What is OpenSSH ?
- OpenSSH is OpenBSD Secure Shell.
- OpenSSH is a open source version of the SSH connectivity tools that IT rely on.
- Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, man-in-the-middle attack, hijacking, and other attacks.
- OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.
- OpenSSH can forward remote TCP ports over a secure tunnel. X Window System tunnel can be created automatically when using OpenSSH to connect to a remote host, and other protocols same with HTTP and VNC.
- If we concerned about hacker intercepting your clear-text password, We have to consider installing SSH on you Linux box. Because it encrypts our communication over network, it’s a viable alternative to RSH commands, as well as Telnet.
Basic Knowledge about OpenSSH
- Secure Shell packages
- openssh-* : core files for SSH client and SSH Server.
- openssh-askpass-gnome-* : Files support passphrase management inside GNOME.
- openssh-askpass* : Files support GUI management of SSH passphrases.
- openssh-clients-* : files for SSH clients.
- openssh-server-* : files for SSH Servers.
- SSH Configuration
- The main configuration file is /etc/sshd/sshd_config. On this file, we can modify the settings for special TCP/IP port, limit access to different IP Address, modify size of encryption keys, to override RSH authentication, and to enable Kerberos.
- After we installed OpenSSH, next step is to create private and public encryption keys. We keep private key secure on Linux, public key allow others to scramble the messages they send to us. Alternatively, messages that we send are encrypted with private key, they include public key, which is used to unscramble the message only on destination.
- 2 basic SSH commands allow us to create private and public keys: ssh-keygen -t rsa and ssh-keygen -t dsa.
- The first time when we connect to one remote server by SSH we can see:
- The authenticity of host 192.168.0.105 can’t be established. RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx . Are you usre you want to continue (yes/no)?
- Select Yes, and enter our password and we can work on that remote host with encrypted communication.
- Troubleshooting if we can not access SSH
- SSH services is installed ? We can check by rpm -qa | grep openssh*
- Check service is up or not ? We can check by netstat -nutlap | grep openssh
- Check service security configuration file ? We can check on ssh configuration file.
- Check xinetd service by /etc/hosts.allow and /etc/hosts.deny files.
- Check iptables firewall by iptables -L command.
Thanks for using IThelpblog.com.