Content has been updated elsewhere, would you like to reload?

*** Warning: If you do not reload, you may be editing obsolete contents. This may cause you to lose recent changes.

Yes, reload    |    No, keep this older content
  • How to install and configure SSH client and server. Understand the keys and security issues. Common questions and practical ansswers.

  • Dish 1 : Secure Shell - Wikipedia |

  • SSH uses public-key cryptography to authenticate the remote computer and allow it to authenticate the user, if necessary.[2] There are several ways to use SSH; one is to use automatically generated public-private key pairs to simply encrypt a network connection, and then use password authentication to log on.

    Another is to use a manually generated public-private key pair to perform the authentication, allowing users or programs to log in without having to specify a password. In this scenario, anyone can produce a matching pair of different keys (public and private). The public key is placed on all computers that must allow access to the owner of the matching private key (the owner keeps the private key secret).

  • Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network.
  • Dish 3 : Why is SSH key authentication better than password authentication? |

  • If your SSH service allows password based authentication, then your Internet connected SSH server will be hammered day and night by bot-nets trying to guess user-names and passwords. The bot net needs no information, it can just try popular names and popular passwords. There's an awful lot of people named john with a password of qwerty123. Apart from anything else this clogs your logs.

    except that public-key auth will do nothing for your logs getting clogged with bots trying to connect. To stop that, run your SSH server on a high port (i.e. 9876 instead of 22). Then if they want to hit you they have to portscan you first, and bots generally don't waste that much time... there are plenty of SSH servers on 22.
    The logic is that there are a lot more combinations of SSH keys than passwords so it is a lot harder to guess. Using SSH keys also allows you to disable password authentication meaning that most of the automated attacks going round the internet will be useless.

  • This isn't so much a technical question as it is conceptual. I understand the cryptography used in an SSH key is far stronger than a regular password, but I don't understand why it is considered more
  • Chop 1 : Where are stored ssh client private keys? |

  • The .ssh directory will contains (in the home directory of any user) :

    • authorized_keys : list of public keys allowed to be used to connect to this server
    • config : optional file with configuration parameters for the SSH client
    • the public and private keys you've generated on this host for this user.
    • known_hosts : maintain a list of hosts to which you already connected together with a hash to detect if the host key has changed since the last time.
  • On client, after I do ssh-add to add my private key everything works fine, ssh-add -l lists key and I can connect to hosts that have corresponding public key, but nothing changes in .ssh dir as it
  • Chop 2 : Where is the SSH Server Fingerprint generated/stored? |

  • [Host's public key] SSH host keys are stored in /etc/ssh/, which you generally do not need to choose. These keys were generated when the openssh-server package was installed.

    You can list the fingerprint of the keys by ssh-keygen -l -f /etc/ssh/ though you will need to repeat this for each public key.

    [private key] ... By default, ssh-keygen will create a key for the current user, which, by default, will be stored in ~/.ssh. 

  • I installed openssh-server and created a key with ssh-keygen. I then attempted to test it using local port forwarding by doing ssh -L However, the key fingerprint...
  • Chop 3 : Getting SHA1 Digest of SSH Public Key |

  • View the publc key in different formats: MD5, SHA1, SHA256

    $ ssh-keygen -l -E md5 -f dustin.pem
    2048 MD5:29:ed:da:d3:5a:8c:78:4f:62:d3:fd:0c:77:5b:6d:d9 (RSA)

    $ ssh-keygen -l -E sha1 -f dustin.pem
    2048 SHA1:x2ENPL+vzVdlgkIyu0tAhVQ+H4U (RSA)

    $ ssh-keygen -l -E sha256 -f dustin.pem
    2048 SHA256:agJs/axI8QPzet/eoPMDxLSf37fd1bgsMX4Di0gqMy4 (RSA)

  • It seems like this should be easy. I run "ssh-keygen -l -f " (the default seems to be SHA1). All of the examples show it printing the hex-formatted digest with a little extra, harmless information....
  References and More

You are welcome to

  • Sign in through   Sign in or sign up with your Facebook account   Sign in or sign up with your Google account   Sign in or sign up with your Amazon account
  • Create your own Web list!
  • Save this into your reading list.
  • Write a comment below.
  • Share this Web list through email or with other Readish users.
Course info
8  7  0  0  0
Language: EnglishThis course is owned by Durio
By Durio

Tags for this course
Suggested courses    Hide
  • Move to:
Open All         >>