Wiki source code of SSH

Last modified by Yunhao Wu on 2024/04/18 13:40
Show last authors
1 = SSH Zugriff =
2
3
4
5 {{toc/}}
6
7
8
9 ----
10
11
12
13 {{html wiki="true"}}
14 <a name='Fingerprints'></a>
15 {{/html}}
16
17
18 = 0. Fingerprints =
19
20 A key fingerprint for SSH is a hash of the host's public key and is used to verify and identify the server. This can be used, for example, to check whether a host has changed (e.g. if the DNS server has been hacked and lxhalle.in.tum.de would suddenly point to a malicious server).
21
22 The ECDSA keys have been deactivated for security reasons.
23
24 == lxhalle.in.tum.de ==
25
26 The following table lists the fingerprints for lxhalle.in.tum.de.
27
28 |= lxhalle|= MD5-Fingerprint|= SHA256-Fingerprint
29 | Ed25519 | ##MD5:f8:73:a4:f9:47:8e:a2:ba:11:59:19:35:bf:d6:c7:c4## | SHA256:dSj0mkyuOXEdpKGGJmXkvhDnvbjGmGCYQXA0pV8Pe4s
30 | RSA | {{html wiki="true"}}<span>MD5:4b:84:7e:c4:cf:b7:ff:fb:eb:d0:0c:7b:c3:97:05:54</br></span>{{/html}} | SHA256:xJrFkhNs9pwibJFZZB5LvcrltWxfAIovk/UjKAXkIW4
31 Diese Fingerprints wurden zuletzt am 04.04.2019 verifiziert.
32
33 == ssh.ma.tum.de ==
34
35 The following table lists the fingerprints for ssh.ma.tum.de.
36
37 |= ssh.ma.tum.de|= MD5-Fingerprint|= SHA256-Fingerprint
38 | Ed25519 | ##MD5:70:5d:b8:5f:51:69:60:07:22:a4:45:65:7b:c5:99:b9## | ##SHA256:EbNhVTkW+74PX0tQNb9bai0HXAVcQLC9lOeS+BgatPM##
39 | RSA | ##MD5:f0:07:65:2b:45:83:19:15:d9:fa:96:e4:5e:bc:8c:43## | ##SHA256:4J5P9HV9KrmMS6aKWYukNjVpaSFBrea2iQvXZOCQ7sQ##
40
41 {{html wiki="true"}}
42 <a name='OpenSSH'></a>
43 {{/html}}
44
45
46 = 1. OpenSSH =
47
48 SSH (Secure Shell) is a tool for secure system administration, file transfer and other communication via the Internet or another untrusted network. It encrypts identities, passwords and transmitted data so that they cannot be intercepted and stolen. OpenSSH is an open source implementation of the SSH protocol.
49
50 OpenSSH comes with the following tools:
51
52 * SSH (Secure Shell Client, login auf einem remote System, Aufbau von Tunnel)
53 * SCP (Secure Copy Protocol, cp über einen SSH Tunnel)
54 * SFTP (Secure File Transfer Protocol, ftp über einen SSH Tunnel)
55 * ssh-add, ssh-keysign, ssh-keyscan, ssh-keygen und ssh-agent (Keymanagement)
56 * sshd (SSH Server)
57 * sftp-server (SFTP Server)
58
59 Auf Linux und MacOS ist OpenSSH in der Regel vorinstalliert und es exisitert auch eine Implementierung für Windows, die auf Windows 10 seit dem “Windows 10 fall creators update” mitgeliefert wird.
60
61 Unter Programme und Features lässt es sich seitdem aktivieren und seit etwa April 2018 sollte es standardmäßig aktiviert sein, wenn man auf dem aktuellstem Updatestand ist.
62
63
64 {{html wiki="true"}}
65 <a name='OpenSSHVerbindung'></a>
66 {{/html}}
67
68
69 == 1.1. SSH Verbindung mit Passwort ==
70
71 Open the terminal (MacOS / Linux) or the PowerShell (Windows). In this you can now use
72
73
74 (% class="box" %)
75 (((
76 $> ssh CIT-username@hostname
77 )))
78
79 to establish an SSH connection.
80
81
82
83
84 So in our case, for example
85
86
87 (% class="box" %)
88 (((
89 $> ssh musterma@lxhalle.in.tum.de
90 )))
91
92 (% class="box" %)
93 (((
94 $> ssh musterma@ssh.ma.tum.de
95 )))
96
97
98 If the server is unknown, i.e. the connection is being established for the first time or the known_hosts file has been deleted, confirmation of the server's public key fingerprint is required.
99
100 (% class="box" %)
101 (((
102 ~> The authenticity of host ‘<i>server (serverip)</i>’ can’t be established.
103 ~> ECDSA key fingerprint is <i>server fingerprint</i>
104 ~> Are you sure you want to continue connecting (yes/no)?
105 )))
106
107 If the fingerprint is correct, the query can be confirmed. Now you will be asked for your password and you should be logged in to the server.
108
109 {{html wiki="true"}}
110 <a name='OpenSSHKey'></a>
111 {{/html}}
112
113
114 == 1.2. SSH-Verbindgung ohne Passwort (OpenSSH Konfiguration) ==
115
116 The OpenSSH configuration files can be used to create aliases for SSH hosts and set options, among other things. More information can be found at https:~/~/www.ssh.com/ssh/config/
117
118 If the OpenSSH configuration file is not yet available, you can simply create it with
119
120
121 (% class="box" %)
122 (((
123 touch ~~/.ssh/config
124 )))
125
126 to create. Then open the configuration file (config) with a text editor, e.g. vi or vim in the terminal.
127
128 (% class="box" %)
129 (((
130 vim ~~/.ssh/config
131 )))
132
133 An example host entry looks like this:
134
135 [[image:1677665498294-467.png]]
136
137
138 To extend an SSH connection to the Lxhalle without a password, you need a configuration file like the one below
139
140 [[image:1677665518714-502.png]]
141
142
143 == 1.3. SSH Key ==
144
145 === 1.3.1. Generate key pairSchlüsselpaar generieren (Private und Public) ===
146
147 To generate an SSH key, execute the following command.
148
149 (% class="box" %)
150 (((
151 ssh-keygen -t rsa -b 4096
152 )))
153
154 – b stands for the number of bits with which the length of the key can be determined.
155
156 – t stands for the type of key.
157
158
159 If you specify this, you will be asked for a path where the generated key should be stored.
160
161 {{code language="none"}}
162 $> ssh-keygen -t rsa -b 4096
163 > Generating public/private rsa key pair.
164 > Enter file in which to save the key (/home/"$USER"/.ssh/id_rsa): <path_to_directory_to_store_key>
165 > Enter passphrase (empty for no passphrase):
166 > Enter same passphrase again:
167 > Your identification has been saved in <path>
168 > Your public key has been saved in <path>
169 > The key fingerprint is:
170 > SHA256:LtcxHv0vIgzbV/udUgBLQQ8ayBl10DzwLP0LtUC97mQ <username>@<hostname>
171 > The key's randomart image is:
172 > +---[RSA 2048]----+
173 > | ..==**o |
174 > | + O*o. |
175 > | o.=+o. |
176 > | .o+o. |
177 > | S +.oo. |
178 > | ..o +.Eo. |
179 > | . o=o +oo. |
180 > | o. + ooo.o|
181 > | o ..++|
182 > +----[SHA256]-----+
183 {{/code}}
184
185 === 1.3.2. Transfer public key to server ===
186
187 The public key must be transferred to the server. This can usually be done simply via ssh-copy-id.
188
189 {{code language="none"}}
190 $> ssh-copy-id ITO-username@hostname
191 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: <path_to_directory_where_key_is_stored>
192 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
193 /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
194 username@hostname password:
195
196 Number of key(s) added: 1
197
198 Now try logging into the machine, with: "ssh 'username@hostname'"
199 and check to make sure that only the key(s) you wanted were added.
200 {{/code}}
201
202 The key should now have been installed on the server as an authorized key and a login with
203
204 (% class="box" %)
205 (((
206 ssh -i PfadZumKeyfile username@hostname
207 )))
208
209 should be possible. Alternatively, you can enter the identity file as specified above in the SSH configuration and connect with ssh alias.
210
211
212
213 === 1.3.3. SSH-Keygen Manpages ===
214
215 If you execute the following command in the terminal, you can find out more about SSH-Keygen
216
217 {{code language="none"}}
218 $> ssh-keygen man
219
220 usage: ssh-keygen [-q] [-b bits] [-C comment] [-f output_keyfile] [-m format]
221 [-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa]
222 [-N new_passphrase] [-O option] [-w provider]
223 ssh-keygen -p [-f keyfile] [-m format] [-N new_passphrase]
224 [-P old_passphrase]
225 ssh-keygen -i [-f input_keyfile] [-m key_format]
226 ssh-keygen -e [-f input_keyfile] [-m key_format]
227 ssh-keygen -y [-f input_keyfile]
228 ssh-keygen -c [-C comment] [-f keyfile] [-P passphrase]
229 ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]
230 ssh-keygen -B [-f input_keyfile]
231 ssh-keygen -D pkcs11
232 ssh-keygen -F hostname [-lv] [-f known_hosts_file]
233 ssh-keygen -H [-f known_hosts_file]
234 ssh-keygen -K [-w provider]
235 ssh-keygen -R hostname [-f known_hosts_file]
236 ssh-keygen -r hostname [-g] [-f input_keyfile]
237 ssh-keygen -M generate [-O option] output_file
238 ssh-keygen -M screen [-f input_file] [-O option] output_file
239 ssh-keygen -I certificate_identity -s ca_key [-hU] [-D pkcs11_provider]
240 [-n principals] [-O option] [-V validity_interval]
241 [-z serial_number] file ...
242 ssh-keygen -L [-f input_keyfile]
243 ssh-keygen -A [-f prefix_path]
244 ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
245 file ...
246 ssh-keygen -Q -f krl_file file ...
247 ssh-keygen -Y find-principals -s signature_file -f allowed_signers_file
248 ssh-keygen -Y check-novalidate -n namespace -s signature_file
249 ssh-keygen -Y sign -f key_file -n namespace file ...
250 ssh-keygen -Y verify -f allowed_signers_file -I signer_identity
251 -n namespace -s signature_file [-r revocation_file]
252 {{/code}}
253
254 == 1.4. Filetransfer with SFTP ==
255
256 The Secure File Transfer Protocol (SFTP) can be used to transfer data to or from a remote system.
257
258 {{code language="none"}}
259 $> sftp
260 usage: sftp [-46aCfpqrv] [-B buffer_size] [-b batchfile] [-c cipher]
261 [-D sftp_server_path] [-F ssh_config] [-i identity_file]
262 [-J destination] [-l limit] [-o ssh_option] [-P port]
263 [-R num_requests] [-S program] [-s subsystem | sftp_server]
264 destination
265 {{/code}}
266
267 You can simply use the sftp tool supplied with the OpenSSH implementation. Simply enter sftp in the terminal/powershell. The parameters are analogous to the ssh command, except that some flags are missing, such as X11 forwarding. You can also use the hosts defined in the SSH-Config.
268
269 For example:
270
271 (% class="box" %)
272 (((
273 $> sftp CIT-username@lxhalle.in.tum.de
274 )))
275
276 Here you can now use interactive commands to navigate to the desired files/location in the file system (e.g.: ls, cd). Here you can now use get/put to download or upload files or folders (specify the -r flag so that the folder is transferred recursively).
277
278 More about the SFTP tool of the OpenSSH implementation can be found in the [[Manual>>https://man.openbsd.org/sftp]].
279
280 ----
281
282 == 1.5. X11 Forwarding ==
283
284 On most Linux systems, the X Windows system is used to display a graphical user interface. The current version is X version 11, or X11 for short. With X11 Forwarding, you can now start an application on a remote system and transfer the graphical display to a local X11 server.
285
286 To be able to use X11 Forwarding, you only need to set the X11 Forwarding flag in the ssh command (i.e. simply add an -X). Alternatively, you can also activate X11 forwarding in the SSH config.
287
288 On most Linux systems with a graphical user interface, an X11 server should be supplied by default, otherwise you will have to install it from the package sources (e.g. pacman -S xorg or apt install xorg).
289
290 Since Mac OS X 10.5 you need additional libraries. More details on the Apple page:[[Informationen zu X11 für Mac>>https://support.apple.com/de-de/HT201341]].
291
292 An X11 server is also required under Windows. Under Windows 10, the Linux subsystem for Windows can be used for this (see below for setup). In this Linux it now works as under Linux natively. Simply install the corresponding xorg package and start the xorg server.
293
294
295
296
297 = 2. Remote Desktop =
298
299
300 [[image:Screenshot (28)ed.png]]
301
302
303 Enter lxhalle.in.tum.de as the server name for the computer and click Connect.
304
305
306 [[image:Screenshot (29)ed.png]]
307
308
309 **click Yes**.
310
311
312 [[image:30ed.png]]
313
314
315 Enter CIT ID and password, click OK.
316
317
318 [[image:Screenshot (31)ed.png]]
319
320
321
322
323 {{html wiki="true"}}
324 <a name='Putty'></a>
325 {{/html}}
326
327
328 = 3. Linux Subsystem for Windows 10 =
329
330 You can also install a Linux subsystem on Windows 10 that integrates into the Windows kernel and the Windows file system. It is a complete Linux that runs in the Windows kernel.
331
332 {{html wiki="true"}}
333 <a name='LinuxSubInstallation'></a>
334 {{/html}}
335
336 == 3.1. Install ==
337
338 Open the direct link menu with the Windows logo key + X or right-click on the Windows flag and open Windows PowerShell (Administrator):
339
340 [[image:linux00.png||width="1000"]]
341
342
343 The user account control will now ask for administrator authorizations:
344
345 [[image:linux01.png||width="1000"]]
346
347
348
349
350
351 {{code language="none"}}
352 Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
353 {{/code}}
354
355 and run it. If the feature is not found, the system is probably not up to date and should be updated.
356
357 [[image:linux02.png||width="1000"]]
358
359 [[image:linux03.png||width="1000"]]
360
361
362 After completing the feature activation, restart the computer.
363
364 [[image:linux04.png||width="1000"]]
365
366
367 After restarting the computer, open the Microsoft Store (e.g.: open the Start menu and search for Microsoft Store).
368
369 [[image:linux05.png||width="1000"]]
370
371
372 Now search for Ubuntu in the Microsoft Store. Alternatively, there are OpenSUSE Leap, SUSE Linux Enterprise Server, Debian and Kali subsystems for Windows, which can also be used and installed via the Microsoft Store.
373
374 [[image:linux06.png||width="1000"]]
375
376 Dann auf Herunterladen klicken, um das gewählte Subsystem zu installieren.
377
378 [[image:linux07.png||width="1000"]]
379
380
381 After completing the installation, start the subsystem (can also be done via the start menu, e.g. simply search for Ubuntu)
382
383 [[image:linux08.png||width="1000"]]
384
385
386
387 The subsystem is now set up at the first start. This will take some time.
388
389 [[image:linux09.png||width="1000"]]
390
391
392
393 To complete the setup, you will be asked for a user name and password for the Linux subsystem. You can choose freely here and should choose a secure password.
394
395 [[image:linux10.png||width="1000"]]
396
397
398
399 {{html wiki="true"}}
400 <a name='LinuxSubKonfiguration'></a>
401 {{/html}}
402
403 == 3.2. Configuration ==
404
405 OpenSSH can now be used as under Linux.
406
407 [[image:linux11.png||width="1000"]]
408
409 [[image:linux12.png||width="1000"]]
410
411 [[image:linux13.png||width="1000"]]