/rc.d/init.d/sshd start

To use the SSH client, first you must make a key. Run 

  /usr/bin/ssh-keygen

ssh-keygen creates a public and private key to be used for encryption and decryption of data sent through the encrypted tunnel. Here is a sample run of ssh-keygen: 

  [sabaka00@CC989892-A sabaka00]# ssh-keygen
  Generating RSA keys:  ...............................ooooooO...ooooooO
  Key generation complete.
  Enter file in which to save the key (/sabaka00/.ssh/identity):
  Enter passphrase (empty for no passphrase):
  Enter same passphrase again:
  Your identification has been saved in /sabaka00/.ssh/identity.
  Your public key has been saved in /sabaka00/.ssh/identity.pub.
  The key fingerprint is:
  c2:ff:74:c5:e5:7d:b7:23:56:bb:11:8c:8a:97:77:7a sabaka00@CC989892-A
  [sabaka00@CC989892-A sabaka00]#

For more information about ssh-keygen, read man ssh-keygen.

Once you have created the public and private keys, copy the public key, normally found at $HOME/.ssh/identity.pub, to the host that is going to be connected to. The key should be in $HOME/.ssh/authorized_keys of the user that will be logged into on the remote system. Make sure the public key is on a single line in the authorized_keys file.

Use

After the keys are set up on the local and remote systems, connect to an SSH server like this: 

  ssh -l <Login name> -i <identity file> host

An example would be: 

  [sabaka00@CC989892-A sabaka00]$ ssh -l sabaka00 192.168.1.1
  This email address is being protected from spambots. You need JavaScript enabled to view it..1.1's password:
  Last login: Fri Aug  4 22:53:42 2000 from localhost.localdomain
  [This email address is being protected from spambots. You need JavaScript enabled to view it..1.1 sabaka00]$

Read man ssh for more information about the different command-line options for ssh.

More Information

  • For more information on SSH, see the SSH-FAQ and the SSH-HOWTO.
  • For more information about OpenSSH, go to the OpenSSH website.
  • For more information about OpenSSL, go to the OpenSSL website.