Re: Secure Shell Paper (578 Views)
Reply
Exalted Contributor
Steven E. Protter
Posts: 33,806
Registered: ‎08-15-2002
Message 1 of 15 (578 Views)

Secure Shell Paper

I'm looking for something comprehensive dealing with such things as passphrases and public key exchange.

I wonder if I need to exchange public keys for two machines on the same subnet. I'd like to read a comprehensive documents.

It's worth 10 points to the winner. :-)
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Trusted Contributor
Kellogg Unix Team
Posts: 192
Registered: ‎10-09-1997
Message 2 of 15 (578 Views)

Re: Secure Shell Paper

Start from http://www.openssh.org/

...Manjeet
work is fun ! (my manager is standing behind me!!)
Honored Contributor
Christian Gebhardt
Posts: 445
Registered: ‎02-24-2002
Message 3 of 15 (578 Views)

Re: Secure Shell Paper

I heard that some people are still reading books ;-)
http://www.oreilly.com/catalog/sshtdg/

Chris
Honored Contributor
linuxfan
Posts: 874
Registered: ‎10-19-2000
Message 4 of 15 (578 Views)

Re: Secure Shell Paper

Hi Steven,

Check these out

SSH FAQ
http://www.employees.org/~satch/ssh/faq/ssh-faq.html

Here are some good articles on key management in SSH.
Part I - http://www-106.ibm.com/developerworks/library/l-keyc.html
Part II - http://www-106.ibm.com/developerworks/library/l-keyc2/
Part III - http://www-106.ibm.com/developerworks/library/l-keyc3/

Not sure if this answer's your question or not, but hope it helps.

-Ramesh
They think they know but don't. At least I know I don't know - Socrates
Exalted Contributor
Steven E. Protter
Posts: 33,806
Registered: ‎08-15-2002
Message 5 of 15 (578 Views)

Re: Secure Shell Paper

Thank you gentlemen. I have investigated the links and assigned a few points. When I get a few minutes, I will read in depth and try the documents. More points will be assigned if one of them lets me do what I want, which is to use scp to transfer files without a password or passphrase.

I obvioiusly want whatever I do to be completely secure, which is why I'm not using rcp.

Steve
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Honored Contributor
linuxfan
Posts: 874
Registered: ‎10-19-2000
Message 6 of 15 (578 Views)

Re: Secure Shell Paper

Hi Steven,

If you are looking to do scp without passphrase or password then you would need some manual set up.

The articles i provided actually tell you how to run keychain script http://www.gentoo.org/proj/en/keychain.xml
which starts the ssh-agent on your system. Note: The ssh-agent(script) would need to be started everytime the system reboots.

You would however need to generate your ssh-keys (man ssh-keygen)and distibute them to your remote systems.

Once you have set up your keys correctly, start the ssh-agent by running the keychain script and sourcing the file(created by keychain) you should be able to run ssh commands and copy files/directories using scp without providing any password/passphrase.

-HTH
Ramesh
They think they know but don't. At least I know I don't know - Socrates
Honored Contributor
John Payne_2
Posts: 1,081
Registered: ‎06-25-2001
Message 7 of 15 (578 Views)

Re: Secure Shell Paper

You want what you do to be completely secure...

Do you really want completely secure, or 'very well protected'? I never consider ssh to be 'completely secure', but you get reasonably good protection out of it, provided you continually upgrade as version to fix vulnerabilities come out...

We are moving to a VPN solution here for our administrative machines, which allows the encyption needed for god protect, but you can use the good old programs like rcp, rexec, telnet, and ftp without worrying about passwords and data being seen.

I guess you get what you pay for there.

I have found the O'rielly book: "SSH, the secure shell : the definitive guide" a very good source for how to do things with ssh like what you are asking for.

Hope it helps

John
Spoon!!!!
Exalted Contributor
Steven E. Protter
Posts: 33,806
Registered: ‎08-15-2002
Message 8 of 15 (578 Views)

Re: Secure Shell Paper

Bad choice of words.

Completely secure means nobody can get passwords in clear text. In this context. This is a firewall protected network and there is currently no need for outsiders like me to get in from outside. For that we have "secure" dial in.

Steve
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Trusted Contributor
Chris Wong
Posts: 99
Registered: ‎03-05-1997
Message 9 of 15 (578 Views)

Re: Secure Shell Paper

Hi,

I have 4 SSH (HP specific articles) here:

http://newfdawg.com/SHP-Articles.htm

- Chris
Honored Contributor
Kevin Wright
Posts: 760
Registered: ‎09-19-2000
Message 10 of 15 (578 Views)

Re: Secure Shell Paper

wonder if I need to exchange public keys for two machines on the same subnet. I'd like to read a comprehensive documents.

If you want to be authenticated with your pbulic keys, you need to add your .pub file to the authorized_keys file on the other host. To automatically be authenticated without supplying a passphrase, create your passphrase to be null.
Exalted Contributor
Steven E. Protter
Posts: 33,806
Registered: ‎08-15-2002
Message 11 of 15 (578 Views)

Re: Secure Shell Paper

If you want password free login with the secure shell product set, you need to exchagne public keys.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Honored Contributor
Kevin Wright
Posts: 760
Registered: ‎09-19-2000
Message 12 of 15 (578 Views)

Re: Secure Shell Paper

correct. But as soon as you connect to the remote host 1 time, the public host keys are exchanged for you when you answer yes. After that, it's passphrase free.
Trusted Contributor
Chris Wong
Posts: 99
Registered: ‎03-05-1997
Message 13 of 15 (578 Views)

Re: Secure Shell Paper

The only key that should not have a passphrase on it is the host key. If you don't want to enter a passphrase as a user, use the authorization agent. Jump to page 61 on this doc for more info:
http://newfdawg.com/docs/HP-SSH_Explained.PDF
Exalted Contributor
Steven E. Protter
Posts: 33,806
Registered: ‎08-15-2002
Message 14 of 15 (578 Views)

Re: Secure Shell Paper

This is an old thread.

I've always followed a variation of the doc I'm attaching.

If you have other innovations, as they say in Yiddish Guzunte Hait.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Exalted Contributor
Steven E. Protter
Posts: 33,806
Registered: ‎08-15-2002
Message 15 of 15 (578 Views)

Re: Secure Shell Paper

I consider this thread closed.

Feel free to post and debate to your hearts content. I've solved this problem and am not looking for answers.

Translation: Don't expect points, but if something extraordinary is posted, I'll hand out a bunny. I love doing that.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.