IT Management Daily
Storage Daily
Security Daily
 FREE NEWSLETTERS
search
 

follow us on Twitter


internet.commerce
Be a Commerce Partner

internet.com
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers



Related Articles
Linux and UNIX How To: Scripting SSH and SFTP
OpenSSH Speed Tips and Tricks

Networking Products
 ThinVNC (SupportSmith)
 Axence nVision (Axence Software, Inc.)
 SupportSmith v2 (SupportSmith)
 Exchange Server Recovery Toolbox (Recovery ToolBox)
 Zenoss Core (Zenoss)
 Kool Keyword Density Tool (Software for Marketing)
» Enterprise IT Planet » Networking » Networking Features

Mastering SSH: Connecting, Executing Remote Commands and Using Authorized Keys

By Jeremy M. Jones
December 31, 2008

Email Print Digg This Add to del.icio.us

The ssh command line utility is a staple for people who work on remote systems. ssh stands for "secure shell," so as you may expect one of its most common uses is as a remote shell. While that is perhaps its most common use, it isn't the only, or most interesting, thing you can do with ssh.

Creating a Connection

In order to do anything over ssh, you first need to establish a connection to a remote server. There are a number of command line arguments that you can use with the ssh command line utility, but I'll leave it to man ssh to discuss the majority of them. The most basic commandline arguments are ssh address where "address" is the hostname or IP address of the server you want to connect to. Here is an example of connecting to a remote system for the first time:

dink:~ jmjones$ ssh 192.168.1.20
The authenticity of host '192.168.1.20 (192.168.1.20)' can't be established.
RSA key fingerprint is 24:1e:2e:7c:3d:a5:cd:a3:3d:71:1f:6d:08:3b:8c:93.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.20' (RSA) to the list of known hosts.

Earlier I said that "ssh" stands for "secure shell." ssh is very concerned about security. The message "The authenticity of host '192.168.1.20 (192.168.1.20)' can't be established" shows this security focus. This message just means my ssh client doesn't know the remote server. I use the word "client" here and throughout this article because the ssh command line utility initiates the network connection and that makes it, by definition, a network client.

After informing me that it didn't know the remote server, the utility then asked me if I wanted to continue connecting. I answered "yes" because I knew that the server I was connecting to was the server I really intended to connect to. Typically, it is safe to answer "yes" to this question. The danger, though, is that some bad person with questionable motives might be impersonating the server you are attempting to connect to. After I answered "yes" to continue connecting, my ssh client updated the file $HOME/.ssh/known_hosts with the following text:

192.168.1.20 ssh-rsa ^4rsa5jmjones6cd7jmjones8^/^9cd10^+9^11yc12yc13rsa14AAAAB15^+^16rsa17AAAAB18^99u2^19oT20oT21^7N7^22AAAAB23^+^24cd25^5f+^26ykuwQcXI27EAAAABIwAAAQEAvb28jmjones29oT30commandline31^2Ax3J88^32commandline33yc34^+rOB+gOdRaD+NTkuzrB/^38oT39^50L6^40oT41AAAAB42^61rq+9v+4^44AAAAB45rsa46ykuwQcXI47^5q1P11^48AAAAB49gcgPr50^==

The next time I connect to the same server, my ssh client will check the "known_hosts" file to see if this really is the same server. If the information that the server passes back to my client doesn't match what is in the "known_hosts" file, I will see error like this:

dink:~ jmjones$ ssh 192.168.1.20
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
24:1e:2e:7c:3d:a5:cd:a3:3d:71:1f:6d:08:3b:8c:93.
Please contact your system administrator.
Add correct host key in /Users/jmjones/.ssh/known_hosts to get rid of this message.
Offending key in /Users/jmjones/.ssh/known_hosts:1
RSA host key for 192.168.1.20 has changed and you have requested strict checking.
Host key verification failed.

Password Authentication

I'll pick back up with the prior example, the one in which I answered "yes" to continue. After answering "yes," I was prompted for a password. Here is the remainder of that interaction:

jmjones@192.168.1.20's password:
Be careful.
No mail.
Last login: Tue Dec 30 06:36:20 2008 from dink
jmjones@ezr:~$

I typed in the password and my ssh client dropped me into an interactive shell on the remote server. You can see the tell-tale signs of logging into a Linux server: the "message of the day" (aka MOTD), a message regarding having no waiting email, a message of when I logged in last, and a shell prompt. At this point, it was as if I were logged in locally to the server.

Page 2: Authorized Keys

Go to page: 1  2  Next  

Email Print Digg This Add to del.icio.us

Networking Features Archives


Latest Forum Thread
     Enterpriseitplanet Forum
Topic By Replies Updated
using multiple static ip's on multiple applications adrianleo 15 8-30-2010 11:45 AM
No Internet Access; Lan Connection Only Benjy_Harper 1 8-27-2010 08:12 AM
Hello everyone ua549 13 8-24-2010 06:52 AM
Need to share between 2 networks Murphie 6 8-7-2010 04:53 PM
repeaters and access points milanezi 3 7-5-2010 11:50 AM