This tutorial talks about using openssh all the way from basic login to using ssh keys and tunnels. OpenSSH is an opensource project to provide secure communication and transport of data. Both AES and Blowfish encryption are supported in SSH version 2. Version 2 of ssh should always be used as version 1 has been deemed insecure.
Logging into servers is the most common use of ssh.
$ ssh user@host $ ssh -l user host
Both commands login to the remote system called "host" with the username "user". Both user@host syntax and using -l to specify the login name are allowable.
SSH can also be used to run commands on remote servers.
$ ssh user@host command_to_run
By appending a command to execute to the ssh login statement that command will be executed on the remote host.
SSH can use stored keyfiles to manage authentication. The executable ssh-keygen command is used to build the public and private key combinations. Build either RSA or DSA keys with ssh-keygen. The private keyfile are stored in ~/.ssh/id_dsa or ~/.ssh/id_rsa, and the public keyfile will have .pub appended to the file name.
$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa $ ssh-keygen -t rsa -P '' -f ~/.ssh/rsa_key_test
The first command generates a default DSA ID credential keypair. The file id_dsa is a default file that ssh will use for authentication credentials on remote systems. The second command creates an RSA keypair and stores it in rsa_key_test for the private key and the public key is rsa_key_test.pub. The -P '' specifies that an empty password should be used. A real passphase should never be specified on the command line because it's potentially obtainable by people who shouldn't have it.
The authorized_keys filie stores the public keyfile for the keys that are allowed for authentication.
$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
Use cat to write the public key file for the newly generated DSA key into the authorized_key file. When a private key is used to authenticate an account with the public key stored in the users ~/.ssh/authorized_keys file the account password isn't required.
$ ssh user@host
When using the ~/.ssh/id_dsa key to login to a remote server the key is automatically passed. If a passphrase was stored into the keypair that will be prompted for. The example keys generated here were given empty passwords though.
$ cat ~/.ssh/rsa_key_test.pub >> ~/.ssh/authorized_keys $ ssh -i ~/.ssh/rsa_key_test user@host
Also an alternate key can be used to login to the remote host. Execute the first statement on the remote host to load the key into the authorized_keys file. Then use the -i option to specify the private keyfile to use when logging in