| :: [etc] How to Use SSH2 :: | ||||
| HOME |
|
THIS IS OUTDATED. THE UPDATED VERSION IS AVAIALBLE
HERE
This is the most simplest tutorial of SSH.
I had been surfing the Internet for a long
time to get this done, but it was not
getting done.
Here are the steps that anyone should
follow.
USE SSH2, as this is much better than SSH1
and also the newest standard.
I have been using OpenSSH and SecureCRT,
and the SSH product that comes with Solaris (i dunno which).
Local Machine (client): Mia
Server Machine (sshd server):
Ghulam
STEP 1: Creating and ssh key
mia%~> ssh-keygen -t
rsa (other options are rsa1-> for ssh1, dsa-> for
ssh2+dsa)
Generating public/private rsa key pair. Enter file in which to save the key (/home/shashank/.ssh/id_rsa): PRESS ENTER Enter passphrase (empty for no passphrase): secretpassword Enter same passphrase again: secretpassword Your identification has been saved in /home/shashank/.ssh/id_rsa. Your public key has been saved in /home/shashank/.ssh/id_rsa.pub. The key fingerprint is: 45:2b:41:a2:22:04:ed:ad:2d:0f:1b:b3:1d:9f:e3:5e shashank@mia (Enter a passphrase
when prompted. NOTE this is a passphrase and not PASSWORD that u use for logging
in.
Thus any valid
passphrase will work. This passphrase is just used to encrpt the private key, so
that
others cannot read
it)
STEP 2: Check the
/home/shashank/.ssh/id_rsa.pub
It should look something similar to this:
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAwPvDSPO18NPH4p0RylhROgfL/4nz8+xHUl6olSWq2RqSXACdR6rzlytT8QPdHEgBM8
YsmYsGTKxbqNIMMivROmcfcKStViQO0Tgl7ZGSjKjzB6mLtS9DjQPYm/J1hQRASdY9JCs80PyGHuSu4QezY+jY9/
Opj8ZLB2WjgO7fFiU= shashank@mia
STEP 3: Append
/home/shashank/.ssh/id_rsa.pub (on Mia, client machine) file to ~/.ssh/authorized_keys on
server
machine(ghulam) that u want to log-in.
In this case, let us say, that i want to
log into an account shashank@ghulam.
I will do the following:
mia%~> scp
~/.ssh/id_rsa.pub shashank@ghulam:~/.ssh/id_rsa_mia.pub (In the above command, I am transferring my public key on mia, to my
account "shashank" on ghulam, and renaming it as
id_rsa_mia.pub.. The renaming will make sure that u do
not overwrite the public key present on ghulam..
You don't have to use scp, and u can use ftp or email to transfer the
public ket from mia.)
After the above step, i log on to ghulam and append the
id_rsa_mia.pub file contents to the end of
~/.ssh/authorized_keys file present on shashank@ghulam. NOTE if this file is not present, just create a new
file.
NOTE: You local public key
must be recorded in the authorized_keys file of the server
where u want to
log-in.
STEP 4: on local machine
(Mia) start ssh-agent and ssh-add do the following
mia%~> ssh-agent
$SHELL
mia%~> ssh-add This will ask for you to enter the
"Passphrase" (secretpassword) only ONCE. Enter that and it will
return to the prompt.
Now from here onwards, u don't
have to enter the password for
anything (ssh or scp or
anything)
thats it,.
Suppose u are using secureCRT. In this case, u will need to transfer the
Identity.pub file.
You can find the location of this file by going to Options->Global Sessions->SSH2 in
SecureCRT.
Just transmit this file to the server. Note that this file is of the
form
---- BEGIN SSH2 PUBLIC KEY ----
Subject: shashank Comment: shashank@film AAAAB3NzaC1yc2EAAAADAQABAAAAgQC6IlFxDO2viAwSzGqxzwiHNWqrePmi22L84Cru R85IDUXULNzOe3NvPa/fA2OA6qWbHQIpQFOlbTwodpKqWQIcSceYupd/EEcgC1tc/lYg g4lc9aAkvU0LKEsb54YXly0RyhVo22+eC7l35mv2YYb3HZbG3VTrMlMekh91UiXm6w== ---- END SSH2 PUBLIC KEY ---- So u cannot add it directly to authorized_keys on the server.
U will have to use a command at the server to convert it to the standard
form
ghulam> ssh-keygen -X -f ~/.ssh/Identity.pub >>
temp_keys2
the above command will convert the public key to the below form
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAAAgQC6IlFxDO2viAwSzGqxzwiHNWqrePmi22L84CruR85IDUXULNzOe3NvPa/
fA2OA6qWbHQIpQFOlbTwodpKqWQIcSceYupd/EEcgC1tc/lYgg4lc9aAkvU0LKEsb54YXly0RyhVo22+eC7l35mv2YYb3
HZbG3VTrMlMekh91UiXm6w==
Append the abpve at the end of authorized_keys (again if
authorized_keys is not present, just create it).
Everything eles should be OK.,
Also remember to use the authentication as
"Public Key" and then "password" in secureCRT.
Some important ssh comands:
ssh shashank@ghulam (for logging in)
scp temp shashank@ghulam:~/temp/ (to transfer
local temp file to ghulam)
if u use "-v" option in the above command,
you will get a lot of debugging messages,
which provide very useful
messages.
|