|
|
Sponsored Content
Special Forums
Cybersecurity
IT Security RSS
SSH Keys
Post 302245803 by Linux Bot on Saturday 11th of October 2008 04:10:11 AM
10-11-2008
SSH Keys
At my previous position as a Systems Administrator, I got to experience firsthand the convenience of using SSH keys. My personal SSH key was encrypted and password protected, of course. This allowed for quick and easy authentication to systems as my user account. As long as you kept your SSH daemon up to date this was actually reasonably secure. This greatly reduces the amount of passwords you have to remember in a Unix or Linux environment which is not utilizing any kind of directory services.
The second and even more useful aspect of SSH keys is from an automatic administration standpoint. For example, I once had to devise a method for devices that were at customer's sites behind various firewalls, proxies, etc. to "phone home" with the minimal amount of configuration on the client's end. After considering various ideas I came up with a solution that wasn't elegant but got the job done effectively. I had the remote devices automatically connect to the central SSH enabled server via an SSH key and open a remote port forwarding connection using a randomly assigned port on the central SSH server. The remote device wrote a line in a log file indicating it's machine name, the IP it had connected from, and its currently used port. This allowed me to use a simple script to connect to the machine by host name. This allowed for various automated remote administration techniques to be utilized. As the automated connection back to the other remote device was not using the root user, we found this technique to be an acceptable risk.
More...
The second and even more useful aspect of SSH keys is from an automatic administration standpoint. For example, I once had to devise a method for devices that were at customer's sites behind various firewalls, proxies, etc. to "phone home" with the minimal amount of configuration on the client's end. After considering various ideas I came up with a solution that wasn't elegant but got the job done effectively. I had the remote devices automatically connect to the central SSH enabled server via an SSH key and open a remote port forwarding connection using a randomly assigned port on the central SSH server. The remote device wrote a line in a log file indicating it's machine name, the IP it had connected from, and its currently used port. This allowed me to use a simple script to connect to the machine by host name. This allowed for various automated remote administration techniques to be utilized. As the automated connection back to the other remote device was not using the root user, we found this technique to be an acceptable risk.
More...
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hello,
I'm wondering if anyone has a step-by-step instruction set for setting up ssh keys? I've gone through many of the manuals online (most seem to be from the same source) and it's a little bit unclear when the documentation is talking about the server versus the client machine. I'm missing... (1 Reply)
Discussion started by: sysera
1 Replies
2. UNIX for Dummies Questions & Answers
Hello*! I have problems with public keys. On one side i have Solaris 10, and on other side is HP UNIX. I created public keys on Solaris with "ssh-keygen -t rsa", append id_rsa.pub key to ~user/.ssh/authorized_keys on remote machine, and tried to connect with ssh without password. But for some... (1 Reply)
Discussion started by: ghost01
1 Replies
3. UNIX for Dummies Questions & Answers
Hi everyone,
i wanted to generate ssh keys so that i can include the public key in the remote sever, so that for subsequent logins, i can do away with the keying in of the password. I consulted the man ssh-keygen man pages. "..Normally each user wishing to use SSH with RSA or DSA... (1 Reply)
Discussion started by: new2ss
1 Replies
4. Shell Programming and Scripting
I have 2 systems A and B
I need to do a passwd less authentication inorder to send a file from system B to system A automatically(using sftp)
for this i did the following
I generated ssh-keygen -t dsa on system B, copied this key(id_dsa.pub) into the authorized_keys file on system A... (1 Reply)
Discussion started by: ramky79
1 Replies
5. Shell Programming and Scripting
Hi All,
I am having knowledge on some basics of ssh and wanted to know what are the public keys and how can we create and implement it in connecting server.
Please provide the information for the above, it would be helpful for me.
Thanks,
Ravindra (1 Reply)
Discussion started by: ravi3cha
1 Replies
6. Red Hat
Hi,
I've generated and posted pub. keys in the source system and the target. However, it is still prompting me for the password.
Steps that I have taken.
1. Generated ssh keys : ssh-keygen. It created two files.
1. .ssh/id_rsa
2. .ssh/id_rsa.pub.
2.... (10 Replies)
Discussion started by: Afi_Linux
10 Replies
7. OS X (Apple)
Not specifically a mac question, but it's what I am using.
I am setting up some replication for some file shares using rsync. The problem is that I am being given a little bit of a twist - I'm supposed to use a non-admin account to do it with.
I have 2 boxes - Master and Slave with 1... (2 Replies)
Discussion started by: kleinboy
2 Replies
8. Solaris
Hello,
I could use some help with my ssh keys and agent.
This is the issue. I have 2 different UNIX systems at work. One is the normal Solaris servers with my uid being the same throughout all the servers. I now have a different system for my desktop. A contractor came in and installed some SUN... (0 Replies)
Discussion started by: bitlord
0 Replies
9. Red Hat
I am currently working on setting up a server to scp some files over for backup purposes.
Server 1 - Bob (Appliance)
Server 2 - Sana (RH 5)
Server 1 -
1 - Generated RSA2
2 - Collected the public key to be input on the backup server = Sana
Server 2 -
1 - This is were I am stuck the... (4 Replies)
Discussion started by: NelsonC
4 Replies
10. Shell Programming and Scripting
Hi,
I am trying to complete my bash script in order to find which SSH servers on LAN are still active with the ssh keys, but i am frozen at this step:
#!/bin/bash
# LAN SSH KEYS DISCOVERY SCRIPT
</etc/passwd \
grep /bin/bash |
cut -d: -f6 |
sudo xargs -i -- sh -c '
&& cat... (11 Replies)
Discussion started by: syrius
11 Replies
LEARN ABOUT DEBIAN
sslh
SSLH(1p) User Contributed Perl Documentation SSLH(1p) NAME
sslh - Switch incoming connection between SSH and SSL/HTTPS servers SYNOPSIS
sslh [ -v ] [ -p [host:]port ] [ -t timeout ] [ --ssh [host:]port ] [ --ssl [host:]port ] DESCRIPTION
sslh is a simple script that lets you switch an incoming connection on a single port between distinct SSH and SSL/HTTPS servers. sslh listens for connections on a port and is able to redirect them either to an HTTPS web server or a SSH server. This lets one setup both a HTTPS web server and a SSH server and access them through the same host+port. OPTIONS
The program follows the usual GNU command line syntax, with long options starting with two dashes. -p, --port [host:]port The port the proxy will listen to. If no port is given, 443 is used by default. If no host is given, "localhost" is used by default. -s, --ssh [host:]port The SSH server which the SSH connections must be forwarded to. If omitted, the default is localhost:22. -l, --ssl, --https [host:]port The HTTPS server which the HTTPS connections must be forwarded to. If omitted, the default is localhost:443. -t, --timeout delay Timeout in seconds before a silent incoming connection is considered as a SSH connection. The number can be fractional. The default is 2seconds. -v, --verbose Verbose output. This option can be used several times for more verbose output. EXAMPLE OF USE
Is this tool actually useful? Yes. For example one can use it to access both a SSH server and a secure web server via a corporate proxy that only accepts to relay connections to port 443. Creating a tunnel that passes SSH connection through a CONNECT-enabled web proxy is easy with connect-tunnel (also included in the "Net::Proxy" distribution). The proxy will let both SSH and HTTPS connections out (since they all point to port 443), and the home server will connect those incoming connections to the appropriate server. This only requires to run the HTTPS server on a non standard port (not 443). TECHNICAL NOTE
How can this proxy find out what kind of protocol is using a TCP connection to port 443, without being connected (yet) to the server? We actually rely on a slight difference between the SSL and SSH protocols (found thanks to ethereal): SSH Once the TCP connection is established, the server speaks first, presenting itself by saying something like: SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-1 SSL With SSL, it's always the client that speaks first. This means that sslh can be used with any pair of protocols/services that share this property (the client speaks first for one and the server speaks first for the other). AUTHORS
Original idea and C version Frederic Ple "<sslh@wattoo.org>". Perl versions Philippe 'BooK' Bruhat "<book@cpan.org>". SCRIPT HISTORY
Version 0.01 of the script was a quick hack designed in 2003 as a proof of concept. Version 0.02 (and higher) are based on "Net::Proxy", and included with the "Net::Proxy" distribution. Version 0.02 didn't work, though. Version 0.03 correctly initialised the "in" connector. Version 0.04 lets the proxy listen on any address (instead of "localhost", which is still the default). Thanks to Dieter Voegtli for spotting this. SEE ALSO
Net::Proxy, Net::Proxy::Connector::dual. COPYRIGHT
Copyright 2003-2006, Philippe Bruhat. All rights reserved. LICENSE
This module is free software; you can redistribute it or modify it under the same terms as Perl itself. perl v5.10.1 2009-10-18 SSLH(1p)