Tuesday, August 2, 2016

SSH

how to increase ssh time (putty)

create config file under .ssh
[root@localhost ~]# vim .ssh/config 
add below entry under config file

Host *
ServerAliveInterval 60
wq!

reload or restart sshd service



[root@Localhost Desktop]# rpm -qa | grep ssh  - package check not found

[root@Localhost Desktop]# yum install *ssh*   or    yum install openssh*

[root@Localhost Desktop]# rpm -qa | grep ssh  - package check after installation
libssh2-docs-1.4.2-1.el6_6.1.x86_64
trilead-ssh2-213-6.2.el6.noarch
libssh2-devel-1.4.2-1.el6_6.1.x86_64
openssh-askpass-5.3p1-112.el6_7.x86_64
pam_ssh_agent_auth-0.9.3-112.el6_7.x86_64
openssh-5.3p1-112.el6_7.x86_64
openssh-clients-5.3p1-112.el6_7.x86_64
ksshaskpass-0.5.1-4.1.el6.x86_64
openssh-ldap-5.3p1-112.el6_7.x86_64
openssh-server-5.3p1-112.el6_7.x86_64
trilead-ssh2-javadoc-213-6.2.el6.noarch
libssh2-1.4.2-1.el6_6.1.x86_64
---------------------------------------------------------------------------------------------------------------------
[root@Localhost Desktop]# /etc/init.d/sshd restart   ---------start or restart ssh server
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]
---------------------------------------------------------------------------------------------------------------------
[root@Localhost Desktop]# telnet 127.0.0.1 22   ----check port status

[root@Localhost Desktop]# nc localhost 22

[root@Localhost Desktop]# netstat -tulnp | grep -i 22
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      10291/sshd         
tcp        0      0 :::22                       :::*                        LISTEN      10291/sshd         
---------------------------------------------------------------------------------------------------------------------
[root@Localhost Desktop]# /etc/init.d/sshd status   ----- check SSH status
openssh-daemon (pid  10291) is running...
---------------------------------------------------------------------------------------------------------------------
[root@Localhost Desktop]# ps -ef | grep -i sshd   ----- check server & port
root     10291     1  0 07:11 ?        00:00:00 /usr/sbin/sshd
root     10332  7657  0 07:19 pts/0    00:00:00 grep -i sshd
---------------------------------------------------------------------------------------------------------------------
[root@Localhost Desktop]# vi /etc/sshd/ --root path of SSH
---------------------------------------------------------------------------------------------------------------------
[root@Localhost ~]# vim /etc/ssh/sshd_config   --------------SSH configuration fil e
#Port 22 -----------------------port settings, we can manage

# Authentication:
PermitRootLogin no   -----------uncomment and type no for disable ssh root login 
---------------------------------------------------------------------------------------------------------------------
[root@Localhost ~]# /etc/init.d/sshd reload   ---- reload service
Reloading sshd:                                            [  OK  ]
---------------------------------------------------------------------------------------------------------------------
  


SERVER


CLIENT
rpm –qa | grep –i ssh
no need to installed ssh service
yum install *ssh*
ssh – client / command / utitlity
Ssh-*  ---not work
( usr/bin/ssh ) – just a command
used *ssh* - package name is – openssh
ssh 192.168.1.14 – (server ip )
Yum install openssh*
If stop sshd service but ssh cmd is working
/etc/init.d/sshd used tab tab restart
Port - 22
/etc/init.d/sshd restart
When used for connect server to used
random port
ssh port - 22
telnet localhost 22
ssh < server ip >
nc localhost 22
ssh 192.168.1.14
netstat – tulnp | grep –i 22
its refers /etc.service file for port  to connect server side
/etc/init.d/sshd status
ps –ef | grep –i sshd – check server & port
1 ) # ssh champu@192.168.1.14
we can login through user also
2 ) #ssh 192.168.1.14 –l champu
Always disable root login for ssh
OS Harening  -- 1 step
vi /etc/sshd/ --root path
Copy files on server
vi /etc/sshd/sshd_config  –configuration file of
sshd
PermitRootLogin no – uncommnet (# ) & type no for disable root login
scp /mnt/* champu@192.168.1.14:/opt/
rsync /mnt/* champu@192.168.1.14:/opt/


/etc/init.d/sshd reload  - reload service

we can change sshd port
example : 22
change poer : 222

After change port – access ssh

ssh 192.168.1.14 –p 222

Change in /etc/service file
HOW TO SSH WORK

1) – client request to server
2) server send public key  --- public key travel on network
3) client send public key   --- public key travel on network
4) Server send privet key ( give access to client )



Encrymtion type

1 - MD5
2 - SNA
3 - RSA -- Rivert Shamim Adelmen -- name of persons
4 - DSA

Ssh generate two keys on server
1) ---    public key
2) ---    private key

SSH used RSA encryption  ----- Rivert Shamim Adelmen



SERVER


CLIENT
#cd /etc/ssh
Public key store in below path
#ls

/root/.ssh/know_hosts – public key
Public_key and private_key

/champu/.ssh/know_hosts – public key

No comments:

Post a Comment