Difference between revisions of "Secure Shell"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
m
m
Line 11: Line 11:
 
Note: Added 10/17/2016 old less secure or compromised cyphers no longer configured, may cause connection problems with legacy ssh clients such as SecureCRT.  ref: https://blog.hqcodeshop.fi/archives/245-SSH-connection-fails.html
 
Note: Added 10/17/2016 old less secure or compromised cyphers no longer configured, may cause connection problems with legacy ssh clients such as SecureCRT.  ref: https://blog.hqcodeshop.fi/archives/245-SSH-connection-fails.html
  
 +
== use SSH to execute a remote command ==
 +
{{:Secure Shell - use SSH to execute a remote command}}
 +
 +
== auto login ssh ==
 +
{{:Secure Shell - auto login ssh}}
 +
 +
== Related Pages ==
 +
*[[Linux Remote Shell Notes]]
 +
*[[Remote File Copy from the Linux Command Prompt]]
  
  

Revision as of 15:31, 24 July 2020

Secure Shell (SSH) is a cryptographic network protocol for operating network services such as remote command-line, login, and remote command execution over an unsecured network in a secure way. SSH provides a secure channel over an unsecured network by using a client–server architecture, connecting an SSH client application with an SSH server. SSH is generally used to access Unix-like operating systems, but it can also be used on Microsoft Windows. Windows 10 uses OpenSSH as its default SSH client and SSH server.

SSH was designed as a replacement for Telnet and for unsecured remote shell protocols which would send information, notably passwords, in plaintext, rendering them susceptible to interception and recognition. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network such as the Internet. While Telnet was once widely used by administrators for remote management, it does not offer the security mechanisms like SSH, which establishes a secure connection from the host to the remote host.

Linux Secure Shell Support for Remote Login

Modern Ubuntu / Mint

I don't know why they do not include SSH by default. Allows remote secure terminal shell connection.

sudo apt install openssh-server openssh-client 
sudo service ssh start

Note: Added 10/17/2016 old less secure or compromised cyphers no longer configured, may cause connection problems with legacy ssh clients such as SecureCRT. ref: https://blog.hqcodeshop.fi/archives/245-SSH-connection-fails.html

use SSH to execute a remote command

You'll need to be able to ssh with automated password or enter the password each time you run the command.

Execute a remote command on a host over SSH:

ssh nicolep@192.168.100.10 'reboot'

The example above will reboot the remote computer.

Multiple commands

ssh nicolep@192.168.100.10 'uptime; df -h'

Show the kernel version, number of CPUs and the total RAM:

ssh root@192.168.100.10 << EOF
uname -a
lscpu  | grep "^CPU(s)"
grep -i memtotal /proc/meminfo
EOF

Here is how Nicole can execute her script on the remote computer

ssh nicolep@192.168.100.10 'bash -s' < nicolejob.sh

Nicole's script is local on her machine, and she executed it on the remote host.

auto login ssh

There is a key authentication system that can be used with OpenSSH. The OpenSSH ssh utility doesn't accept a password on the command line or on its standard input, except for prompting the user for password requiring manual interaction. By using the key authentication system you will not be prompted for a password.

OPTIONS FOR SSH AUTOMATED

  1. Use an SSH key for authentication, instead of a password.
  2. Use sshpass, expect, or a similar tool to automate responding to the password prompt.
  3. Use the SSH_ASKPASS feature to get ssh to get the password by running another program.
  4. Use the insecure host-based authentication, sometimes common on private networks.
  5. Use a custom or modified ssh client adapted from source code, or one that allows for stored password.

sshpass

Install the sshpass utility so that you can automate ssh login including password.

apt install sshpass

Now you can automate the login process

sshpass -p "mysecretpass" ssh -o StrictHostKeyChecking=no nicolep@192.168.100.10

Custom port example:

sshpass -p "mysecretpass" ssh -o StrictHostKeyChecking=no nicolep@192.168.100.10:9600

public key authentication

BEFORE MAKING NEW KEY PAIRS: Try to Find an Existing Secure Shell Key Pair. See if you already have a .ssh under your home directory. If you already have a key pair then you should not need to make a new key pair.

In the source host run this only once:

ssh-keygen -t rsa 

Now you've generated the public key. It needs to be copied onto the remote host.

ssh-copy-id -i ~/.ssh/id_rsa.pub nicolep@192.168.100.10

add identities to the ssh-agent – the authentication agent on the local host.

ssh-add

now press ENTER to every field

ssh-copy-id nicolep@192.168.100.10

expect

Example script

#!/usr/bin/expect

set timeout 15

set cmd [lrange $argv 1 end]
set password [lindex $argv 0]

eval spawn $cmd
expect "assword:"
send "$password\r";
interact

Another example

#!/usr/bin/expect -f
#  ./ssh.exp password 192.168.100.10 id
set pass [lrange $argv 0 0]
set server [lrange $argv 1 1]
set name [lrange $argv 2 2]

spawn ssh $name@$server
match_max 100000
expect "*?assword:*"
send -- "$pass\r"
send -- "\r"
interact

And finally, a more elaborate example can be found here:

Related Pages