1. Computing

Discuss in my forum

Introduction to Linux

By Machtelt Garrels

connection is opened. The real authentication cookie is never sent to the server machine (and no cookies are sent in the plain).

Forwarding of arbitrary TCP/IP connections over the secure channel can be specified either on the command line or in a configuration file.


       The X server
        

This procedure assumes that you have a running X server on the client where you want to display the application from the remote host. The client may be of different architecture and operating system than the remote host, as long as it can run an X server, such as Cygwin (which implements an XFree86 server for MS Windows clients and others) or Exceed, it should be possible to set up a remote connection with any Linux or UNIX machine.

10.3.4.3. Server authentication

The ssh client/server system automatically maintains and checks a database containing identifications for all hosts it has ever been used with. Host keys are stored in $HOME/.ssh/known_hosts in the user's home directory. Additionally, the file /etc/ssh/ssh_known_hosts is automatically checked for known hosts. Any new hosts are automatically added to the user's file. If a host's identification ever changes, ssh warns about this and disables password authentication to prevent a Trojan horse from getting the user's password. Another purpose of this mechanism is to prevent man-in-the-middle attacks which could otherwise be used to circumvent the encryption. In environments where high security is needed, sshd can even be configured to prevent logins to machines whose host keys have changed or are unknown.

10.3.4.4. Secure remote copying

The SSH suite provides scp as a secure alternative to the rcp command that used to be popular when only rsh existed. scp uses ssh for data transfer, uses the same authentication and provides the same security as ssh . Unlike rcp , scp will ask for passwords or passphrases if they are needed for authentication:


   

 
lenny /var/tmp> scp Schedule.sdc.gz blob:/var/tmp/
 lenny@blob's password:
 Schedule.sdc.gz 100% |*****************************| 100 KB 00:00
 
 lenny /var/tmp>
 

Any file name may contain a host and user specification to indicate that the file is to be copied to/from that host. Copies between two remote hosts are permitted. See the Info pages for more information.

If you would rather use an FTP-like interface, use sftp :


   

 
lenny /var/tmp> sftp blob
 Connecting to blob...
 lenny@blob's password:
 
 sftp> cd /var/tmp
 
 sftp> get Sch*
 Fetching /var/tmp/Schedule.sdc.gz to Schedule.sdc.gz
 
 sftp> bye
 
 lenny /var/tmp>
 


       Secure copy or FTP GUIs
        

Don't feel comfortable with the command line yet? Try Konqueror 's capabilities for secure remote copy, or install Putty .

10.3.4.5. Authentication keys

The ssh-keygen command generates, manages and converts authentication keys for ssh . It can create RSA keys for use by SSH protocol version 1 and RSA or DSA keys for use by SSH protocol version 2.

Normally each user wishing to use SSH with RSA or DSA authentication runs this once to create the authentication key in $HOME/.ssh/identity , id_dsa or id_rsa . Additionally, the system administrator may use this to generate host keys for the system.

Normally this program generates the key and asks for a file in which to store the private key. The public key is stored in a file with the same name but .pub appended. The program also asks for a passphrase. The passphrase may be empty to indicate no passphrase (host keys must have an empty passphrase), or it may be a string of arbitrary length.

There is no way to recover a lost passphrase. If the passphrase is lost or

  1. About.com
  2. Computing
  3. Linux

©2014 About.com. All rights reserved.