log inhelp

 | 

  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

View
 

How to : ssh remote login

Page history last edited by Phil Lavery 15 years, 5 months ago

Use ssh to remote login without entering a password

 

1. Determine your protocol:

% ssh -V 
OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004

2. Select the type of key:

  • A RSA key for use with the SSH 1 protocol.
  • A RSA key for use with the SSH 2 protocol.
  • A DSA key for use with the SSH 2 protocol.

(The rest of these notes assume a RSA key for SSH 2 protocol. RSH keys are reportedly stronger)

3. Use ssh-keygen to generate a key:

% ssh-keygen -t rsa

Follow prompts, but enter an empty passphrase. You can add an passphrase if you want, but you will have to enter a password every time you ssh, and this defeats the purpose of this exercise. This will generate a private key:

~/.ssh/id_rsa

and a public key:

~/.ssh/id_rsa.pub

4. Copy the public key to the remote host and store this in:

~/.ssh/authorized_keys.

(this will be the last time you have to enter a password)

5. Test it:

% ssh user_name@DisplayMachineName.local

you shouldn't need to enter a password.

 

 

 

Remote login without a static IP address

 

You have to log onto your router and enable port forwarding.

Assign your computer a static internal (i.e. 192) IP, and then port

forward any incoming traffic on port 22 to that IP. With ADSL

you cannot route to a 192 IP directly. It is a non-routable IP

(from the web - i.e. not a public IP) hence why it provides a home

system with an added layer of protection. Anyone wishing to get to it

from the Internet MUST first go through the router in front of it

which has your public IP assigned by the ISP.

 

If you have a static IP then use that.

 

If not then use a service such as DYNDNS

 

http://www.dyndns.com/services/

 

to get one of their domain names

(i.e. whatever.homemac.com) and configure your router to update

DYNDNS whenever your IP changes. If your router cannot do that, there

are some Mac? tools that will do it (DYNDNS will suggest some).

 

This way you ssh to user whatever homemac.com (putting in the

appropriate username and domain name of course).

 

The other consideration will be to disable root login (so someone can't ssh as

root and get su control of your box - note this appears to be case

sensitive. I had "No" in my config file and it wouldn't accept it,

had to be "no"), and even consider using a key instead of a password

challenge (best to have the key on a thumb drive that you keep with

you instead of putting it on your office computer for anyone to

copy/use). But I wouldn't worry about that one right away. Get it to

work as normal password login first. Then check out openssh

documention on the web to figure out how to tweak it.

 

Comments (0)

You don't have permission to comment on this page.

Printable version