Ssh Clientseite: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(38 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
 
 
=Erster Verbindungsaufbau=
 
=Erster Verbindungsaufbau=
 
:alice@u3:~$ ssh bob@u2
 
:alice@u3:~$ ssh bob@u2
Zeile 14: Zeile 13:
 
|1|m9IwDx96MLYRVu8WE49HjWRcdyk=|CVTp1yv65aqMW6Y1zWngj0j1oW8= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNmNwRv2mqfgV3SwvASy48CIjb4oSmxqcQf7e28dCYQxGRfIXiQK5HYKagkqsfBgai+iIiLKDrkav7tvqX0XsAQ=
 
|1|m9IwDx96MLYRVu8WE49HjWRcdyk=|CVTp1yv65aqMW6Y1zWngj0j1oW8= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNmNwRv2mqfgV3SwvASy48CIjb4oSmxqcQf7e28dCYQxGRfIXiQK5HYKagkqsfBgai+iIiLKDrkav7tvqX0XsAQ=
 
</pre>
 
</pre>
 +
:Der Publikkey des Server '''u3''' wurde hinzugefügt
 +
=Befehl ausführen=
 +
:alice@u3:~$ ssh bob@u2 hostname
 +
:bob@u2's password:
 +
u2
 +
 +
=alternativer Aufruf=
 +
:alice@u3:~$ ssh -l bob u2
 +
:bob@u2's password:
 +
:bob@u2:~$
 +
=Angabe eines speziellen Ports=
 +
:alice@u3:~$ ssh -p 8822 -l bob u2
 +
:bob@u2's password:
 +
:bob@u2:~$
 +
=Schlüsselpaar erzeugen=
 +
:alice@u3:~$ ssh-keygen  -b 4096
 +
;Alternativ
 +
:ssh-keygen -t ed25519
 +
<pre>
 +
Generating public/private rsa key pair.
 +
Enter file in which to save the key (/home/alice/.ssh/id_rsa):
 +
Enter passphrase (empty for no passphrase):
 +
Enter same passphrase again:
 +
Your identification has been saved in /home/alice/.ssh/id_rsa
 +
Your public key has been saved in /home/alice/.ssh/id_rsa.pub
 +
The key fingerprint is:
 +
SHA256:PrjyG7hdgYyB8o3G6AylcbWvmPjjJr29l4yGS7uAR44 alice@u3
 +
The key's randomart image is:
 +
+---[RSA 4096]----+
 +
|    .            |
 +
|  o .          |
 +
|o + o            |
 +
| X o = .        |
 +
|+ * o + S        |
 +
|=* o o o .      |
 +
|E+*.ooo.+        |
 +
|.==o+o++ .      |
 +
| +B*+==.        |
 +
+----[SHA256]-----+
 +
</pre>
 +
 +
=Schlüsselpaar=
 +
*Wir haben nun ein Schlüsselpaar erzeugt.
 +
*Der geheime Schlüssel ist passwort-geschützt.
 +
*Dieses Passwort wird beim erstmaligen Nutzen nach dem Einloggen abgefragt.
 +
*Danach befindet sich der geheime Schlüssel im Arbeitsspeicher.
 +
*Er wird von dem SSH-Agent verwaltet.
 +
=Das Schlüsselpaar=
 +
:alice@u3:~$ ls  .ssh/id_rsa*
 +
.ssh/id_rsa  .ssh/id_rsa.pub
 +
=Übertragen des Publik Keys zu bob@u2=
 +
:alice@u3:~$ ssh-copy-id bob@u2
 +
<pre>
 +
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/alice/.ssh/id_rsa.pub"
 +
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
 +
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
 +
bob@u2's password:
 +
 +
Number of key(s) added: 1
 +
 +
Now try logging into the machine, with:  "ssh 'bob@u2'"
 +
and check to make sure that only the key(s) you wanted were added.
 +
</pre>
 +
=Alternatives Übertragen des Publik Keys zu bob@u2=
 +
:alice@u3:~$ scp ~/.ssh/id_*.pub  bob@u2:~
 +
:alice@u3:~$ ssh bob@u2
 +
:bob@u2:~$ cat id_*.pub >> .ssh/authorized_keys
 +
 +
=Der Private Key ist noch nicht im Arbeitsspeicher=
 +
:alice@u3:~$ ssh-add -l
 +
The agent has no identities.
 +
=Wir fügen den Private Key zum Agent hinzu=
 +
:alice@u3:~$ ssh-add
 +
Enter passphrase for /home/alice/.ssh/id_rsa:
 +
Identity added: /home/alice/.ssh/id_rsa (alice@u3)
 +
 +
=Der Private Key ist nun im Arbeitsspeicher und wird vom Agent verwaltet=
 +
:alice@u3:~$ ssh-add -l
 +
4096 SHA256:PrjyG7hdgYyB8o3G6AylcbWvmPjjJr29l4yGS7uAR44 alice@u3 (RSA)
 +
=Einlogen ohne Passwort=
 +
:alice@u3:~$ ssh bob@u2
 +
bob@u2:~$
 +
 +
=Einloggen ohne Passwort=
 +
:alice@u3:~$ ssh bob@u2
 +
<pre>
 +
Enter passphrase for key '/home/alice/.ssh/id_rsa':
 +
bob@u2:~$
 +
</pre>
 +
=Wir bringen nun den Public-Key von alice auf den Account bob@u1=
 +
:alice@u3:~$ ssh-copy-id bob@u1
 +
<pre>
 +
The authenticity of host 'u1 (172.16.10.1)' can't be established.
 +
ECDSA key fingerprint is SHA256:Dp+DL5apc0A3rsUKCPcvbLSBmb4BSQXDsJGLJR0r0GA.
 +
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
 +
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
 +
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
 +
</pre>
 +
:bob@u1's password:
 +
<pre>
 +
Number of key(s) added: 1
  
=Aufruf=
+
Now try logging into the machine, with:  "ssh 'bob@u1'"
*ssh [Optionen] Benutzer@Zielrechner [Kommando]
+
and check to make sure that only the key(s) you wanted were added.
;Wenn ein Kommando angegeben wird, wird dieses anstelle der Login-Shell ausgeführt.
+
</pre>
 +
:alice@u3:~$
 +
=Einloggen=
 +
:alice@u3:~$ ssh  bob@u2
 +
:bob@u2:~$
 +
;Wir haben den Schlüssel mit genommen.
 +
:bob@u2:~$ ssh-add  -l
 +
4096 SHA256:PrjyG7hdgYyB8o3G6AylcbWvmPjjJr29l4yGS7uAR44 alice@u3 (RSA)
 +
:bob@u2:~$ ssh -A u1
 +
:bob@u1:~$
 +
;Wir haben den Schlüssel weiter mit genommen.
 +
:bob@u1:~$ ssh-add  -l
 +
4096 SHA256:PrjyG7hdgYyB8o3G6AylcbWvmPjjJr29l4yGS7uAR44 alice@u3 (RSA)
 +
 
 +
=Cipher mit angeben=
 +
:alice@u3:~$ ssh -o kexalgorithms=diffie-hellman-group-exchange-sha1  -o HostKeyAlgorithms=+ssh-rsa -o  Ciphers=+3des-cbc  10.10.4.108 -l xinux -p 22
 +
 
 +
=Beispiel der User Konfigurationsdatei=
 +
~/.ssh/config
 +
<pre>
 +
host github.com
 +
  Port 22
 +
 
 +
host 10.81.0.12
 +
user admin
 +
ciphers aes128-cbc
 +
KexAlgorithms +diffie-hellman-group1-sha1
 +
HostKeyAlgorithms=+ssh-rsa
 +
port 22
 +
</pre>
  
 
=SSH Optionen=
 
=SSH Optionen=
 
*[[Ausgewählte SSH Optionen]]
 
*[[Ausgewählte SSH Optionen]]
=SSH Beispiele=
 
==Zugriff auf einen bisher unbekannten Zielrechner==
 
*ssh root@alita
 
The authenticity of host 'alita (192.168.242.10)' can't be established.
 
RSA key fingerprint is 8c:d1:1f:d2:5e:76:cd:75:74:c4:b7:b2:c7:f6:50:78.
 
Are you sure you want to continue connecting (yes/no)? yes
 
Warning: Permanently added 'alita,192.168.242.10' (RSA) to the list of known hosts.
 
root@alita's password: Passwort_das_nicht_angezeigt_wird
 
...
 
root@alita:~#
 
Um die Identität des Zielrechners zu verifizieren, kann man den den Fingerprint des öffentlichen RSA Schlüssels
 
auf der Serverseite ausgeben lassen. Dieser kann dann mit dem oben angezeigten verglichen werden.
 
==Zugriff auf bekannten Zielrechner==
 
*ssh root@alita
 
root@alita's password: Passwort_das_nicht_angezeigt_wird
 
...
 
root@alita:~#
 
 
==Zugriff als Benutzer christian und auf Port 9998==
 
*ssh alita -l christian -p 9998
 
christian@alita's password: Passwort_das_nicht_angezeigt_wird
 
...
 
christian@alita:~$
 
==Ausführen eines Kommandos auf dem Zielrechner==
 
*ssh alita cat /etc/hostname
 
root@alita's password:
 
alita
 
root@zero:~#
 
==Ausführen eines grafischen Programms auf dem Zielrechner und lokal anzeigen==
 
*ssh -X root@kvm  terminator
 
 
[[Image:kate.png]]
 
=Authentifizierung mit Schlüssel=
 
*[[SSH Agent]]
 
*[[Authentifizierung mit Schlüssel]]
 
==Übertragen des öffentlichen Schlüssels==
 
===Ubuntu===
 
*ssh-copy-id -i .ssh/'''id_rsa.pub''' root@alita
 
root@alita's password: Passwort_das_nicht_angezeigt_wird
 
Now try logging into the machine, with "ssh 'root@alita'", and check in:
 
 
  .ssh/authorized_keys
 
 
to make sure we haven't added extra keys that you weren't expecting.
 
=Einloggen auf Remoterechner=
 
*ssh root@alita
 
Linux alita 2.6.28-13-generic #44-Ubuntu SMP Tue Jun 2 07:57:31 UTC 2009 i686
 
 
The programs included with the Ubuntu system are free software;
 
the exact distribution terms for each program are described in the
 
individual files in /usr/share/doc/*/copyright.
 
 
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
 
applicable law.
 
 
To access official Ubuntu documentation, please visit:
 
http://help.ubuntu.com/
 
 
0 packages can be updated.
 
0 updates are security updates.
 
 
Last login: Thu Jul  2 13:54:13 2009 from zero.alpha.quadrant
 
root@alita:~#
 

Aktuelle Version vom 30. Juli 2024, 09:26 Uhr

Erster Verbindungsaufbau

alice@u3:~$ ssh bob@u2
The authenticity of host 'u2 (172.16.10.2)' can't be established.
ECDSA key fingerprint is SHA256:Dp+DL5apc0A3rsUKCPcvbLSBmb4BSQXDsJGLJR0r0GA.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
bob@u2's password:
bob@u2:~$

Exit

bob@u2:~$ exit
alice@u3:~$ cat .ssh/known_hosts
|1|5BdpwWv6AjvkrERbWPK0NCdeWiY=|XEQyvQ0nw5bIIM7UHd6rbJwIA1A= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNmNwRv2mqfgV3SwvASy48CIjb4oSmxqcQf7e28dCYQxGRfIXiQK5HYKagkqsfBgai+iIiLKDrkav7tvqX0XsAQ=
|1|m9IwDx96MLYRVu8WE49HjWRcdyk=|CVTp1yv65aqMW6Y1zWngj0j1oW8= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNmNwRv2mqfgV3SwvASy48CIjb4oSmxqcQf7e28dCYQxGRfIXiQK5HYKagkqsfBgai+iIiLKDrkav7tvqX0XsAQ=
Der Publikkey des Server u3 wurde hinzugefügt

Befehl ausführen

alice@u3:~$ ssh bob@u2 hostname
bob@u2's password:
u2

alternativer Aufruf

alice@u3:~$ ssh -l bob u2
bob@u2's password:
bob@u2:~$

Angabe eines speziellen Ports

alice@u3:~$ ssh -p 8822 -l bob u2
bob@u2's password:
bob@u2:~$

Schlüsselpaar erzeugen

alice@u3:~$ ssh-keygen -b 4096
Alternativ
ssh-keygen -t ed25519
Generating public/private rsa key pair.
Enter file in which to save the key (/home/alice/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/alice/.ssh/id_rsa
Your public key has been saved in /home/alice/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:PrjyG7hdgYyB8o3G6AylcbWvmPjjJr29l4yGS7uAR44 alice@u3
The key's randomart image is:
+---[RSA 4096]----+
|    .            |
|   o .           |
|o + o            |
| X o = .         |
|+ * o + S        |
|=* o o o .       |
|E+*.ooo.+        |
|.==o+o++ .       |
| +B*+==.         |
+----[SHA256]-----+

Schlüsselpaar

  • Wir haben nun ein Schlüsselpaar erzeugt.
  • Der geheime Schlüssel ist passwort-geschützt.
  • Dieses Passwort wird beim erstmaligen Nutzen nach dem Einloggen abgefragt.
  • Danach befindet sich der geheime Schlüssel im Arbeitsspeicher.
  • Er wird von dem SSH-Agent verwaltet.

Das Schlüsselpaar

alice@u3:~$ ls .ssh/id_rsa*
.ssh/id_rsa  .ssh/id_rsa.pub

Übertragen des Publik Keys zu bob@u2

alice@u3:~$ ssh-copy-id bob@u2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/alice/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
bob@u2's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'bob@u2'"
and check to make sure that only the key(s) you wanted were added.

Alternatives Übertragen des Publik Keys zu bob@u2

alice@u3:~$ scp ~/.ssh/id_*.pub bob@u2:~
alice@u3:~$ ssh bob@u2
bob@u2:~$ cat id_*.pub >> .ssh/authorized_keys

Der Private Key ist noch nicht im Arbeitsspeicher

alice@u3:~$ ssh-add -l
The agent has no identities.

Wir fügen den Private Key zum Agent hinzu

alice@u3:~$ ssh-add
Enter passphrase for /home/alice/.ssh/id_rsa: 
Identity added: /home/alice/.ssh/id_rsa (alice@u3)

Der Private Key ist nun im Arbeitsspeicher und wird vom Agent verwaltet

alice@u3:~$ ssh-add -l
4096 SHA256:PrjyG7hdgYyB8o3G6AylcbWvmPjjJr29l4yGS7uAR44 alice@u3 (RSA)

Einlogen ohne Passwort

alice@u3:~$ ssh bob@u2
bob@u2:~$

Einloggen ohne Passwort

alice@u3:~$ ssh bob@u2
Enter passphrase for key '/home/alice/.ssh/id_rsa': 
bob@u2:~$

Wir bringen nun den Public-Key von alice auf den Account bob@u1

alice@u3:~$ ssh-copy-id bob@u1
The authenticity of host 'u1 (172.16.10.1)' can't be established.
ECDSA key fingerprint is SHA256:Dp+DL5apc0A3rsUKCPcvbLSBmb4BSQXDsJGLJR0r0GA.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
bob@u1's password:
Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'bob@u1'"
and check to make sure that only the key(s) you wanted were added.
alice@u3:~$

Einloggen

alice@u3:~$ ssh bob@u2
bob@u2:~$
Wir haben den Schlüssel mit genommen.
bob@u2:~$ ssh-add -l
4096 SHA256:PrjyG7hdgYyB8o3G6AylcbWvmPjjJr29l4yGS7uAR44 alice@u3 (RSA)
bob@u2:~$ ssh -A u1
bob@u1:~$
Wir haben den Schlüssel weiter mit genommen.
bob@u1:~$ ssh-add -l
4096 SHA256:PrjyG7hdgYyB8o3G6AylcbWvmPjjJr29l4yGS7uAR44 alice@u3 (RSA)

Cipher mit angeben

alice@u3:~$ ssh -o kexalgorithms=diffie-hellman-group-exchange-sha1 -o HostKeyAlgorithms=+ssh-rsa -o Ciphers=+3des-cbc 10.10.4.108 -l xinux -p 22

Beispiel der User Konfigurationsdatei

~/.ssh/config 

 
 host github.com
  Port 22

host 10.81.0.12
 user admin 
 ciphers aes128-cbc
 KexAlgorithms +diffie-hellman-group1-sha1
 HostKeyAlgorithms=+ssh-rsa
 port 22

SSH Optionen

Abgerufen von „http://wiki.ixheim.de/index.php?title=Ssh_Clientseite&oldid=55184