Search This Blog


Friday, December 2, 2011

Understand SHell Security: SSH and OpenSSH

The Security SHell (or SSH ) is a remote access tool widely used in Unix systems. Sitema its implementation in GNU / Linux is called OpenSSH.

OpenSSH is not the only option available for remote access NIX systems, we can mention others such as telnet, rlogin, rcp etc., but only the OpenSSH works safely, the key systems using public key private key x of variable size and can be either RSA or DSA primary protocol. In addition, the package works with Procol TCP and its connection usually occurs on port 22 .

The OpenSSH package consists of several programs, which are:

sshd , the daemon responsible for managing the connections to the system.

ssh , client program for connections to other systems.

scp program, which lets you copy files directly from one system to another.

sftp-server , ftp server secure

sftp , secure ftp client

ssh-keygen , program used to generate keys for client access. (See below on the authorized_keys file)

ssh-agent , authentication agent;

ssh-add adds authentication keys to the authentication program;

ssh-keyscan seeks public keys on a given server;

ssh-keysign , wizard for creating host-based authentication;


The server's configuration files are saved in / etc / ssh client and may be related to this directory as well in ~ /. Ssh. In the case of files found in etc, except where noted otherwise, the files belong to root and 644 permission possess. Finally, the files are:

/ Etc / ssh / sshd_config file, the ssh daemon configuration;

/ Etc / ssh / ssh_config , Arquier ssh client configuration;

~ / .ssh / Config , the personal configuration file ssh clients for each user.;

/ Etc / ssh_know_hosts , public key servers apply to all users;

~ / .ssh / Know_hosts stores the public keys are valid for a particular user;

~ / .ssh / Authorized_keys , optional file that prevents the password typing in certain servers, it is stored the passwords generated by ssh-keygen;

/ Etc / ssh / ssh_host_dsa_key , where file is stored at DSA server private key, only root has access to this file (permission 600);

/ Etc / ssh / ssh_host_rsa_key , where file is stored at the server RSA private key, only root has access to this file (permission 600);

/ Etc / ssh / ssh_host_dsa_key.pub , where file is stored at the server public DSA key;

/ Etc / ssh / ssh_host_rsa_key.pub , where file is stored at the server's RSA public key;

Like other network services, access via ssh can be allowed or denied through TCPWrappers and login non root users can be denied by the existence of the file / etc / nologin .
Posted by: Admin
Easy Learn Computer, Updated at: 1:51 AM

0 komentar:

Post a Comment

If you want to comment, We appreciate.
Please do not include a link, use the Link Exchange Facility