From Initq

ssh (all lower case) means a client program that includes SSH1, SSH2, OpenSSH, F-Secure SSH, and other products for running secure terminal sessions and remote commands.

qasket:~# ssh -l lexiana initq.com
lexiana@192.168.1.20's password:
Last login: Wed Apr  1 19:53:23 2009
[lexiana@initq ~]$

SSH terminal login message

When you login to a tty the file /etc/issue is displayed.

Then message of the day is displayed with is stored in /etc/motd.

SSH login without password

Here are the steps to perform to get to a remote machine without password.

• run the following on your local machine.

internal:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
ea:5b:65:6b:9d:b9:d9:88:80:a5:07:41:21:1e:86:bf root@internal
The key's randomart image is:
+--[ RSA 2048]----+
|   .+ o.         |
|  .o +           |
|   .. .          |
|    .  .         |
|     .. S o      |
|    E  * o o o   |
|      + + o +    |
|     . o o . =   |
|      o.  . + .  |
+-----------------+

• copy /root/.ssh/id_rsa to your remote machines /home/<user>/.ssh folder and rename it as authorized.keys.

internal:~/.ssh# scp id_rsa.pub apptricity@192.168.170.100:/home/apptricity/.ssh/authorized_keys
The authenticity of host '192.168.170.100 (192.168.170.100)' can't be established.
RSA key fingerprint is c8:a8:6d:77:34:66:8d:17:a4:72:a8:fc:2f:0c:85:fc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.170.100' (RSA) to the list of known hosts.
apptricity@192.168.170.100's password:
authorized_keys                                                                 100%  395     0.4KB/s   00:00

Change Permissions on remote host

• Make sure the permissions on remote host for /home/user/.ssh are 700.

ssh-copy-id

You can also use a nice utility ssh-copy-id to copy id's which will append to your existing authorized_keys file.

internal:~/.ssh# ssh-copy-id -i /root/.ssh/id_rsa.pub apptricity@192.168.170.100

After this try logging into your remote machine from your local. It should not ask you for a password.

Related technologies

• rsh
• pgp pupular encryption program created by Phil Zimmerman.
• Kerberos is a secure authentication system
• IPSEC Internet Protocol Security is a standard. Encryption is done at IP level.
• SRP secure Remote Password protocol is an authentication protocol.
• SSL (secure socket layer), TLS (transport layer security).
• Secure Socket Layer SSL Protocol is an authentication and encryption technique. Used mostly for web applications.
• SSL-Enhanced Telnet and FTP includes SSLtelnet, SRA telnet, SSLTel, STel and SSLftp.
• stunnel performs authentication and authorization of incoming connections via SSL and could be invoked from inetd as a wrapper for any number of service deamons or run standalone.
• firwalls

Flags

• -v verbose
• -l username

Local port Forwarding

Lets say you want to forward your port 1022 to a remote servers port 22 so if anyone ssh to the localmachines 1022 port it will actually go to a remote machines port 22, you will do

• ssh -N -L 1022:localhost:22 lexiana@192.168.1.20

Remote port Forward

You want to login to your friends machine but can't because his port 22 is blocked. You set up an account on your machine for your friend. Then you tell your friend to type the following command:

• ssh -vv -N -R 5555:localhost:22 root@192.168.1.20

Then from your machine you can do:

• ssh -l lexiana 192.168.1.10 -p 5555

Here 192.168.1.10 is your friends ip address.