Use the SSH Server

From OpenFSG

Jump to: navigation, search

(Definition From Wikipedia)

In computing, Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (optionally) to allow the remote computer to authenticate the user. SSH provides confidentiality and integrity of data exchanged between the two computers using encryption and message authentication codes. SSH is typically used to login to a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections; it can transfer files using the associated SFTP or SCP protocols. An SSH server, by default, listens on the standard TCP port 22.

Contents

Turning on SSH in the FSG

  1. Go to the FSG's configuration web interface (http://fsg/admin) and click on the "Services" link on the left.
  2. Click the "SSH Server" link on the left
  3. Check the "Run SSH Server" box and click "Apply"
  4. You might also have to check the "Open SSH server to the outside through the WAN port" box if you are accessing the FSG from the WAN port.

Connecting to the FSG using SSH

  1. Download an SSH client like Putty (download the first one for Windows)
  2. Start it and enter "fsg" for "Host", make sure the port is set to 22 and click "Open" or "Connect"
  3. Login using the same username and password you use to access the FSG's configuration web interface
  4. You might need to login as root to edit certain files or perform certain actions


Common Linux commands--system info

pwd
Print working directory, i.e., display the name of my current directory on the screen.
hostname
Print the name of the local host (the machine on which you are working). Use netconf (as root) to change the name of the machine.
whoami
Print my login name.
id username
Print user id (uid) and his/her group id (gid), effective id (if different than the real id) and the supplementary groups.
date
Print or change the operating system date and time. E.g., I could change the date and time to 2000-12-31 23:57 using this command: date 123123572000 To set the hardware (BIOS) clock from the system (Linux) clock, use the command (as root) setclock
time
Determine the amount of time that it takes for a process to complete + other info. Don't confuse it with the date command. E.g. I can find out how long it takes to display a directory content using: time ls
uptime
Show the amount of time since the last reboot.
ps
(=print status) List the processes currently run by the current user.
ps axu | more
List all the processes currently running, even those without the controlling terminal, together with the name of the user that owns each process.
uname -a
(= Unix name with option "all") Info on your (local) server. I can also use guname (in X-window terminal) to display the info more nicely.
free
Memory info (in kilobytes).
df -h
(=disk free) Print disk info about all the filesystems (in human-readable form)
du / -bh | more
(=disk usage) Print detailed disk usage for each subdirectory starting at the "/" (root) directory (in human legible form).
cat /proc/cpuinfo
Cpu info--it show the content of the file cpuinfo. Note that the files in the /proc directory are not real files--they are hooks to look at information available to the kernel.
cat /proc/interrupts
List the interrupts in use.
cat /proc/version
Linux version and other info
cat /proc/filesystems
Show the types of filesystems currently in use.
lsmod
(As root. Use /sbin/lsmod to execute this command when you are a non-root user.) Show the kernel modules currently loaded.

Basic operations

any_command --help |more
Display a brief help on a command (works with most commands). "--help" works similar to DOS "/h" switch. The "more" pipe is needed if the output is longer than one screen.
ls
List the content of the current directory. Under Linux, the command "dir" is an alias to ls.
ls -al |more
List the content of the current directory, all files (also those starting with a dot), and in a long form. Pipe the output through the "more" command, so that the display pauses after each screenful.
cd directory
Change directory. Using "cd" without the directory name will take you to your home directory. "cd -" will take you to your previous directory and is a convenient way to toggle between two directories. "cd .." will take you one directory up.
cp source destination
Copy files. E.g., cp /home/stan/existing_file_name . will copy a file to my current working directory. Use the "-r" option (for recursive) to copy the contents of whole directories, e.g. , cp -r my_existing/dir/ ~ will copy a subdirectory under my current working directory to my home directory.
mv source destination
Move or rename files. The same command is used for moving and renaming files and directories.
ln source destination
Create a hard link called destination to the file called source. The link appears as a copy of the original files, but in reality only one copy of the file is kept, just two (or more) directory entries point to it. Any changes the file are automatically visible throughout. When one directory entry is removed, the other(s) stay(s) intact. The limitation of the hard links are: the files have to be on the same filesystem, hard links to directories or special files are impossible.
ln -s source destination
Create a symbolic (soft) link called "destination" to the file called "source". The symbolic link just specifies a path where to look for the file. In contradistinction to hard links, the source and destination don't not have to tbe on the same filesystem. In comparison to hard links, the drawback of symbolic links are: if the original file is removed, the link is "broken", symbolic links can also create circular references (like circular references in spreadsheets or databases, e.g., "a" points to "b" and "b" points back to "a").
rm files
Remove (delete) files. You must own the file in order to be able to remove it. On many systems, you will be asked or confirmation of deleation, if you don't want this, use the "-f" (=force) option, e.g., rm -f * will remove all files in my current working directory, no questions asked.
mkdir directory
Make a new directory.
rmdir directory
Remove an empty directory.
rm -r files
(recursive remove) Remove files, directories, and their subdirectories. Careful with this command as root--you can easily remove all files on the system with such a command executed on the top of your directory tree, and there is no undelete in Linux (yet). But if you really wanted to do it (reconsider), here is how (as root): rm -rf /*
cat filename | more
View the content of a text file called "filename", one page a time. The "|" is the "pipe" symbol (on many American keyboards it shares the key with "\") The pipe makes the output stop after each screenful. For long files, it is sometimes convenient to use the commands head and tail that display just the beginning and the end of the file. If you happened to use "cat" a binary file and your terminal displays funny characters afterwards, you can restore it with the command "reset".
find / -name "filename"
Find the file called "filename" on your filesystem starting the search from the root directory "/". The "filename" may contain wildcards (*,?).
./program_name
Run an executable in the current directory, which is not on your PATH.
touch filename
Change the date/time stamp of the file filename to the current time. Create an empty file if the file does not exist.
shutdown -h now
(as root) Shut down the system to a halt.
halt 'or' reboot
(as root, two commands) Halt or reboot the machine. Used for remote shutdown, simpler to type than the previous command.

File (de)compression

tar -zxvf filename.tar.gz
(=tape archiver) Untar a tarred and compressed tarball (*.tar.gz or *.tgz) that you downloaded from the Internet.
tar -xvf filename.tar
Untar a tarred but uncompressed tarball (*.tar).
gunzip filename.gz
Decompress a zipped file (*.gz" or *.z). Use gzip (also zip or compress) if you wanted to compress files to this file format.
bunzip2 filename.bz2
(=big unzip) Decompress a file (*.bz2) zipped with bzip2 compression utility. Used for big files.

Advanced commands

vi filename
Start an editor to edit filename.

Here you can find some help with vi: [vi-help 0] ; [vi-help 1] ; [vi-help 2] ; [vi-help 3] and [vi-help 4]. (And remember, Linux is CaSe SeNsitive!)

Process control

ps
(=print status) Display the list of currently running processes with their process IDs (PID) numbers. Use ps axu to see all processes currently running on your system (also those of other users or without a controlling terminal), each with the name of the owner. Use "top" to keep listing the processes currently running.
fg PID
Bring a background or stopped process to the foreground.
bg PID
Send the process to the background. Opposite to fg. The same can be accomplished with <Ctrl>z. If you have stopped jobs, you have to type exit twice in row to log out.
any_command&
Run any command in the background (the symbol "&" means "run the proceeding command in the background").
kill PID
Force a process shutdown. First determine the PID of the process to kill using ps.
killall program_name
Kill program(s) by name.

Basic administration commands

adduser user_name
Create a new account (you must be root). E.g., adduser barbara Don't forget to set up the password for the new user in the next step. The user home directory is /home/user_name.
useradd user_name
The same as the command " adduser user_name ".
userdel user_name
Remove an account (you must be a root). The user's home directory and the undelivered mail must be dealt with separately (manually because you have to decide what to do with the files).
groupadd group_name
Create a new group on your system. Non-essential but can be handy even on a home machine with a small number of users.
passwd
Change the password on your current account. If you are root, you can change the password for any user using: passwd user_name
chmod perm filename
(=change mode) Change the file access permission for the files you own (unless you are root in which case you can change any file). You can make a file accessible in three modes</tt>: read (r), write (w), execute (x) to three classes of users: owner (u), members of the same group as the owner (g), others on the system (o). Check the current access permissions using</tt>: ls -l filename If the file is accessible to all users in all modes it will show: rwxrwxrwx The first triplet shows the file permission for the owner of the file, the second for his/her group, the third for others. A "no" permission is shown as "-".

E.g., this command will add the permission to read the file "junk" to all (=user+group+others): chmod a+r junk This command will remove the permission to execute the file junk from others: chmod o-x junk

chown new_ownername filename 'and' chgrp new_groupname filename 'or' chown new_ownername:new:groupname filename
Change the file owner and group. You should use these two commands after you copy a file for use by somebody else.
su
(=substitute user id) Assume the superuser (=root) identity (you will be prompted for the password). Type "exit" to return you to your previous login. Don't habitually work on your machine as root. The root account is for administration and the su command is to ease your access to the administration account when you require it. You can also use "su" to assume any other user identity, e.g. su barbara will make me "barbara" (password required unless I am a superuser).


Upgrading to OpenSSH

You can use the ipkg upgrade system to upgrade to OpenSSH which then includes support for scp and sftp. Also it is very useful to use a pre-shared key to login without passwords.

NOTE: The root account can be logged into after the upgrade by default. You can disable this by editing the /opt/etc/openssh/sshd_config to add the phrase "PermitRootLogin no". Then restart the FSG.

To quote this post

Posted: Tue Oct 31, 2006 10:10 Post subject: openssh The Optware openssh package (as of version 4.3p2-6) has been specially customised for the FSG-3.

See http://www.openssh.org/ for more information about OpenSSH.

The Optware openssh package includes SCP and SFTP support, allowing you to securely transfer files to and from your FSG-3 across the internet.

When the Optware openssh package starts, it automatically replaces and supercedes the standard Freecom SSH Server.

The Optware openssh package is always enabled, irrespective of the setting in the SSH Server configuration web page. If you want to disable it, just ipkg remove it.

Note that the ability to access the Optware openssh SSH Server from the outside through the WAN port *is* still controlled by the setting in the SSH Server configuration web page.

If you wish to use public key authentication instead of passwords, then you should edit the /opt/etc/openssh/sshd_config file. In particular, look at the PermitRootLogin, PasswordAuthentication, and PermitEmptyPasswords lines.

You should put your authorized_keys file in your /home/.users/<username>/.ssh/ directory (which you will need to create), and ensure that directory (and all directories above it) have the correct permissions (see the OpenSSH documentation for more information about this - the main thing is that only you or root are allowed to have write access your authorized_keys file and any of the parent directories above the place where your authorized_keys file is stored).

The Optware openssh package includes support for TCP Wrappers, and should work correctly with the Optware denyhosts package.

-- Rod rwhitby

Retrieved from "http://www.openfsg.com/index.php/Use_the_SSH_Server"
Personal tools