Wednesday, 6 March 2019

Fun with SSH

SSH to a remote host


This is the simplest way and will prompt for the remote users password every time.

ssh raspberrypi

If you need to login to the remote server under a different username then use:

ssh user@remote-host

If this is the first time you have used ssh to connect to this server you will see the below text.
The authenticity of host 'raspberrypi (xxx.xxx.xxx.xxx)' can't be established.
ECDSA key fingerprint is SHA256:??????????.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'raspberrypi,xxx.xxx.xxx.xxx' (ECDSA) to the list of known hosts.
Enter the remote users password and then you are in.

james@raspberrypi's password:
Linux raspberrypi 4.19.25-v7+ #1205 SMP Mon Feb 25 18:19:20 GMT 2019 armv7l
Last login: Wed Mar  6 10:55:48 2019 from yyy.yyy.yyy.yyy
Logout of the remote connection.

james@raspberrypi:~ $ logout
Connection to raspberrypi closed.

Automatic login to remote host (no password required)


You can set things up to allow you to ssh to a remote host without entering a password.
This is quick, but if you use a common account anybody will be able to login to the remote host without a password.

First you need to generate a key.

james@LAPTOP:~$ ssh-keygen

Accept the default file location and when prompted press enter rather than entering a password.
Generating public/private rsa key pair.
Enter file in which to save the key (/home/james/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/james/.ssh/id_rsa.
Your public key has been saved in /home/james/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:??????????. james@LAPTOP
The key's randomart image is:
+---[RSA 2048]----+
|                 |
+----[SHA256]-----+
Now we need to copy the key to the remote host.

james@LAPTOP:~$ ssh-copy-id raspberrypi
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/james/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
 james@raspberrypi's password:
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh 'raspberrypi'" and check to make sure that only the key(s) you wanted were added.

james@LAPTOP:~$ ssh raspberrypi
Linux raspberrypi 4.19.25-v7+ #1205 SMP Mon Feb 25 18:19:20 GMT 2019 armv7l
Last login: Wed Mar  6 11:00:25 2019 from yyy.yyy.yyy.yyy
james@raspberrypi:~ $ logout
Connection to raspberrypi closed.

Automatic login to remote host (Key password required)


This time we are going to enter a passphrase when we run ssh-keygen to make connecting to the remote host a little more secure.

james@LAPTOP:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/james/.ssh/id_rsa):
/home/james/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/james/.ssh/id_rsa.
Your public key has been saved in /home/james/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:??????????. james@LAPTOP
The key's randomart image is:
+---[RSA 2048]----+
|                 |
+----[SHA256]-----+
james@LAPTOP:~$ ssh-copy-id raspberrypi
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/james/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
 james@raspberrypi's password:
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh 'raspberrypi'" and check to make sure that only the key(s) you wanted were added.
This time connecting to the remote host prompts for the passphrase not the remote password.

james@LAPTOP:~$ ssh raspberrypi
Enter passphrase for key '/home/james/.ssh/id_rsa':
Linux raspberrypi 4.19.25-v7+ #1205 SMP Mon Feb 25 18:19:20 GMT 2019 armv7l
Last login: Wed Mar  6 11:05:14 2019 from yyy.yyy.yyy.yyy
james@raspberrypi:~ $ logout
Connection to raspberrypi closed.

Automatic login to remote host multiple times (Key password required once)


This is slightly different and will prompt for the passphrase once and allow multiple ssh login without prompting again.
It assume that you have already run ssh-keygen and entered a passphrase as in the above example.

Start running the ssh agent for your session.

james@LAPTOP:~$ eval $(ssh-agent -s)
Agent pid 382
Add you key to the agent.

james@LAPTOP:~$ ssh-add
Enter passphrase for /home/james/.ssh/id_rsa:
Identity added: /home/james/.ssh/id_rsa (/home/james/.ssh/id_rsa)
When you ssh to the remote host it will not prompt you for your passphrase.

james@LAPTOP:~$ ssh raspberrypi
Linux raspberrypi 4.19.25-v7+ #1205 SMP Mon Feb 25 18:19:20 GMT 2019 armv7l
Last login: Wed Mar  6 11:09:13 2019 from yyy.yyy.yyy.yyy
 james@raspberrypi:~ $ logout
Connection to raspberrypi closed.
Again, logging in for a second or subsequent times will also not require a password in this session.

james@LAPTOP:~$ ssh raspberrypi
Linux raspberrypi 4.19.25-v7+ #1205 SMP Mon Feb 25 18:19:20 GMT 2019 armv7l
Last login: Wed Mar  6 11:13:49 2019 from yyy.yyy.yyy.yyy
 james@raspberrypi:~ $ logout
Connection to raspberrypi closed.
Kill off the ssh agent.

james@LAPTOP:~$ eval $(ssh-agent -k)
Agent pid 382 killed
If you were now to attempt to ssh to the remote host again it will prompt for the passphrase.

No comments:

Post a comment

Oracle CPU downloader

Every quarter I have to go through and download numerous patches for the Oracle CPU (Critical Patch Update). You have to view the CPU docume...