SlideShare a Scribd company logo

SSH how to 2011

Chris Hales
Chris Hales

Internal knowledge share on SSH setup and usage. Includes some helpful config file options to save time and how to create and use SSH keys for better security and productivity.

Technology
1 of 22
Download to read offline
SSH Keys and Configurations Chris Hales
What is SSH? Secure Shell aka SSH is a secure encrypted communication protocol designed to replace older insecure protocols like telnet, rsh, and ftp.
What is SSH? Secure Shell aka SSH is a secure encrypted communication protocol designed to replace older insecure protocols like telnet, rsh, and ftp. SSH authentication can be done with a username and password combination which is the default. Here's the most simplistic usage we might encounter. $ ssh user@secureserver After you connect to secureserver you are normally asked for your password to complete the login.
What is SSH? Secure Shell aka SSH is a secure encrypted communication protocol designed to replace older insecure protocols like telnet, rsh, and ftp. SSH authentication can be done with a username and password combination which is the default. Here's the most simplistic usage we might encounter. $ ssh user@secureserver After you connect to secureserver you are normally asked for your password to complete the login. When you start doing this over and over again for many systems with various paswords it can become pretty tedious. What if there was a way to simplify the process? Time for SSH Keys to save the day!
Enter SSH Keys! SSH can be configured to use key pairs so that you don't have to type your password in every time you need to log into a commonly accessed system. Your public key is placed on all systems you wish to access using your private key.
Enter SSH Keys! SSH can be configured to use key pairs so that you don't have to type your password in every time you need to log into a commonly accessed system. Your public key is placed on all systems you wish to access using your private key. There's a lot of technical details surrounding public-key cryptography but for our purposes all you really need to know is that it's a really secure way of proving who you are to a third party system. Let's begin with creating your key pair if you don't already have one. Mac and Linux setup is basically identical. For Windows you will need Putty and PuTTYgen installed.
Key Creation for Windows For Windows users I'm cheating and sending you to an excellent PuTTYgen how-to which includes key pair creation. http://theillustratednetwork.mvps.org/Ssh/Private-publicKey.html
Key Creation for Mac/Linux On unix like systems (Ubuntu, OSX, etc.) we'll need to go through a few steps. Fortunately it's likely you already have an SSH directory because if you have ever used SSH one was created for you. Open up a terminal window and check your home directory for a hidden . ssh directory. $ cd ~/.ssh
Key Creation for Mac/Linux On unix like systems (Ubuntu, OSX, etc.) we'll need to go through a few steps. Fortunately it's likely you already have an SSH directory because if you have ever used SSH one was created for you. Open up a terminal window and check your home directory for a hidden . ssh directory. $ cd ~/.ssh If you receive a "no such file or directory" type of error message you have not used SSH and certainly don't have a key installed on your system. Next we'll create a set of keys which will create the file structure we need for us automatically.
Key Creation for Mac/Linux When you create an SSH key pair you want to enter a strong passphrase when prompted to do so*. While you could skip the passphrase it would allow anyone who can access it the ability to use it. Your key is valuable and it should be protected at all costs.
Key Creation for Mac/Linux When you create an SSH key pair you want to enter a strong passphrase when prompted to do so*. While you could skip the passphrase it would allow anyone who can access it the ability to use it. Your key is valuable and it should be protected at all costs. Let's create a strong 2048 bit RSA key with your email address included. $ ssh-keygen -t rsa -b 2048 -C"user@domain.com" You will be asked for a few options and you can leave those as their defaults but when asked for a passphrase choose a solid one. * A common practice when using SSH keys is to omit a passphrase because the default setup requires that you enter your passphrase each time you use your key which is seemingly the same as typing a password at login each time. Further in we'll cover how to work around this so you only need to enter your passphrase once per session.
Key Creation for Mac/Linux Once your key is created you should see some new files which were indicated during your key generation. $ cd ~/.ssh $ ls ~/.ssh/id_rsa This is your private key file that ssh will read by default when a login attempt is made. You can have multiple keys, i.e. id_otherkey. ~/.ssh/id_rsa.pub This is your public key file for authentication. The contents of this file should be added to ~/.ssh/authorized_keys on all machines where you wish to login using key authentication. There is no need to keep the contents of this file secret.
Key Creation for Mac/Linux To use your shiny new key on a server you need to copy your public key over the the authorized_keys file. It's usually not safe to try to do a simple copy/paste since even a stray return will break a key file and OSX doesn't contain the ssh-copy-id utility so we'll have to do some magic. $ ssh user@174.143.170.119 -p 7022 "umask 077; cat >> .ssh/authorized_keys" < ~/.ssh/id_rsa.pub
Key Creation for Mac/Linux To use your shiny new key on a server you need to copy your public key over the the authorized_keys file. It's usually not safe to try to do a simple copy/paste since even a stray return will break a key file and OSX doesn't contain the ssh-copy-id utility so we'll have to do some magic. $ ssh user@174.143.170.119 -p 7022 "umask 077; cat >> .ssh/authorized_keys" < ~/.ssh/id_rsa.pub Now you should be able to authenticate to the server with your key. $ ssh user@174.143.170.119 -p 7022 If all is right in the world you will be asked for your key passphrase and not your server password.
Key Creation for Mac/Linux To use your shiny new key on a server you need to copy your public key over the the authorized_keys file. It's usually not safe to try to do a simple copy/paste since even a stray return will break a key file and OSX doesn't contain the ssh-copy-id utility so we'll have to do some magic. $ ssh user@174.143.170.119 -p 7022 "umask 077; cat >> .ssh/authorized_keys" < ~/.ssh/id_rsa.pub Now you should be able to authenticate to the server with your key. $ ssh user@174.143.170.119 -p 7022 If all is right in the world you will be asked for your key passphrase and not your server password. Success! :)
Key Creation for Mac/Linux To use your shiny new key on a server you need to copy your public key over the the authorized_keys file. It's usually not safe to try to do a simple copy/paste since even a stray return will break a key file and OSX doesn't contain the ssh-copy-id utility so we'll have to do some magic. $ ssh user@174.143.170.119 -p 7022 "umask 077; cat >> .ssh/authorized_keys" < ~/.ssh/id_rsa.pub Now you should be able to authenticate to the server with your key. $ ssh user@174.143.170.119 -p 7022 If all is right in the world you will be asked for your key passphrase and not your server password. Success! :) Failure :( contact Chris.
SSH Agent Entering your passphrase on every login defeats the intent of using keys. ssh-agent will take care of the pesky prompts. Under OSX it runs by default so you will even get a popup asking you to save your passphrase to the keychain. Once you save it you will never be asked again on your local system.
SSH Agent Entering your passphrase on every login defeats the intent of using keys. ssh-agent will take care of the pesky prompts. Under OSX it runs by default so you will even get a popup asking you to save your passphrase to the keychain. Once you save it you will never be asked again on your local system. For Linux it's little more complex. You will need to add a script to your ~/. profile file or you can execute a couple of short commands. The following will start up the ssh-agent and then allow ssh-add to pickup on the variables and it will hold your key for an entire session. Please note the back ticks around ssh-agent. $ eval `ssh-agent` $ ssh-add You will be prompted for your passphrase one time but not again during the same session.
SSH Config We've got new keys and we can access some servers with them. We're still doing a lot of typing though. e.g. $ ssh user@174.143.170.119 -p 7022 Wouldn't it be nice if we could convert that into a short simple easy to remember command like the following? $ ssh staging
SSH Config We've got new keys and we can access some servers with them. We're still doing a lot of typing though. e.g. $ ssh user@174.143.170.119 -p 7022 Wouldn't it be nice if we could convert that into a short simple easy to remember command like the following? $ ssh staging We can! Using a user configurable ssh config file you can create aliases for commonly access systems. Just create a config file using your favorite editor and adding it to your .ssh directory. $ nano -w ~/.ssh/config Host staging User <your-username> Hostname 174.143.170.119 Port 7022
SSH Config There are a number of things you can do inside the ssh config file but aliases/bookmarks are probably the most common entries you will run into or need for yourself. Here's the basic entry for our staging example. Host staging User <your-username> Hostname 174.143.170.119 Port 7022 This creates an alias to the 174.143.170.119 server with our user and port options. The "Host" line is the alias name we assign. Now calling the following will start an ssh session for ssh user@174.143.170.119 -p 7022. $ ssh staging
The End That's it. You are now an ssh wizard and can work both conveniently and securely. Keep your keys safe but if they are ever lost or you suspect an issue notify an admin quickly. To be really useful you will want to add your current private key or create a new key for staging. Because of permission issues however you may need a hand setting things up correctly.

Recommended

Ssh cookbook
Ssh cookbookSsh cookbook
Ssh cookbookJean-Marie Renouard
 
How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7VCP Muthukrishna
 
Webinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and moreWebinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and morepanagenda
 
Rasperry pi Part 12
Rasperry pi Part 12Rasperry pi Part 12
Rasperry pi Part 12Techvilla
 
Service intergration
Service intergration Service intergration
Service intergration 재민 장
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios
 
API-openssl-apache.ppt
API-openssl-apache.pptAPI-openssl-apache.ppt
API-openssl-apache.pptwebhostingguy
 
Hammr Project Update: Machine Images and Docker Containers for your Cloud, OW...
Hammr Project Update: Machine Images and Docker Containers for your Cloud, OW...Hammr Project Update: Machine Images and Docker Containers for your Cloud, OW...
Hammr Project Update: Machine Images and Docker Containers for your Cloud, OW...OW2
 

Recommended

Ssh cookbook
Ssh cookbookSsh cookbook
Ssh cookbookJean-Marie Renouard
 
How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7VCP Muthukrishna
 
Webinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and moreWebinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and morepanagenda
 
Rasperry pi Part 12
Rasperry pi Part 12Rasperry pi Part 12
Rasperry pi Part 12Techvilla
 
Service intergration
Service intergration Service intergration
Service intergration 재민 장
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios
 
API-openssl-apache.ppt
API-openssl-apache.pptAPI-openssl-apache.ppt
API-openssl-apache.pptwebhostingguy
 
Hammr Project Update: Machine Images and Docker Containers for your Cloud, OW...
Hammr Project Update: Machine Images and Docker Containers for your Cloud, OW...Hammr Project Update: Machine Images and Docker Containers for your Cloud, OW...
Hammr Project Update: Machine Images and Docker Containers for your Cloud, OW...OW2
 
Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Bob Novas
 
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpracticesConf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpracticesBrentMatlock
 
Getting started with RDO Havana
Getting started with RDO HavanaGetting started with RDO Havana
Getting started with RDO HavanaDan Radez
 
APACHE 2 HTTPS.ppt
APACHE 2 HTTPS.pptAPACHE 2 HTTPS.ppt
APACHE 2 HTTPS.pptwebhostingguy
 
Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"Francesco Prior
 
Importance of SSHFP for Network Devices
Importance of SSHFP for Network DevicesImportance of SSHFP for Network Devices
Importance of SSHFP for Network DevicesAPNIC
 
Importance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devicesImportance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devicesMuhammad Moinur Rahman
 
ironing out Docker
ironing out Dockerironing out Docker
ironing out Dockernindustries
 
Zi nginx conf_2015
Zi nginx conf_2015Zi nginx conf_2015
Zi nginx conf_2015Zi Lin
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Jen Andre
 
Linux configer
Linux configerLinux configer
Linux configerMD. AL AMIN
 
Installing spark 2
Installing spark 2Installing spark 2
Installing spark 2Ahmed Mekawy
 
Mining Ruby Gem vulnerabilities for Fun and No Profit.
Mining Ruby Gem vulnerabilities for Fun and No Profit.Mining Ruby Gem vulnerabilities for Fun and No Profit.
Mining Ruby Gem vulnerabilities for Fun and No Profit.Larry Cashdollar
 
Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...wensheng wei
 
Linuxserver harden
Linuxserver hardenLinuxserver harden
Linuxserver hardenGregory Hanis
 
Tecnicas monitoreo reportes con Asterisk
Tecnicas monitoreo reportes con AsteriskTecnicas monitoreo reportes con Asterisk
Tecnicas monitoreo reportes con AsteriskNicolás Gudiño
 
How To Connect To Active Directory PowerShell
How To Connect To Active Directory PowerShellHow To Connect To Active Directory PowerShell
How To Connect To Active Directory PowerShellVCP Muthukrishna
 
Redis学习笔记
Redis学习笔记Redis学习笔记
Redis学习笔记yongboy
 
Metasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkMetasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkRob Fuller
 
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy TerraformPrzemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraformjzielinski_pl
 
Hong Kong Drupal User Group - Sep 13th
Hong Kong Drupal User Group - Sep 13thHong Kong Drupal User Group - Sep 13th
Hong Kong Drupal User Group - Sep 13thWong Hoi Sing Edison
 
A Drush Primer - DrupalCamp Chattanooga 2013
A Drush Primer - DrupalCamp Chattanooga 2013A Drush Primer - DrupalCamp Chattanooga 2013
A Drush Primer - DrupalCamp Chattanooga 2013Chris Hales
 

More Related Content

What's hot

Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Bob Novas
 
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpracticesConf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpracticesBrentMatlock
 
Getting started with RDO Havana
Getting started with RDO HavanaGetting started with RDO Havana
Getting started with RDO HavanaDan Radez
 
Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"Francesco Prior
 
Importance of SSHFP for Network Devices
Importance of SSHFP for Network DevicesImportance of SSHFP for Network Devices
Importance of SSHFP for Network DevicesAPNIC
 
Importance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devicesImportance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devicesMuhammad Moinur Rahman
 
ironing out Docker
ironing out Dockerironing out Docker
ironing out Dockernindustries
 
Zi nginx conf_2015
Zi nginx conf_2015Zi nginx conf_2015
Zi nginx conf_2015Zi Lin
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Jen Andre
 
Installing spark 2
Installing spark 2Installing spark 2
Installing spark 2Ahmed Mekawy
 
Mining Ruby Gem vulnerabilities for Fun and No Profit.
Mining Ruby Gem vulnerabilities for Fun and No Profit.Mining Ruby Gem vulnerabilities for Fun and No Profit.
Mining Ruby Gem vulnerabilities for Fun and No Profit.Larry Cashdollar
 
Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...wensheng wei
 
Tecnicas monitoreo reportes con Asterisk
Tecnicas monitoreo reportes con AsteriskTecnicas monitoreo reportes con Asterisk
Tecnicas monitoreo reportes con AsteriskNicolás Gudiño
 
How To Connect To Active Directory PowerShell
How To Connect To Active Directory PowerShellHow To Connect To Active Directory PowerShell
How To Connect To Active Directory PowerShellVCP Muthukrishna
 
Redis学习笔记
Redis学习笔记Redis学习笔记
Redis学习笔记yongboy
 
Metasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkMetasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkRob Fuller
 
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy TerraformPrzemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraformjzielinski_pl
 

What's hot (20)

Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Ssh and sshfp dns records v04
Ssh and sshfp dns records v04
 
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpracticesConf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
 
Getting started with RDO Havana
Getting started with RDO HavanaGetting started with RDO Havana
Getting started with RDO Havana
 
APACHE 2 HTTPS.ppt
APACHE 2 HTTPS.pptAPACHE 2 HTTPS.ppt
APACHE 2 HTTPS.ppt
 
Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"Astricon 2013: "Asterisk and Database"
Astricon 2013: "Asterisk and Database"
 
Importance of SSHFP for Network Devices
Importance of SSHFP for Network DevicesImportance of SSHFP for Network Devices
Importance of SSHFP for Network Devices
 
Importance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devicesImportance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devices
 
ironing out Docker
ironing out Dockerironing out Docker
ironing out Docker
 
Zi nginx conf_2015
Zi nginx conf_2015Zi nginx conf_2015
Zi nginx conf_2015
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'
 
Linux configer
Linux configerLinux configer
Linux configer
 
Installing spark 2
Installing spark 2Installing spark 2
Installing spark 2
 
Mining Ruby Gem vulnerabilities for Fun and No Profit.
Mining Ruby Gem vulnerabilities for Fun and No Profit.Mining Ruby Gem vulnerabilities for Fun and No Profit.
Mining Ruby Gem vulnerabilities for Fun and No Profit.
 
Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...
 
Linuxserver harden
Linuxserver hardenLinuxserver harden
Linuxserver harden
 
Tecnicas monitoreo reportes con Asterisk
Tecnicas monitoreo reportes con AsteriskTecnicas monitoreo reportes con Asterisk
Tecnicas monitoreo reportes con Asterisk
 
How To Connect To Active Directory PowerShell
How To Connect To Active Directory PowerShellHow To Connect To Active Directory PowerShell
How To Connect To Active Directory PowerShell
 
Redis学习笔记
Redis学习笔记Redis学习笔记
Redis学习笔记
 
Metasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkMetasploit magic the dark coners of the framework
Metasploit magic the dark coners of the framework
 
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy TerraformPrzemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
 

Viewers also liked

Hong Kong Drupal User Group - Sep 13th
Hong Kong Drupal User Group - Sep 13thHong Kong Drupal User Group - Sep 13th
Hong Kong Drupal User Group - Sep 13thWong Hoi Sing Edison
 
A Drush Primer - DrupalCamp Chattanooga 2013
A Drush Primer - DrupalCamp Chattanooga 2013A Drush Primer - DrupalCamp Chattanooga 2013
A Drush Primer - DrupalCamp Chattanooga 2013Chris Hales
 
Drupal Security Basics for the DrupalJax January Meetup
Drupal Security Basics for the DrupalJax January MeetupDrupal Security Basics for the DrupalJax January Meetup
Drupal Security Basics for the DrupalJax January MeetupChris Hales
 
DrupalCon Chicago 2011 Recap
DrupalCon Chicago 2011 RecapDrupalCon Chicago 2011 Recap
DrupalCon Chicago 2011 RecapChris Hales
 
Automated testing with Drupal
Automated testing with DrupalAutomated testing with Drupal
Automated testing with DrupalPromet Source
 
Scaling Drupal & Deployment in AWS
Scaling Drupal & Deployment in AWSScaling Drupal & Deployment in AWS
Scaling Drupal & Deployment in AWS永对 陈
 
The Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post FormatsThe Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post FormatsBarry Feldman
 

Viewers also liked (7)

Hong Kong Drupal User Group - Sep 13th
Hong Kong Drupal User Group - Sep 13thHong Kong Drupal User Group - Sep 13th
Hong Kong Drupal User Group - Sep 13th
 
A Drush Primer - DrupalCamp Chattanooga 2013
A Drush Primer - DrupalCamp Chattanooga 2013A Drush Primer - DrupalCamp Chattanooga 2013
A Drush Primer - DrupalCamp Chattanooga 2013
 
Drupal Security Basics for the DrupalJax January Meetup
Drupal Security Basics for the DrupalJax January MeetupDrupal Security Basics for the DrupalJax January Meetup
Drupal Security Basics for the DrupalJax January Meetup
 
DrupalCon Chicago 2011 Recap
DrupalCon Chicago 2011 RecapDrupalCon Chicago 2011 Recap
DrupalCon Chicago 2011 Recap
 
Automated testing with Drupal
Automated testing with DrupalAutomated testing with Drupal
Automated testing with Drupal
 
Scaling Drupal & Deployment in AWS
Scaling Drupal & Deployment in AWSScaling Drupal & Deployment in AWS
Scaling Drupal & Deployment in AWS
 
The Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post FormatsThe Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post Formats
 

Similar to SSH how to 2011

How to set up ssh keys on ubuntu
How to set up ssh keys on ubuntuHow to set up ssh keys on ubuntu
How to set up ssh keys on ubuntucollegeinit
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSHVitalii Sharavara
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
Creating SSH Key.pptx
Creating SSH Key.pptxCreating SSH Key.pptx
Creating SSH Key.pptxSaumya876452
 

Similar to SSH how to 2011 (20)

SSH.pdf
SSH.pdfSSH.pdf
SSH.pdf
 
How to set up ssh keys on ubuntu
How to set up ssh keys on ubuntuHow to set up ssh keys on ubuntu
How to set up ssh keys on ubuntu
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSH
 
Ssh cookbook v2
Ssh cookbook v2Ssh cookbook v2
Ssh cookbook v2
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSH
 
OpenSSH tricks
OpenSSH tricksOpenSSH tricks
OpenSSH tricks
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
 
Sshstuff
SshstuffSshstuff
Sshstuff
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Secure SHell
Secure SHellSecure SHell
Secure SHell
 
Cent os 5 ssh
Cent os 5 sshCent os 5 ssh
Cent os 5 ssh
 
Ssh
SshSsh
Ssh
 
Rhel5
Rhel5Rhel5
Rhel5
 
secure php
secure phpsecure php
secure php
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdf
 
Setting up github and ssh keys.ppt
Setting up github and ssh keys.pptSetting up github and ssh keys.ppt
Setting up github and ssh keys.ppt
 
Creating SSH Key.pptx
Creating SSH Key.pptxCreating SSH Key.pptx
Creating SSH Key.pptx
 

Recently uploaded

Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsStefano
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Thierry Lestable
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfChristopherTHyatt
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsExpeed Software
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Product School
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024Stephanie Beckett
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 

Recently uploaded (20)

Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 

SSH how to 2011

  • 1. SSH Keys and Configurations Chris Hales
  • 2. What is SSH? Secure Shell aka SSH is a secure encrypted communication protocol designed to replace older insecure protocols like telnet, rsh, and ftp.
  • 3. What is SSH? Secure Shell aka SSH is a secure encrypted communication protocol designed to replace older insecure protocols like telnet, rsh, and ftp. SSH authentication can be done with a username and password combination which is the default. Here's the most simplistic usage we might encounter. $ ssh user@secureserver After you connect to secureserver you are normally asked for your password to complete the login.
  • 4. What is SSH? Secure Shell aka SSH is a secure encrypted communication protocol designed to replace older insecure protocols like telnet, rsh, and ftp. SSH authentication can be done with a username and password combination which is the default. Here's the most simplistic usage we might encounter. $ ssh user@secureserver After you connect to secureserver you are normally asked for your password to complete the login. When you start doing this over and over again for many systems with various paswords it can become pretty tedious. What if there was a way to simplify the process? Time for SSH Keys to save the day!
  • 5. Enter SSH Keys! SSH can be configured to use key pairs so that you don't have to type your password in every time you need to log into a commonly accessed system. Your public key is placed on all systems you wish to access using your private key.
  • 6. Enter SSH Keys! SSH can be configured to use key pairs so that you don't have to type your password in every time you need to log into a commonly accessed system. Your public key is placed on all systems you wish to access using your private key. There's a lot of technical details surrounding public-key cryptography but for our purposes all you really need to know is that it's a really secure way of proving who you are to a third party system. Let's begin with creating your key pair if you don't already have one. Mac and Linux setup is basically identical. For Windows you will need Putty and PuTTYgen installed.
  • 7. Key Creation for Windows For Windows users I'm cheating and sending you to an excellent PuTTYgen how-to which includes key pair creation. http://theillustratednetwork.mvps.org/Ssh/Private-publicKey.html
  • 8. Key Creation for Mac/Linux On unix like systems (Ubuntu, OSX, etc.) we'll need to go through a few steps. Fortunately it's likely you already have an SSH directory because if you have ever used SSH one was created for you. Open up a terminal window and check your home directory for a hidden . ssh directory. $ cd ~/.ssh
  • 9. Key Creation for Mac/Linux On unix like systems (Ubuntu, OSX, etc.) we'll need to go through a few steps. Fortunately it's likely you already have an SSH directory because if you have ever used SSH one was created for you. Open up a terminal window and check your home directory for a hidden . ssh directory. $ cd ~/.ssh If you receive a "no such file or directory" type of error message you have not used SSH and certainly don't have a key installed on your system. Next we'll create a set of keys which will create the file structure we need for us automatically.
  • 10. Key Creation for Mac/Linux When you create an SSH key pair you want to enter a strong passphrase when prompted to do so*. While you could skip the passphrase it would allow anyone who can access it the ability to use it. Your key is valuable and it should be protected at all costs.
  • 11. Key Creation for Mac/Linux When you create an SSH key pair you want to enter a strong passphrase when prompted to do so*. While you could skip the passphrase it would allow anyone who can access it the ability to use it. Your key is valuable and it should be protected at all costs. Let's create a strong 2048 bit RSA key with your email address included. $ ssh-keygen -t rsa -b 2048 -C"user@domain.com" You will be asked for a few options and you can leave those as their defaults but when asked for a passphrase choose a solid one. * A common practice when using SSH keys is to omit a passphrase because the default setup requires that you enter your passphrase each time you use your key which is seemingly the same as typing a password at login each time. Further in we'll cover how to work around this so you only need to enter your passphrase once per session.
  • 12. Key Creation for Mac/Linux Once your key is created you should see some new files which were indicated during your key generation. $ cd ~/.ssh $ ls ~/.ssh/id_rsa This is your private key file that ssh will read by default when a login attempt is made. You can have multiple keys, i.e. id_otherkey. ~/.ssh/id_rsa.pub This is your public key file for authentication. The contents of this file should be added to ~/.ssh/authorized_keys on all machines where you wish to login using key authentication. There is no need to keep the contents of this file secret.
  • 13. Key Creation for Mac/Linux To use your shiny new key on a server you need to copy your public key over the the authorized_keys file. It's usually not safe to try to do a simple copy/paste since even a stray return will break a key file and OSX doesn't contain the ssh-copy-id utility so we'll have to do some magic. $ ssh user@174.143.170.119 -p 7022 "umask 077; cat >> .ssh/authorized_keys" < ~/.ssh/id_rsa.pub
  • 14. Key Creation for Mac/Linux To use your shiny new key on a server you need to copy your public key over the the authorized_keys file. It's usually not safe to try to do a simple copy/paste since even a stray return will break a key file and OSX doesn't contain the ssh-copy-id utility so we'll have to do some magic. $ ssh user@174.143.170.119 -p 7022 "umask 077; cat >> .ssh/authorized_keys" < ~/.ssh/id_rsa.pub Now you should be able to authenticate to the server with your key. $ ssh user@174.143.170.119 -p 7022 If all is right in the world you will be asked for your key passphrase and not your server password.
  • 15. Key Creation for Mac/Linux To use your shiny new key on a server you need to copy your public key over the the authorized_keys file. It's usually not safe to try to do a simple copy/paste since even a stray return will break a key file and OSX doesn't contain the ssh-copy-id utility so we'll have to do some magic. $ ssh user@174.143.170.119 -p 7022 "umask 077; cat >> .ssh/authorized_keys" < ~/.ssh/id_rsa.pub Now you should be able to authenticate to the server with your key. $ ssh user@174.143.170.119 -p 7022 If all is right in the world you will be asked for your key passphrase and not your server password. Success! :)
  • 16. Key Creation for Mac/Linux To use your shiny new key on a server you need to copy your public key over the the authorized_keys file. It's usually not safe to try to do a simple copy/paste since even a stray return will break a key file and OSX doesn't contain the ssh-copy-id utility so we'll have to do some magic. $ ssh user@174.143.170.119 -p 7022 "umask 077; cat >> .ssh/authorized_keys" < ~/.ssh/id_rsa.pub Now you should be able to authenticate to the server with your key. $ ssh user@174.143.170.119 -p 7022 If all is right in the world you will be asked for your key passphrase and not your server password. Success! :) Failure :( contact Chris.
  • 17. SSH Agent Entering your passphrase on every login defeats the intent of using keys. ssh-agent will take care of the pesky prompts. Under OSX it runs by default so you will even get a popup asking you to save your passphrase to the keychain. Once you save it you will never be asked again on your local system.
  • 18. SSH Agent Entering your passphrase on every login defeats the intent of using keys. ssh-agent will take care of the pesky prompts. Under OSX it runs by default so you will even get a popup asking you to save your passphrase to the keychain. Once you save it you will never be asked again on your local system. For Linux it's little more complex. You will need to add a script to your ~/. profile file or you can execute a couple of short commands. The following will start up the ssh-agent and then allow ssh-add to pickup on the variables and it will hold your key for an entire session. Please note the back ticks around ssh-agent. $ eval `ssh-agent` $ ssh-add You will be prompted for your passphrase one time but not again during the same session.
  • 19. SSH Config We've got new keys and we can access some servers with them. We're still doing a lot of typing though. e.g. $ ssh user@174.143.170.119 -p 7022 Wouldn't it be nice if we could convert that into a short simple easy to remember command like the following? $ ssh staging
  • 20. SSH Config We've got new keys and we can access some servers with them. We're still doing a lot of typing though. e.g. $ ssh user@174.143.170.119 -p 7022 Wouldn't it be nice if we could convert that into a short simple easy to remember command like the following? $ ssh staging We can! Using a user configurable ssh config file you can create aliases for commonly access systems. Just create a config file using your favorite editor and adding it to your .ssh directory. $ nano -w ~/.ssh/config Host staging User <your-username> Hostname 174.143.170.119 Port 7022
  • 21. SSH Config There are a number of things you can do inside the ssh config file but aliases/bookmarks are probably the most common entries you will run into or need for yourself. Here's the basic entry for our staging example. Host staging User <your-username> Hostname 174.143.170.119 Port 7022 This creates an alias to the 174.143.170.119 server with our user and port options. The "Host" line is the alias name we assign. Now calling the following will start an ssh session for ssh user@174.143.170.119 -p 7022. $ ssh staging
  • 22. The End That's it. You are now an ssh wizard and can work both conveniently and securely. Keep your keys safe but if they are ever lost or you suspect an issue notify an admin quickly. To be really useful you will want to add your current private key or create a new key for staging. Because of permission issues however you may need a hand setting things up correctly.