Securing ssh remote login in RedHat Enterprise Linux 5.
Posted on 08. Oct, 2009 by Bharat in Information Technology, Linux
Recently I had been attending RedHat Enterprise Linux Certified Engineer training program initiated by RIM,Thimphu:Bhutan. There are about 20 participants from the private & corporate sectors attending this training program, and I was fortunate enough to attend it on behalf of Tashi Infocomm Ltd. Though I am more into networking stuffs..like configuring Routers,Firewalls,switches etc… but learing systems with Linux is a great experience…and I am enjoying every bit of it…
Lets get to the point…now..
As my profession requires me to….I had been trying to understand the security in a network a lot. And securing a secure remote login protocol like ssh…grabbed a lot of interest of mine…
SSH is a remote login protocol which basically provides a secure encrypted connection unlike Telnet which is not encrypted making it unsecure.
Securing ssh remote login ..
Imagine a situation where you have to login your server remotely. Now the normal trend is you perform ssh login command from your laptop and logn to your server using your username and password. Since the web is so risky..hackers might try to obtain differnet combination of username and passwords… what if your password was not strong enough and the hacker could click one combination and login? or what if someone from your company peeped your password and tried logging in your server from internet….??
Here is a way to secure that…
The concept of RSA & DSA key generation comes here.. its pretty cool. Now this works by generating a key and a passphrase from your laptop which would be a unique one.. Then we have to copy this key to a file in the Linux server. Now whenever a user tries to login to the Linux server it checks for the key.. so only you accessing only from your laptop can login to the Server.
How to do it ??? Hold on….here it comes….
steps in RedHat Enterprise Linux 5.
- From root prompt in your laptop generate the key using the command.
$ ssh-keygen -t dsa
it will ask you to type in the filename (copy the same as given in the brackets) and passphrase(type and sentence twice..but do remember it)..- Repeat step 1 in server as well.
- Copy your public key from your laptop to the Server at /.ssh/id_dsa.pub
$ ssh-copy-id -i .ssh/id_dsa.pub root@servername- It will prompt you for server’s roots password, ..ente the password
- Try connecting …… done.
I tried learing it before but didn’t get proper help….. I hope if the above helps you in any way….I will be pleased.
Thanks…..
Knowledge is free....(my fren Vicky, A security analyst used to say that often..)
Leave a reply