To use ssh, you must first install the openssh package on your system
from your distribution media. This package includes both the sshd
daemon and the ssh client. OpenSSH is usually installed by default on
most Linux distributions. You can use the package management utility
of your choice to verify that it has been installed on your system.
The process of configuring OpenSSH involves configuring both the SSH
server and the SSH client.
You configure the sshd daemon using the
/etc/ssh/sshd_config
file.
The ssh client, on the other hand, is configured using the
/etc/ssh/ssh_config file
or the
~/.ssh/ssh_config
file.
Let’s look at configuring the SSH server (sshd) first. There are many
directives within the
/etc/ssh/sshd_config
file. The good news is that after you install the openssh package, the default parameters work
very well in most circumstances. To get sshd up and running, you shouldn’t have to make many changes to the sshd_config file. Some of the more useful parameters in this file include those shown in Table 18-1.
The ssh client on a Linux system is configured using the
/etc/ssh/ssh_config
file.
The
/etc/ ssh/ssh_config
file is used to specify default parameters for all users running ssh on the system.
A user can override these defaults using the
~/.ssh/ssh_config
file in his or her home directory. The precedence for ssh client configuration
settings are as follows:
1. Any command-line options included with the ssh command at the shell prompt
2. Settings in the ~/.ssh/ssh_config file
3. Settings in the /etc/ssh/ssh_config file
As with the sshd daemon, the default parameters used in the ssh_config
file usually work without a lot of customization. However, some of the
more useful parameters that you can use to customize the way the ssh
client works are listed in Table 18-2.
Of course, before you can connect to an SSH server, you must open up
port 22
in the host- based firewall of the system where sshd is
running. For example, in Figure 18-4, the YaST Firewall module has
been loaded on a SUSE Linux Enterprise Server 10 system and configured
to allow SSH traffic through.
After configuring your firewall, you can load the ssh client on your
local computer and connect to the sshd daemon on the remote Linux
system by entering
ssh –l user_name ip_address
TIP
Don’t forget the –l parameter. If you don’t, the SSH client will
attempt to authenticate you to the remote system using the same
credentials you used to authenticate to the local system. If the
credentials are the same onboth the client and server systems, you’ll
still be able to authenticate. But if they aren’t, you won’t be able
to authenticate.
For example, if I wanted to connect to a remote Linux system with a
hostname of fedora (which has an IP address of 10.0.0.85) as the user
student using the ssh client on a local computer system, I would enter
ssh –l student fedora
at the shell prompt. This is shown in Figure 18-5.
Notice in Figure 18-5 that I was prompted to accept the public key
from the fedora host because this was the first time I connected to
this particular SSH server. Once done, I was authenticated to the
remote system as the student user (notice the change in the shell
prompt). At this point, I have full access to the shell prompt on
fedora and I can complete any task that I could if I were sitting
right at the console of the remote system. To close the connection, I
just enter exit at the shell prompt.
LX0-104 Exam Objectives (X)
No comments:
Post a Comment