Vk 38 SSH

SSH yhteys

1.installointi

$ sudo apt install -y openssh-server

-testi onko päällä, $ sudo systemctl status ssh
● ssh.service – OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-09-19 17:10:15 EEST; 2min 36s ago
Main PID: 3297 (sshd)
Tasks: 1 (limit: 4662)
CGroup: /system.slice/ssh.service
└─3297 /usr/sbin/sshd -D

syys 19 17:10:15 otso-VirtualBox systemd[1]: Starting OpenBSD Secure Shell server…
syys 19 17:10:15 otso-VirtualBox sshd[3297]: Server listening on 0.0.0.0 port 22.
syys 19 17:10:15 otso-VirtualBox sshd[3297]: Server listening on :: port 22.
syys 19 17:10:15 otso-VirtualBox systemd[1]: Started OpenBSD Secure Shell server.
-on päällä!

2. Setting file?

-root@otso-VirtualBox:/etc/ssh# ls
moduli sshd_config ssh_host_ecdsa_key.pub ssh_host_ed25519_key.pub ssh_host_rsa_key.pub
ssh_config ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key ssh_import_id

-täällä ssh_config

-Host *
# ForwardAgent no
# ForwardX11 no
# ForwardX11Trusted yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Protocol 2
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes

-kaikkea tälläistä voi tehdä.. muun muassa passwordAuthentication..

3.testaus

-pääsin serveriltä desktoppiin, komennolla ssh otso@172.28.171.179
-tämän jälkeen piti antaa otso@ salasana
-Toimii.

SSH exercise
Copy a file to your home directory in myy.haaga-helia.fi. Use first scp command then do the same using sftp.

ssh_scp serverille.PNG

 

sftp_serverille kopiointi
Create a keypair and copy the public key to myy.haaga-helia.fi. You can use scp or sftp or ssh-copy-id.
Test if you can now login to myy.haaga-helia.fi with the keys.
(It may be a good idea to delete the key in myy after the exercise.)

ssh_keygen

 

.ssh_ls-la näkymä

-oikeudet on oikein ~/.ssh directorylla on 700 oikeudet ja private key:llä on 600 oikeus.

-Kopiointiin serverille käytin ssh-copy-id user@server komentoa

[a1704549@myy-2012 .ssh]$ ls -la
total 12
drwx—— 2 a1704549 oppi 4096 16.10. 19:32 .
drwx–x–x 13 a1704549 oppi 4096 16.10. 19:32 ..
-rw——- 1 a1704549 oppi 402 16.10. 19:32 authorized_keys
[a1704549@myy-2012 .ssh]$

-Myy serverillä oikeudet olivat oikein .ssh kansiossa. 700 ja 600 oikeudet.

[a1704549@myy-2012 .ssh]$ exit
logout
Connection to myy.haaga-helia.fi closed.
otso@otso-VirtualBox:~/.ssh$ ssh a1704549@myy.haaga-helia.fi

Last login: Tue Oct 16 19:33:10 2018 from 91-152-135-22.elisa-laajakaista.fi

[a1704549@myy-2012 ~]$

-Pääsin kirjautumaan ilman salasanaa eli ssh toimii.

 

 
Install ssh server in your (virtual?) computer. Test if you can access your computer with ssh. (you can access
it with address localhost)

-en

serveriltä localille

Viimeiseksi poistin serveriltä .ssh kansiosta authorized_keys -julkisen avaimen,  turvallisuus syistä.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s