Back when the Internet was a big, happy family with only a
hundred or so university servers connected to each other, it was
practical and feasible to login to a remote computer using an
plain-text protocol like telnet. This is, for reasons that should
be obvious to most all Internet users, no longer advisable. For the
most part, nobody logs in to a remote computer this way. They use a
tool like OpenSSH.
OpenSSH is a free version of SSH Communications Security's SSH
protocol. It is essentially a suite of tools for making secure
connections. First, there is a daemon, sshd, which listens for
connections from outside and performs authentication of those
connections. There are three main client programs, ssh, the client
shell, scp, a command-line program for copying from one machine to
another and sftp, another program for copying in an ftp-like
manner. There are also various programs to manage encryption keys
that are used by clients and server.
So that your system can both receive and make connections via
OpenSSH, you need to have the following packages installed:
-
openssh
-
openssh-server
-
openssh-clients
All major distributions have these packages. In fact, they are
normally installed by default.
The main configuration file is /etc/ssh/sshd_config. There are a
few changes that you should make to this file before you open up
your machine to connections from the outside world.
First, its not a good idea to permit root logins to any machine.
So that this cannot occur, make sure to change the file (or
uncomment the line) so that the following line appears:
You may also want to allow remote machines to open X sessions.
To do this, change the file (or uncomment the line) so that the
following line appears:
 |
Most administrators feel that a Linux machine providing services
like FTP, mail and Apache should not be running X. As a general
rule, the more services a machine runs, the more risk of exploits.
If the server isn't doubling as a workstation, it really shouldn't
be running X. This will also save on resources as well.
|
Normally, to use 'ssh' or 'scp', you'd have to enter a password.
There is a simple way to get around this. You may be asking
yourself, however: why would you want to get around this? One
reason is for sending backup copies automagically to other
machines. Here's how to use scp without a password to send
files:
First, create a user account on one machine. For this example,
let's call it 'bkups'. Then login as 'bkups' and create a public
key:
To this, just press ENTER to everything. This will have created
two files: id_rsa and id_rsa.pub in the directory /home/bkups/.ssh. Now,
login to the other machine and create another user called 'bkups'.
Now, go back to the to the first machine, from where you want to
send the backup files. You now need to copy the file
/home/bkups/.ssh/id_rsa.pub back to the other machine. For best
results, this should not be done as the 'bkups' user. It is easiest
to to this as 'root', but if you can't 'scp' it as root, then have
root make a copy and chown it to a normal user and 'scp' it to the
other machine. Then login to the other machine and get 'root'
privileges. Copy the file to /home/bkups/.ssh/authorized_keys and
chown it to the 'bkups' user. Now, go back to the first machine
again and try to use 'scp' to copy a file from 'bkups' on this
machine to 'bkups' on the second. The first time it will ask you if
you want to connect, but it won't ask for your password. Every
subsequent time it will just copy the file without asking for a
password. This makes automating your backups very easy.
![[ Register ]](/images/navbar/register.gif){kind=small}
![[ Applications ]](/images/navbar/applications.gif){kind=small}
![[ Documentation ]](/images/navbar/documentation.gif){kind=small}
![[ Distributions ]](/images/navbar/distributions.gif){kind=small}
![[ Download Info ]](/images/navbar/download.gif){kind=small}
![[ General Info ]](/images/navbar/geninfo.gif){kind=small}
![[ Book Store ]](/images/navbar/bookstore.gif){kind=small}
![[ Courses ]](/images/navbar/courses.gif){kind=small}
![[ News ]](/images/navbar/news.gif){kind=small}
![[ People ]](/images/navbar/people.gif){kind=small}
![[ Hardware ]](/images/navbar/hardware.gif){kind=small}
![[ Vendors ]](/images/navbar/vendors.gif){kind=small}
![[ Projects ]](/images/navbar/projects.gif){kind=small}
![[ Events ]](/images/navbar/events.gif){kind=small}
![[ User Groups ]](/images/navbar/usergroups.gif){kind=small}
![[ User Area ]](/images/navbar/user_area.gif){kind=small}
![[ About Us ]](/images/navbar/aboutus.gif){kind=small}
![[ Home Page ]](/images/navbar/homepage.gif){kind=small}
![[ Advertise ]](/images/navbar/advertise.gif){kind=small}
