Linux

Five handy secure shell tips and tricks

17 Ott/09

I use secure shell a LOT, every day. So much so that I often take for granted how important this tool is. Not only does it allow me to log into remote machines to handle management of said machine, it can do other things as well – X tunneling being one of the most useful features. But for many users ssh only serves as a means to log in, do a few command-line tasks, and log out. It doesn’t (and shouldn’t) have to be that way.

With Secure Shell there are a number of ways to use (and configure) this tool to make it more useful and more secure. In this article  you will learn five different (and handy) secure shell tips to make sure your ssh usage is as good as it can be. And for some basic secure shell knowledge, check out my article “Get to know Linux: Secure shell“.

Password-less logon

Have have dealt with this before (as a side note), but wanted to re-iterate this process. Because I use ssh so much I get tired of having to enter passwords constantly. Now I will preface this by saying only do this on a network you trust. Yes you will be logging into ssh with a certificate, and that certificate will be on your machine, but you don’t want to employ this method on a network that can not be trusted. With that in mind, here are the steps for setting this up.

On the local machine issue the command:

ssh-keygen -t dsa

This command will generate a public key that will be then copied to your server. During this creation process you will be asked for a password – just press enter to use a blank password for this. You will have to verify the password, so hit enter again. )

With the key created you have to copy it to the server you want to ssh into. To do this enter the command:

ssh-copy-id -i .ssh/id_dsa.pub username@destination

Where username is the username you will be logging into on the remote server and destination is the IP address of the remote server.

Now when you go to secure shell into that remote machine you will not have to enter a password.

Block root login

Although secure shell is a secure means of logging into your server, you do not want to allow root access (for obvious reasons). Blocking root access is simple. Open up the /etc/ssh/sshd_config file and look for this line:

PermitRootLogin

and make sure it is set to “no” (no quotes). So the complete line will read:

PermitRootLogin no

Once you have saved that file, restart the ssh daemon with the command:

sudo /etc/init.d/ssh restart

Now the root user can no longer log in remotely via ssh.

Enable X tunneling

Secure shell is made even more powerful when you can run a remote X application on your local machine. And what is better is that it’s not difficult at all. In order to allow X tunneling you will first need to open up the /etc/ssh/sshd_config file and search for this line:

X11Forwarding

and make sure it looks like:

X11Forwarding yes

Once that is set save the file, restart sshd, and you are ready to tunnel and X Windows application through ssh. To accomplish this you have to add the -X flag to your secure shell command like this:

ssh -v -l USERNAME IP_ADDRESS -X

Where USERNAME is the username you want to log in with and IP_ADDRESS is the actual IP address of the machine you are logging into.

Final thoughts

There are so many cool tricks and tips with secure shell, but the above three are, in my opinion, the most helpful. Have you come across a helpful ssh tip you’d like to share? Or are you looking for a particular behavior out of secure shell? If so. share with your fellow Ghacks readers.

No tag for this post.

Related posts

  • No related posts.

Continua a leggere – Original Link: Five handy secure shell tips and tricks

Technorati Tags: , , , , , , , , , ,

Realizzazione Sito Gestionale Immobiliare

Leggi Anche

Condividi
Condividi in DeliciousCondividi in DiggCondividi in RedditCondividi in StumbleCondividi in MixxCondividi in TecnoratiCondividi in Ok Notizie

Commenti

I commenti sono disabilitati per questo articolo.

I commenti sono chiusi.

Autore

    Spina Rosario
    Inserito da

Archivio

Iscrizione Newsletter

    Tieniti informato con tutte le novità del mondo informatico con la nostra newsletter
    Email:

    Nome:

    Auto Shop Italia
    Web Burning Blog
    Info Privacy

Meta