wikiacademia

site

ssh notes

The new cs.marlboro.edu is using OpenSSH, the default which came with Fedora Core 2. Most of the defaults in /etc/ssh/ssh_config and /etc/ssh/sshd_config worked fine, though these are on - I don't think that's the default. -- sshd_config -- X11Forwarding yes -- ssh_config -- Host * ForwardX11 yes --------- old_cs notes - a bit dated as of September '04 ---------------------- 11/21/03 * played around with public key authentication and (finally!) got everything working. Took me a lot of playing around, though after it started working I'm not quite sure why. Here's the summary of the final version. (1) For reasons that I still don't understand, the sshd from OpenSSH doesn't work right when I do "ssh -X " to cs from big.marlboro.edu. So I'm using sshd2 from ssh.com instead, (chkconfig sshd off; chkconfig sshd2 on) even though the rest of the campus (except Mark on bob) is using OpenSSH. (ssh.com's license lets educational folks use it for free, but all the open source folks use OpenSSH. Not everybody's a college.) (2) It *is* possible to get OpenSSH and ssh.com to play nicely with each other's public/private keys. But it takes a bit of work. First, make sure that "AgentForwarding yes" is turned on in * /etc/ssh/ssh_config (OpenSSH) , which it is not by default, and/or * /etc/ssh2/ssh2_config (ssh.com), which it is by default. (Ditto for X11 forwarding.) Second, set up the OpenSSH keys: Use ssh-keygen from OpenSSH to make yourself a public/private key pair. I took all the defaults. $ cd ~/.ssh/ $ ssh-keygen -t rsa Copy the public part into a special file called "authorized_keys". (id_rsa.pub, id_rsa are used by ssh for outgoing connections; authorized_keys are used by sshd for incoming connections.) Then copy id_rsa.pub, id_rsa to machines you want to ssh from, and ~/.ssh/authorized_keys to machines you want to ssh to. Behind the scenes ssh and sshd are using ssh-agent and ssh-add (which you can use by hand) to do the public/private handshake, but all that happens by itself if all is going well. To do the same thing for ssh.com's ssh2/sshd2, first translate the keys $ ssh-keygen -e -f id_rsa.pub > id_rsa_ssh2.pub $ ssh-keygen -e -f id_rsa > id_rsa_ssh2 and then move the new files to ~/.ssh2/ Finally, create two more files which point to the public/private keys. #-- ~/.ssh2/identification -- idkey id_rsa_ssh2 #-- ~/.ssh2/authorization -- key id_rsa_ssh2.pub Note that all this makes things like automated rsync a lot easier, too.
http://cs.marlboro.edu/ courses/ spring2007/ ssh_notes
last modified Tuesday February 6 2007 2:39 pm EST