Setting up SSH server in Fedora 16: Theory and Configuration Details

rlogin and ssh are used to login to remote server. They are very useful tool to login to the remote machine and access the resources available. Rlogin and ssh both are used for this purpose. The only difference between them is in security aspect. In rlogin, all information, including passwords, is transmitted unencrypted (making it vulnerable to interception). So now-a-days ssh (secured shell) is used most often.

The original Berkeley package which provides rlogin also features rcp (remote-copy, allowing files to be copied over the network) and rsh (remote-shell, allowing commands to be run on a remote machine without the user logging into it). These share the hosts.equiv and .rhosts access-control scheme (although they connect to a different daemon, rshd), and as such suffer from the same security problems. The ssh suite contains suitable replacements for both: scp replaces rcp, and ssh itself replaces both rlogin and rsh.



Steps needed to configure SSH server in Fedora 16


First of all, you need to have ssh server installed on your machine. For this use this command in your terminal

su
Password:
$ yum -y install openssh-server.x86_64

Note: the version may be different in different machine.
Run the server using this command

$ service sshd start

You can verify the sshd service is running using following command

$ service sshd status

Now you successfully installed the ssh server on your machine.

Before using the ssh command, let’s check some things that may block the ssh. If you are using firewall, then make sure firewall is allowing ssh. And also make sure ssh is listening on port 22. (You can change the port although). For this you can use the following command

netstat -tnlp | grep :22
tcp        0      0 0.0.0.0:22          0.0.0.0:*           LISTEN      6809/sshd
tcp        0      0 :::22               :::*                LISTEN      6809/sshd


The above output is indicating that sshd is listening on all available ipv4 and ipv6 interfaces. If yours is different then you should check the ListenAddress directives in your sshd_config file.

It’s time to add some users who may log on to your system. To add new user, go to super user mode and use this command (Here I add Sudip Kafle to my server)

$ useradd sudip -c “Sudip Kafle”
$ passwd sudip

Now let’s add sudip to sshusers group

$ usermod -a -G sshusers sudip

Now you are done, you installed ssh server, run it, configure it, added user and finally added this user to ssh user group. Now it’s time to connect to this server from work-station (sudip’s machine). There are two ways to do this, 1. Using password authentication 2. Using ssh keygen.


Using Password Authentication

Open /etc/ssh/sshd_config using vi and set

PasswordAuthentication yes

Now enter the following command in Sudip’s terminal to connect to the server (suppose your server’s ip is 192.168.1.123)

[sudip@localhost ~]$ ssh [email protected]
[email protected]’s password:
Last login: Tue Feb 26 18:16:36 2013 from 192.168.1.120
[sudip@localhost ~]$

Using a Key-Based Authentication

Again open /etc/ssh/sshd_config and set

PasswordAuthentication no

Follow the following steps:

1. Generate an RSA key pair by typing the following at a shell prompt:

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/sudip/.ssh/id_rsa):

2. Next it will prompt for the passphrase you wish to use. This is basically the password for your key. This is the password ssh-agent will use to authenticate to all your machines that have your public key.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/sudip/.ssh/id_dsa.
Your public key has been saved in /home/sudip/.ssh/id_dsa.pub.
The key fingerprint is:
11:0b:fd:93:f0:e4:1c:c1:03:45:99:0e:83:ea:36:0e

3. Now if you list the contents of your .ssh directory you should see your private and public key.

[sudip@localhost]$ ls .ssh
id_dsa id_dsa.pub

3. Now that you have generated your keys you need to put your public keys in the authorized keys file on all the machines you wish to connect to using ssh.


[sudip@localhost]$ scp .ssh/id_dsa.pub :

scp will prompt you for the password to the remote machine. After entering that, the public key will be sitting in your home directory on the remote machine.
Connect to the remote machine and cat the contents of the public key to a file called authorized_keys in your .ssh directory of your home directory.


[sudip@localhost]$ cat id_dsa.pub >> .ssh/authorized_keys

Secured Copy (Scp)

The scp command can be used to transfer files between machines over a secure, encrypted connection. It is similar to rcp.
The general syntax to transfer a local file to a remote system is as follows:


scp
        username@tohostname:

For example,  sudip try to copy his file hello.txt from his machine to my server at 10.200.1.70 then he should enter following command
           
scp hello.txt [email protected]:

Note: Don’t forget to write : after the server’s ip address. Otherwise the content of file hello.txt will be copied in file name [email protected] in your local client.