Setting up SSH server in Fedora 16 : Theory and Configuration Details
rlogin and ssh are used to login to remote server. They are very useful tool to login to the remote machine and access the resources available. Rlogin and ssh both are used for this purpose. The only difference between them is in security aspect. In rlogin, all information, including passwords, is transmitted unencrypted (making it vulnerable to interception). So now-a-days ssh (secured shell) is used most often.
The original Berkeley package which provides rlogin also features rcp (remote-copy, allowing files to be copied over the network) and rsh (remote-shell, allowing commands to be run on a remote machine without the user logging into it). These share the hosts.equiv and .rhosts access-control scheme (although they connect to a different daemon, rshd), and as such suffer from the same security problems. The ssh suite contains suitable replacements for both: scp replaces rcp, and ssh itself replaces both rlogin and rsh.
Steps needed to configure SSH server in Fedora 16
First of all, you need to have ssh server installed on your machine. For this use this command in your terminal
$ yum -y install openssh-server.x86_64
Note: the version may be different in different machine.
Run the server using this command
$ service sshd start
You can verify the sshd service is running using following command
$ service sshd status
Now you successfully installed the ssh server on your machine.
Before using the ssh command, let’s check some things that may block the ssh. If you are using firewall, then make sure firewall is allowing ssh. And also make sure ssh is listening on port 22. (You can change the port although). For this you can use the following command
netstat -tnlp | grep :22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 6809/sshd
tcp 0 0 :::22 :::* LISTEN 6809/sshd
The above output is indicating that sshd is listening on all available ipv4 and ipv6 interfaces. If yours is different then you should check the ListenAddress directives in your sshd_config file.
It’s time to add some users who may log on to your system. To add new user, go to super user mode and use this command (Here I add Sudip Kafle to my server)
$ useradd sudip -c “Sudip Kafle”
$ passwd sudip
Now let’s add sudip to sshusers group
$ usermod -a -G sshusers sudip
Now you are done, you installed ssh server, run it, configure it, added user and finally added this user to ssh user group. Now it’s time to connect to this server from work-station (sudip’s machine). There are two ways to do this, 1. Using password authentication 2. Using ssh keygen.
Using Password Authentication
Open /etc/ssh/sshd_config using vi and set
Now enter the following command in Sudip’s terminal to connect to the server (suppose your server’s ip is 192.168.1.123)
1. Generate an RSA key pair by typing the following at a shell prompt:
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/sudip/.ssh/id_rsa):
Enter same passphrase again:
Your identification has been saved in /home/sudip/.ssh/id_dsa.
Your public key has been saved in /home/sudip/.ssh/id_dsa.pub.
The key fingerprint is:
3. Now if you list the contents of your .ssh directory you should see your private and public key.
[[email protected]]$ ls .ssh
3. Now that you have generated your keys you need to put your public keys in the authorized keys file on all the machines you wish to connect to using ssh.
scp will prompt you for the password to the remote machine. After entering that, the public key will be sitting in your home directory on the remote machine.
Connect to the remote machine and cat the contents of the public key to a file called authorized_keys in your .ssh directory of your home directory.
[[email protected]]$ cat id_dsa.pub >> .ssh/authorized_keys
Secured Copy (Scp)
The general syntax to transfer a local file to a remote system is as follows:
For example, sudip try to copy his file hello.txt from his machine to my server at 10.200.1.70 then he should enter following command
scp hello.txt [email protected]: