Basic SSH

IntnsRed's picture

Software: 

Just basic shh information.

Secure SHell allows a user to securely login to a remote machine from a terminal and execute commands as if sitting at the rhost's keyboard.

To login to a remote machine:
$ssh user@rhost

//////////////////////////////////////////////////////////////////////
*Sources of info:
$man ssh
"Setting Up SSH Keys"

//////////////////////////////////////////////////////////////////////
*More secure

The connection data is encrypted so ssh can be used over an insecure network (read the internet).
The sshd runs in the backround and listens for connections on port 22 by default. So if you don't want anyone to be able to login to your machine remotely then you have to change the default behaviour or block that port/protocol on your favourite firewall. Having said that if you have chosen all your account passwords wisely then you are quite secure, see bellow.

You can of course be more secure by not running the sshd at all if you never plan to use it or not allowing password only login's (by using keys). Or setting up your firewall to only accept connections on that port/protocol from specific hosts, MAC addresses or IP address that you would like to use ssh from.

For sshd exposed to the internet:
Beware that dictionary attacks are fairly common. I have counted >11 different IP addresses each trying this in a week and I don't run a well publicised site! So for improved security I would suggest one or more of the following:

1. Use a non standard port since port 22 is obviously targeted.
2. Don't allow direct root login since then user_name=root and now only the password has to be guessed. Login as user then su, now 3 things have to be guessed.
3. Don't use real 'dictionary' words for user_names or passwords. eg Jared+exponential may seem hard to guess but both exist. Perhaps jaredss5+Supe537surfe or the such would be a better way to construct user+pass.
4. Commonly tried user_names are: user, test, future, admin, root, www, web. So beware that you have not left one of these lying around and that they don't have ssh rights.

To see if ssh is running:
$ps -A|grep ssh

4036 ? 00:00:00 ssh-agent
4263 ? 00:00:00 sshd

sshd is the daemon
ssh-agent starts with X not much use without sshd.

//////////////////////////////////////////////////////////////////////

*