Posted by: isaraffee | September 14, 2009

Configuring SSH in Ubuntu 9.04 Jaunty

Configuring SSH in Ubuntu 9.04 Jaunty

Install the ssh server by typing:

root@ismail-laptop:~# apt-get install openssh-server

Go to the ssh configuration file:

root@ismail-laptop:~# cd /etc/ssh/

root@ismail-laptop:/etc/ssh# ls

moduli sshd_config ssh_host_dsa_key.pub ssh_host_rsa_key.pub

ssh_config ssh_host_dsa_key ssh_host_rsa_key

The configuration file is ssh_config

ssh to your local machine:

root@ismail-laptop:/etc/ssh# ssh 127.0.0.1

The authenticity of host ‘127.0.0.1 (127.0.0.1)’ can’t be established.

RSA key fingerprint is 26:3a:2e:97:51:e3:09:52:88:57:a6:bf:79:35:e3:87.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘127.0.0.1’ (RSA) to the list of known hosts.

root@127.0.0.1’s password:

Linux ismail-laptop 2.6.28-13-generic #45-Ubuntu SMP Tue Jun 30 19:49:51 UTC 2009 i686

To change the ssh port from 22 to 2222:;

Edit the ssh_config file and add the line

Port 6188

To restart the ssh server:

# cd /etc/init.d/

# ./ssh restart

Now to ssh using the newly configured port, type:

# ssh -p 6188 localhost

You should be able to ssh into the machine. Now try to ssh without specifying the port number. This would use the default port 22.

# ssh localhost

ssh: connect to host localhost port 22: Connection refused

The ssh failed. Users would think that the sshd is disabled.

SSH Keys

SSH keys allow authentication between two hosts without the need of a password. SSH key authentication uses two keys a private key and a public key.

To generate the keys, from a terminal prompt enter:

root@ismail-laptop:~# ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key (/root/.ssh/id_dsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_dsa.

Your public key has been saved in /root/.ssh/id_dsa.pub.

The key fingerprint is:

3c:cd:35:7b:0a:6c:ad:7b:74:25:ca:b7:1e:1a:0c:73 root@ismail-laptop

The key’s randomart image is:

+–[ DSA 1024]—-+

| |

| |

| o |

| . + o o. .|

| S O.E..o |

| o B+oo |

| ..+o.. |

| ..o.. |

| ….. |

+—————–+

Explore these ssh keys.

root@ismail-laptop:~# cd .ssh

root@ismail-laptop:~/.ssh# ls

id_dsa id_dsa.pub known_hosts

Now copy the id_dsa.pub file to the remote host and append it to ~/.ssh/authorized_keys by entering:

ssh-copy-id username@remotehost

Finally, double check the permissions on the authorized_keys file, only the authenticated user should have read and write permissions. If the permissions are not correct change them by:

chmod 644 .ssh/authorized_keys

You should now be able to SSH to the host without being prompted for a password.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: