General:

• Notes
  
• PuTTY
  
• SSH Man Extracts
  
  
• CIFS over SSH Tunnel
  
• Using SCP Through a Gateway
  

---

http://www.openssh.com/faq.html http://www.ibm.com/developerworks/library/l-keyc.html http://www.ibm.com/developerworks/library/l-keyc2/ http://www.ibm.com/developerworks/library/l-keyc3/ -------------------------------------------------------------------------------- SSH Key Types RSA SSHv1 (recommended) RSA,DSA SSHv2 The PuTTY developers strongly recommend you use RSA. DSA has an intrinsic weakness which makes it very easy to create a signature which contains enough information to give away the private key! -------------------------------------------------------------------------------- ssh-keygen ssh-keygen -t {rsa|dsa} private_key.: ~/.ssh/identity | id_dsa | id_rsa public_key..: ~/.ssh/identity.pub (~/.ssh/authorized_keys) mkdir $HOME/.ssh chmod 600 $HOME/.ssh chomd 600 $HOME/.ssh/authorized_keys (public key) chomd 600 $HOME/.ssh/id_dsa|id_rsa (private key) DSA Key While RSA keys are used by version 1 of the ssh protocol, DSA keys are used for protocol level 2, an updated version of the ssh protocol. Any modern version of OpenSSH should be able to use both RSA and DSA keys. Generating DSA keys using OpenSSH's ssh-keygen can be done similarly to RSA in the following manner: ssh-keygen -t dsa ssh-agent can be used with passphrase protected private keys. -------------------------------------------------------------------------------- PuTTY Private Key Conversion (puttygen.exe) To use an OpenSSH ssh-keygen generated key pair with PuTTY, you must convert the private key to the putty key format (ppk). Use the puttygen.exe application to import the private key (id_dsa,id_rsa,identity), choose "Conversions" from the menu and then "Import key", the key information will be displayed in the application, choose "File" from the menu and then "Save Private Key", this will allow you to save the private key in the PuTTY PPK format for use with PuTTY on a Windows based system. You can also choose to add a passphrase to a key before saving, this will give an extra layer of security for the private key stored on your workstation. -------------------------------------------------------------------------------- To use SSH as a port forwarder, use the following syntax: ssh -R 80:abc.com:80 nbc.com This forwards all http requests from abc.com to nbc.com. -------------------------------------------------------------------------------- scp proxy? http://www.hackinglinuxexposed.com/articles/20040830.html scp -o proxycommand "machine1.ac.uk proxy %h" \machine2.ac.uk:remotefile localfile -------------------------------------------------------------------------------- SSH Public Keys http://pkeck.myweb.uga.edu/ssh/ ~/.ssh/identity and ~/.ssh/identity.pub ~/.ssh/authorized_keys ~/.ssh/authorized_keys2 Generate SSH RSA Public / Private Keypair: o ssh-keygen -t rsa o creates ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub o cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys for puTTY, you must import the id_rsa key and then save as PuTTY format... o the id_rsa file will allow you to authenticate everywhere you have id_rsa.pub in the ~/.ssh/authorized_keys file ssh-keygen -t dsa This will prompt you for a secret passphrase. If this is your primary identity key, make sure to use a good passphrase. If this works right you will get two files called id_dsa and id_dsa.pub in your .ssh dir. Note: it is possible to just press the enter key when prompted for a passphrase, which will make a key with no passphrase. This is a Bad Idea for an identity key, so don't do it! See below for uses of keys without passphrases. -------------------------------------------------------------------------------- Creating SSH key pairs o First decide if you will be using SSH1 or SSH2 (or both). Most likely you'll want to stick with SSH1 (until OpenSSH is installed at PPPL, or until SSH2 is installed, etc). o To generate public/private keypair for SSH1: ssh-keygen. This will generate ~/.ssh/identity and ~/.ssh/identity.pub. o Do this on each machine you want to access (to/from) using ssh (only need to do this once on the PPPL unix cluster) o Take all of the identity.pub files (which contain a public key on one line) and create an ~/.ssh/authorized_keys file by placing the contents of each separate identity.pub file on a single line of the ~/.ssh/authorized_keys file (then place on all sshable hosts). o For SSH2, use ssh-keygen -t {rsa,dsa} (you choose between rsa keys or dsa keys, currently I use DSA), which will generate ~/.ssh/id_{dsa,rsa} and ~/.ssh/id_{dsa,rsa}.pub. o Follow instructions for SSH1 keys, but instead generate a ~/.ssh/authorized_keys2 file using the id_{dsa,rsa}.pub files.