Difference between revisions of "Secure Shell"
m |
m |
||
Line 11: | Line 11: | ||
Note: Added 10/17/2016 old less secure or compromised cyphers no longer configured, may cause connection problems with legacy ssh clients such as SecureCRT. ref: https://blog.hqcodeshop.fi/archives/245-SSH-connection-fails.html | Note: Added 10/17/2016 old less secure or compromised cyphers no longer configured, may cause connection problems with legacy ssh clients such as SecureCRT. ref: https://blog.hqcodeshop.fi/archives/245-SSH-connection-fails.html | ||
+ | == use SSH to execute a remote command == | ||
+ | {{:Secure Shell - use SSH to execute a remote command}} | ||
+ | |||
+ | == auto login ssh == | ||
+ | {{:Secure Shell - auto login ssh}} | ||
+ | |||
+ | == Related Pages == | ||
+ | *[[Linux Remote Shell Notes]] | ||
+ | *[[Remote File Copy from the Linux Command Prompt]] | ||
Revision as of 15:31, 24 July 2020
Secure Shell (SSH) is a cryptographic network protocol for operating network services such as remote command-line, login, and remote command execution over an unsecured network in a secure way. SSH provides a secure channel over an unsecured network by using a client–server architecture, connecting an SSH client application with an SSH server. SSH is generally used to access Unix-like operating systems, but it can also be used on Microsoft Windows. Windows 10 uses OpenSSH as its default SSH client and SSH server.
SSH was designed as a replacement for Telnet and for unsecured remote shell protocols which would send information, notably passwords, in plaintext, rendering them susceptible to interception and recognition. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network such as the Internet. While Telnet was once widely used by administrators for remote management, it does not offer the security mechanisms like SSH, which establishes a secure connection from the host to the remote host.
Contents
Linux Secure Shell Support for Remote Login
Modern Ubuntu / Mint
I don't know why they do not include SSH by default. Allows remote secure terminal shell connection.
sudo apt install openssh-server openssh-client sudo service ssh start
Note: Added 10/17/2016 old less secure or compromised cyphers no longer configured, may cause connection problems with legacy ssh clients such as SecureCRT. ref: https://blog.hqcodeshop.fi/archives/245-SSH-connection-fails.html
use SSH to execute a remote command
You'll need to be able to ssh with automated password or enter the password each time you run the command.
Execute a remote command on a host over SSH:
ssh nicolep@192.168.100.10 'reboot'
The example above will reboot the remote computer.
Multiple commands
ssh nicolep@192.168.100.10 'uptime; df -h'
Show the kernel version, number of CPUs and the total RAM:
ssh root@192.168.100.10 << EOF uname -a lscpu | grep "^CPU(s)" grep -i memtotal /proc/meminfo EOF
Here is how Nicole can execute her script on the remote computer
ssh nicolep@192.168.100.10 'bash -s' < nicolejob.sh
Nicole's script is local on her machine, and she executed it on the remote host.
auto login ssh
There is a key authentication system that can be used with OpenSSH. The OpenSSH ssh utility doesn't accept a password on the command line or on its standard input, except for prompting the user for password requiring manual interaction. By using the key authentication system you will not be prompted for a password.
OPTIONS FOR SSH AUTOMATED
- Use an SSH key for authentication, instead of a password.
- Use sshpass, expect, or a similar tool to automate responding to the password prompt.
- Use the SSH_ASKPASS feature to get ssh to get the password by running another program.
- Use the insecure host-based authentication, sometimes common on private networks.
- Use a custom or modified ssh client adapted from source code, or one that allows for stored password.
sshpass
Install the sshpass utility so that you can automate ssh login including password.
apt install sshpass
Now you can automate the login process
sshpass -p "mysecretpass" ssh -o StrictHostKeyChecking=no nicolep@192.168.100.10
Custom port example:
sshpass -p "mysecretpass" ssh -o StrictHostKeyChecking=no nicolep@192.168.100.10:9600
public key authentication
BEFORE MAKING NEW KEY PAIRS: Try to Find an Existing Secure Shell Key Pair. See if you already have a .ssh under your home directory. If you already have a key pair then you should not need to make a new key pair.
In the source host run this only once:
ssh-keygen -t rsa
Now you've generated the public key. It needs to be copied onto the remote host.
ssh-copy-id -i ~/.ssh/id_rsa.pub nicolep@192.168.100.10
add identities to the ssh-agent – the authentication agent on the local host.
ssh-add
now press ENTER to every field
ssh-copy-id nicolep@192.168.100.10
expect
Example script
#!/usr/bin/expect set timeout 15 set cmd [lrange $argv 1 end] set password [lindex $argv 0] eval spawn $cmd expect "assword:" send "$password\r"; interact
Another example
#!/usr/bin/expect -f # ./ssh.exp password 192.168.100.10 id set pass [lrange $argv 0 0] set server [lrange $argv 1 1] set name [lrange $argv 2 2] spawn ssh $name@$server match_max 100000 expect "*?assword:*" send -- "$pass\r" send -- "\r" interact
And finally, a more elaborate example can be found here: