Tuesday, August 14, 2012

SSH server

I found this over at the Hak5 site. I highly recommend watching the full video:

Basic Client Setup in Linux
ssh -D 8080 user@host
The -D option, from the man pages
-D [bind_address:]port
Specifies a local dynamic application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine
Setting up a Linux OpenSSH Server
On a Debian based Linux machine setting up ssh can be as simple as issuing "sudo apt-get install ssh". In this segment Darren goes over some of the configuration lines you would find useful to modify in /etc/ssh/sshd_config.
AllowTcpForwarding yes GatewayPorts yes RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys AllowUsers bob alice PermitRootLogin no Protocol 2 Port 222 LoginGraceTime 1m ListenAddress ClientAliveInterval 60 ClientAliveCountMax 0
Be sure to restart the SSH deamon after editing the configuration. stop ssh;start ssh;service ssh restart;/etc/init.d/ssh restart #one of these should do it! :)
On a Linux OpenSSH server for example these key pairs will be found in /etc/ssh/*key*. The public keys will be world readable while the private keys can only be read by a superuser.
On a Linux client for example the key fingerprints of remembered servers are stored in ~/.ssh/known_hosts. Since SSH version 4 the username and hostnames associated with these servers are hashed.
To remotely verify the key fingerprint of an SSH server
ssh-keyscan -t rsa,dsa REMOTEHOSTNAME > /tmp/ssh_host_rsa_dsa_key.pub ssh-keygen -l -f /tmp/ssh_host_rsa_dsa_key.pub
Alternatively, on the remote server the key fingerprints can be found by:
cd /etc/ssh ls *key* cat ssh_host_key # this is the private key # permission will be denied if not superuser cat ssh_host_key.pub # this is the public key ssh-keygen -lf ssh_host_rsa_key.pub # field 1 = bit length of key # field 2 = fingerprint of key # field 3 = name of key
Setting up Key Pair Authentication in Linux with OpenSSH
On the remote host:
mkdir .ssh chmod 700 .ssh cd .ssh
On the local host:
ssh-keygen -t rsa scp ~/.ssh/id_rsa.pub user@host:.ssh/authorized_keys2
Back on the remote host:
ls -la authorized_keys2 chmod 600 authorized_keys2 exit
On the local host:
ssh user@host
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)