-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathConfiguring_SSH
More file actions
85 lines (47 loc) · 2.28 KB
/
Copy pathConfiguring_SSH
File metadata and controls
85 lines (47 loc) · 2.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
Chapter 10 -- Configure and Secure SSH
What is SSH?
SSH is a protocol allows you to access your linux machine remotely.
How to check ssh current info?
rpmquery openssh
systmctl status sshd
First check the target machine availability
ping to the ip of the target machine to check connectivity.
local DNS
/etc/hosts
Configure the DNS to resolve the FQDN name to ip.
So you would not need to remember the IP of all the servers.
-----------------------------------------------------------------------
ping the target ip/fqdn
ssh user@IP/name
# Password Based Authentication (Default)
# Key based Authentication
For first time login -- SSH ask for Fingerprint
--> Host key (To avoid MITM)
Fingerprint is stored on user base.
--------Special-Case-------------------------------------------------
How to login to root in ssh
vim /etc/ssh/ssh_config
go to line 40
PermitRootLogin yes
Then restart the sshd dameon
----------------------------------------------------------------------
Key Based Authentication
ssh key
- Public Key
- Private Key
ssh private key -- Stored in your system. Generated during creating EC2 Instance.
ssh Public key -- Stored in the instance.
After saving and authentication with password SSH private key is changed to Authorized Key
-- All key are stored in ~/.ssh
- All public keys are stored in ssh directroy.
----------------------------------------------------------------------
Note: Set the StrictHostKeyChecking parameter to yes in the user-specific
~/.ssh/config file or the system-wide /etc/ssh/ssh_config file, so that the
ssh command always aborts the SSH connection if the public keys do not match.
------------------------SSH Key Management-----------------------------
If a server's public key is changed because the key was lost due to hard drive failure or it was replaced for some
legitimate reason, then for successful login, you must edit the known hosts file to replace the old public key
entry with the new public key.
The /etc/ssh/ssh_known_hosts file stores the public key file for each user on the SSH client. Each key consists of
one line, where the first field is the list of hostnames and IP addresses that share the public key. The second field
is the encryption algorithm that is used for the key. The last field is the key itself.