SSH Key-Pair Authentication

Create Key-Pair by each user, so login with a common user on SSH Server Host and work like follows.

# create key-pair
debian@dlp:~$ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/debian/.ssh/id_rsa): # Enter or input changes if you want
Created directory '/home/debian/.ssh'.
Enter passphrase (empty for no passphrase): # set passphrase (if set no passphrase, Enter with empty)
Enter same passphrase again:
Your identification has been saved in /home/debian/.ssh/id_rsa
Your public key has been saved in /home/debian/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:H+lFm+3c93VekrLiFCYAwoWDUVs43s4JEze8wr8QzG8 debian@dlp.srv.world
The key's randomart image is:
.....
.....

debian@dlp:~$ll ~/.ssh

total 8
-rw------- 1 debian debian 2655 Aug 17 13:48 id_rsa
-rw-r--r-- 1 debian debian 574 Aug 17 13:48 id_rsa.pub
debian@dlp:~$mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys

Transfer the private key created on the Server to a Client, then it’s possible to login with Key-Pair authentication. Below is an example to connect from a linux shell. Continue reading “SSH Key-Pair Authentication” »

Share

SCP Command Syntax

Before going into how to use the scp command, let’s start by reviewing the basic syntax. The scp utility expressions take the following form:

scp [OPTION] [user@]SRC_HOST:]file1 [user@]DEST_HOST:]file2

OPTION – scp options such as cipher, ssh configuration, ssh port, limit, recursive copy ..etc
[user@]SRC_HOST:]file1 – Source file.
[user@]DEST_HOST:]file2 – Destination file
Local file should be specified using an absolute or relative path while remote file names should include a user and host specification.

scp provides a number of options that control every aspect of its behavior. The most widely used options are:

-P Specifies the remote host ssh port.
-p Preserves files modification and access times.
-q Use this option if you want to suppress the progress meter and non-error messages.
-C. This option will force scp to compresses the data as it is sent to the destination machine.
-r This option will tell scp to recursively copy directories. Continue reading “SCP Command Syntax” »

Share

SSH Tunnel on PuTTY

Most of you have probably used a tunnel with an SSH connection. What you probably weren’t aware of is that you can use a dynamic tunnel to access all remote infrastructure. Furthermore, you can specify a port and a destination IP to have direct access. This process is achieved through your PuTTY configuration.

In this procedure, we will use Internet Explorer, Firefox and an RDP connection to demonstrate the use of a tunnel with an SSH connection, as well as configuring the tunnel with several other protocol types.

Local Port Forwarding

Step 1 – Load the Session
In your PuTTY configuration, configure the Host Name and Port of your remote SSH computer­. Enter your Saved Sessions name, and click Save. If your session already exists, Load it as shown below:

Continue reading “SSH Tunnel on PuTTY” »

Share

How to Update SSH & MOTD Banner on CentOS 6

For legal reasons, Some people need to display a warning banner on their Linux machine before login so that a person requires to acknowledge the contents of the banner before entering the password. To do this, edit a/etc/issue.net file and fill it with the desired context.

Edit the  /etc/issue.net file:

sudo nano /etc/issue.net

001Here is mine banner as a sample, you can add your’s here:

#########################################################
# Authorized access only! # 
# Disconnect IMMEDIATELY if you are not an authorized user!!! #
# All actions Will be monitored and recorded #
###############################################################

Continue reading “How to Update SSH & MOTD Banner on CentOS 6” »

Share

Reinstall OpenSSH Server

First if you have any pre-installed SSH server that has gone bad, remove it-

on Redhat Architechture

Type the following commands as the root user:

# chkconfig sshd off
# service sshd stop
# yum erase openssh-server

You need to edit and update firewall rules that allows inbound connections to SSHs tcp port # 22. Edit /etc/sysconfig/iptables and /etc/sysconfig/ip6tables. In each file find and delete the line that access connection to port # 22. A sample entry: Continue reading “Reinstall OpenSSH Server” »

Share

SSH Public key based authentication

Method-1:

Create the cryptographic Key on FreeBSD / Linux / UNIX workstation, enter:

ssh-keygen -t rsa
Assign the pass phrase (press [enter] key twice if you don’t want a passphrase). It will create 2 files in ~/.ssh directory as follows:
  • ~/.ssh/id_rsa : identification (private) key
  • ~/.ssh/id_rsa.pub : public key
Use scp to copy the id_rsa.pub (public key) to rh9linux.nixcraft.org server as authorized_keys2 file, this is know as Installing the public key to server.
 
scp .ssh/id_rsa.pub vivek@rh9linux.nixcraft.org:.ssh/authorized_keys2
 
From FreeBSD workstation login to server: Continue reading “SSH Public key based authentication” »
Share