Tip

Setting up SSH2 on Red Hat Enterprise Linux

This tip describes how to set up SSH2 (Secure Shell) on Red Hat Enterprise Linux (RHEL) and to use encryption keys instead of passwords. This will enable the administrator to connect in a quicker, easier and more secure manner. It is applicable to either RHEL 4 or RHEL 5.

Requires Free Membership to View

More on SSH:
Seven tips for optimizing shell script security 

Linux security help: Nagios with BMC Patrol, setting up SSH and more

There are currently two versions of the SSH protocol in use, which are SSH1 and SSH2. The SSH1 protocol can be exploited through its connection setup protocol and is, therefore, not commonly used anymore. The SSH2 protocol however, has a more robust and more flexible connection-setup. There are two enterprise-level versions of SSH: one derived from ssh.com, and the other is OpenSSH. OpenSSH is free and used more often. In fact, OpenSSH is included with most Linux distributions.

Before I get into the step-by-step guide, here's a little background on Secure Shell, also known as Secure Socket Shell. It is a Unix-based command interface and protocol for getting secure access to a remote computer. Most often, SSH is used to control Web servers and other types of servers remotely. SSH commands are encrypted and secure in several ways. Both ends of the client/server connection are authenticated using a digital certificate, and passwords are protected by being encrypted.

SSH packets being sent from the SSH client to the server are encrypted with a form of shared-key cryptography, using a random key which is generated for each new connection and thrown away when that connection is over. The client and the server use public-key cryptography to agree on the session key, and either party may request a re-keying of the session at any time.

Once you become familiar with SSH keys, communication and file copying between servers/clients will be secure, quicker and more convenient.

Here's an example on setting up a secure connection between a RHEL client and RHEL server.

On the client, go to the .ssh directory, which is located under /root -- full path is /root/.ssh. Now, let's create our private and public keys and put them into a file.

Once the Linux machine has been successfully booted, the network service is usually already started. If not, it can be started by doing:

ssh-keygen -t dsa -b 1024 -f id_dsa_something -C 'Client'

This created a 1024 bit key and 2 files.

1. id_dsa_something  - This holds your client's PRIVATE Key.
2. id_dsa_something.pub - This holds your server's PUBLIC key.

Now, we need to place the key located in id_dsa_something.pub into the server's "authorized_keys2" file, which is located under /root/.ssh directory. If this file is not already there, we will create it. We'll copy the key over via a file copying program called "rsync."

Once the Linux machine has been successfully booted, the network service is usually already started. If not, it can be started by doing:

rsync -av -e ssh id_dsa_something.pub SERVERSIP:/root/.ssh/

Make sure to change "SERVERSIP" to the server's IP address. After entering this command, you will be prompted for the root password of the server; type it and press "Enter."

Now, on the server, do the following:

1. cd /root/.ssh
2. cat id_dsa_something.pub >> authorized_hosts2
3. chmod 600 authorized_hosts2

The second command copies the contents of id_dsa_something.pub into authorized_keys2 file. The third command gives it the correct permissions to be run by the system.

On the client, do the following:

1. cd /root/.ssh
2. eval 'ssh-agent'
3. ssh-add id_dsa_something
4. ssh-add -l

The second command starts the SSH agent program. Third and fourth commands add your private key to memory.

Simply SSH into the server.

ssh serversIP

When prompted, type in the root password. Now exit out and try to SSH into the server from the client once more. This time, you shouldn't be prompted for a password. Remember earlier that when we copied the .pub key over, we were prompted for a password. Also, there are two types of file copying programs for linux, rsync & scp.

Let's copy a file to the server using SCP from the client.

scp -o 'IdentityFile2 id_dsa_something' test.txt root@serversip:

Make sure to change test.txt to the file you want to copy over. Once you change the serversip to your server's IP address, you're all set.

Once you start using SSH, you'll see how much easier remote access and management is without passwords. With SSH, you can help your system connect to remote systems in a manner that is faster and safer, overall.

This was first published in July 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.