Technology Software
/ Sunday, May/19/2024 / 12

Introduction to Linux

10.3.4. The SSH suite

10.3.4.1. Introduction


Most UNIX and Linux systems now run Secure SHell in order to leave out the security risks that came with telnet . Most Linux systems will run a version of OpenSSH, an Open Source implementation of the SSH protocol, providing secure encrypted communications between untrusted hosts over an untrusted network. In the standard setup X connections are automatically forwarded, but arbitrary TCP/IP ports may also be forwarded using a secure channel.


The ssh client connects and logs into the specified host name. The user must provide his identity to the remote machine as specified in the sshd_config file, which can usually be found in /etc/ssh . The configuration file is rather self-explanatory and by defaults enables most common features. Should you need help, you can find it in the sshd man pages.

When the user's identity has been accepted by the server, the server either executes the given command, or logs into the machine and gives the user a normal shell on the remote machine. All communication with the remote command or shell will be automatically encrypted.

The session terminates when the command or shell on the remote machine exits and all X11 and TCP/IP connections have been closed.

When connecting to a host for the first time, using any of the programs that are included in the SSH collection, you need to establish the authenticity of that host and acknowledge that you want to connect:

   

lenny ~>ssh blob The authenticity of host 'blob (10.0.0.1)' can't be established. RSA fingerprint is 18:30:50:46:ac:98:3c:93:1a:56:35:09:8d:97:e3:1d. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'blob,192.168.30.2' (RSA) to the list ofknown hosts. Last login: Sat Dec 28 13:29:19 2002 from octarine This space for rent.lenny is in ~

It is important that you type "yes" , in three characters, not just "y" . This edits your ~/.ssh/known_hosts file, see Section 10.3.4.3 .

If you just want to check something on a remote machine and then get your prompt back on the local host, you can give the commands that you want to execute remotely as arguments to ssh :

   

lenny ~>ssh blob who jenny@blob's password: root tty2 Jul 24 07:19 lena tty3 Jul 23 22:24 lena 0: Jul 25 22:03lenny ~>uname -n magrat.example.com

10.3.4.2. X11 and TCP forwarding


If the X11Forwarding entry is set to yes and the user is using X applications, the DISPLAY environment variable is set, the connection to the X11 display is automatically forwarded to the remote side in such a way that any X11 programs started from the shell will go through the encrypted channel, and the connection to the real X server will be made from the local machine. The user should not manually set DISPLAY . Forwarding of X11 connections can be configured on the command line or in the sshd configuration file.

The value for DISPLAY set by ssh will point to the server machine, but with a display number greater than zero. This is normal, and happens because ssh creates a proxy X server on the server machine (that runs the X client application) for forwarding the connections over the encrypted channel.

This is all done automatically, so when you type in the name of a graphical application, it is displayed on your local machine and not on the remote host. We use xclock in the example, since it is a small program which is generally installed and ideal for testing:



Figure 10-3. SSH X11 forwarding

SSH will also automatically set up Xauthority data on the server machine. For this purpose, it will generate a random authorization cookie, store it in Xauthority on the server, and verify that any forwarded connections carry this cookie and replace it by the real cookie when the

* License

* Introduction to Linux Index
SHARE
RELATED POSTS on "Technology"
How Do I Print Business Cards With Microsoft Publisher?
How Do I Print Business Cards With Microsoft Publisher?
How to Reduce the Size of Photos Using Adobe Photoshop Elements 3.0
How to Reduce the Size of Photos Using Adobe Photoshop Elements 3.0
Features and Benefits of Project Portfolio Management
Features and Benefits of Project Portfolio Management
Fix Registry - Fix Registry Errors Easily
Fix Registry - Fix Registry Errors Easily
Business Intelligence Solutions and Services
Business Intelligence Solutions and Services
AutoCAD Architecture
AutoCAD Architecture
Best Social Networking Apps
Best Social Networking Apps
IKE
IKE
Help Desk Software by help-desk-software
Help Desk Software by help-desk-software
What's Better - Building a BPM Solution Or Buying One?
What's Better - Building a BPM Solution Or Buying One?
How to Make Music Fade out in Moviemaker
How to Make Music Fade out in Moviemaker
How to Shrink a DVD With Nero Instructions
How to Shrink a DVD With Nero Instructions
Live Chat Software: Four Tips To Help You Get the Most Out of Your Software
Live Chat Software: Four Tips To Help You Get the Most Out of Your Software
How to Stop Rootkits
How to Stop Rootkits
3 First-Rate Foundations for Making Movies
3 First-Rate Foundations for Making Movies
How to Build Game Downloads
How to Build Game Downloads
The Linux Modem How-To
The Linux Modem How-To
Text-Terminals on Linux - 11.6 Terminal Server Connection
Text-Terminals on Linux - 11.6 Terminal Server Connection
The Linux Loadable Kernel Module How-To
The Linux Loadable Kernel Module How-To
How to Create Photo Albums With CSS
How to Create Photo Albums With CSS

Leave Your Reply

*