UNIX For Dummies [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

UNIX For Dummies [Electronic resources] - نسخه متنی

John Levine, Margaret Levine Young

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید






ssh: The Lazy Man’s Remote Login

The telnet command has been around since the 1970s, but is now considered largely obsolete and dreadfully insecure. (If you use a computer in the kind of place where people can plug into your network and watch the bits go by, they can read your entire telnet session, passwords and all.) These days the ssh , short for secure shell, command is both more secure and more convenient because it automates more of the process. You can use ssh in much the same way you use telnet :

ssh pumpkin

UNIX responds:

Last login: Thu Oct 3:03:58 from squash
FreeBSD 4.8-RELEASE (PUMPKIN) #0: Thu Jul 24 14:49:39 EDT 2003
Hey! It didn’t ask for the username or password. What happened? Often you have accounts on a bunch of machines in a group, and if you log in to one of them, you use the same username to log in to others. When setting up ssh, the system manager can configure each machine with the secret ssh keys (a long string of digits) of the other machines in its group so when someone ssh es in, it can say "oh, that machine, it’s OK." If you have accounts on a variety of UNIX or Linux machines, setting up your own authorized keys files so you can log in from one host to another without passwords is possible.

The ssh command also passes along the type of terminal you’re using so that even if the other system asks you to enter your terminal type, it always guesses correctly if you don’t tell it explicitly.

If the remote system doesn’t recognize your username, it asks you to type a username and password, just like telnet does. If it does recognize your username but not your secret ssh key, it just asks for a password.


Escaping from ssh


One place where ssh is quite different from telnet is in how you escape from a recalcitrant remote system: You type ~. (a tilde followed by a period) on a line by itself. What you have to do is press Enter (or Return), tilde, period, Enter.


Username and secret key matching for ssh


Technical Stuff This section is pretty nerdy. If you work in an office with a bunch of workstations, you can assume that they all generally share usernames (the system manager should have arranged for all the necessary keys), and you can skip this section.

The control files for ssh are in a directory called .ssh . On each computer you need to have your own ssh key (actually a pair of keys: the private key that only stays on that computer and the public key that you copy to all of the other computers from which you plan to log in to this one). Assume you have two computers called squash and pumpkin , and you want to be able to log in to each from the other. The keys for each computer are in the .ssh directory and are called id_rsa and id_rsa.pub , or id_dsa and id_dsa.pub . (Either will do;

rsa and dsa are two different coding schemes that ssh can use.) To log in to each computer, follow these steps:



On pumpkin , if the keys don’t exist, create them by running ssh-keygen -t dsa and waiting a minute or so while it thinks up a really good secret key for you.
When it asks for the filename to use, press Enter to use the normal names, and it also asks for optional pass phrases to secure the keys, and press Enter again not to use them.



Copy the public key id_dsa.pub you just created on pumpkin to squash , where you call the copy pumpkin-key .
Copy the file using scp or ftp , both of which are discussed later in this chapter.



On squash , copy pumpkin.key to .ssh/authorized_keys .


Log in from pumpkin into squash without a password.
To go the other way, do the same steps, reversing the two computers. If you have more than two computers, on each computer you need to put all the keys of the other computers into authorized_keys , like this:

cat pumpkin.key squash.key gourd.key >> .ssh/authorized_keys



Now you see why we give each key file a different name. Putting a computer’s own key into authorized_keys is harmless. If you have more than two computers, make all the keys, combine all the public keys into one big authorized_keys file, and then scp copy that combo file to all of the computers with scp .

If your login names on the various machines are different, this password-avoidance trick still works fine, but you have to tell ssh what login name to use. Either of these works:

ssh -l fred pumpkin # old-fashioned form
ssh fred@pumpkin # groovy new form


Using ssh one command at a time


Sometimes a complete login session is overkill for what you want to do — you just want to run one command at a time. In this type of situation, ssh can also do one command at a time:

ssh pumpkin lpq
ssh fred@pumpkin lpq # if your user name is different there
You give s sh the name of the system you want to use and the command you want to run on that system. This example runs the lpq command on system pumpkin (remember that lpq asks what’s waiting for the printer on pumpkin ).

If you can use ssh to log in to a system and not give a username or a password, you can also use it a command at a time without a password.

/ 213