completes ssh
This commit is contained in:
parent
eb9d1e5983
commit
bea8ee3b78
Binary file not shown.
After Width: | Height: | Size: 39 KiB |
Binary file not shown.
After Width: | Height: | Size: 42 KiB |
|
@ -13,13 +13,13 @@ You should never use the following the following programs anymore but it's good
|
||||||
* rcp
|
* rcp
|
||||||
* telnet (still has some legitimate usage such as with munin)
|
* telnet (still has some legitimate usage such as with munin)
|
||||||
|
|
||||||
The main advantage of SSH is it's encryption.
|
The main advantage of SSH is it's **encryption**.
|
||||||
It works similarly to SSL which you use all the time to do most of your web browsing.
|
It works similarly to SSL which you use all the time to do most of your web browsing.
|
||||||
When using encryption it becomes **very** hard to sniff the data traveling between the client and the server.
|
When using encryption it becomes **very** hard to sniff the data traveling between the client and the server.
|
||||||
There are two versions of SSH, version 1 and version 2, and you should only use version 2 as the former is not considered [secure]() anymore.
|
There are two versions of SSH, version 1 and version 2, and you should only use version 2 as the former is not considered [secure]() anymore.
|
||||||
The recommended encryption used by most SSH servers is [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard).
|
The recommended encryption used by most SSH servers is [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard).
|
||||||
If you're interested in understanding the mathematics behind AES, [this](https://www.youtube.com/channel/UC1usFRN4LCMcfIV7UjHNuQg) class is exceptionally good but not for the faint of heart.
|
If you're interested in understanding the mathematics behind AES, [this](https://www.youtube.com/channel/UC1usFRN4LCMcfIV7UjHNuQg) class is exceptionally good but not for the faint of heart.
|
||||||
It's not mandatory to fully understand the math behind encryption to use it though.
|
It's however not mandatory to fully understand the math behind encryption to use it though.
|
||||||
The main takeaway would be the number of **bit's used** where **higher** is **better**.
|
The main takeaway would be the number of **bit's used** where **higher** is **better**.
|
||||||
By default ssh uses a very secure cipher but you can specify which one you want with the `-c` flag to `ssh`.
|
By default ssh uses a very secure cipher but you can specify which one you want with the `-c` flag to `ssh`.
|
||||||
Do keep in mind that the server needs to support the cipher you're requesting.
|
Do keep in mind that the server needs to support the cipher you're requesting.
|
||||||
|
@ -227,6 +227,31 @@ permitted by applicable law.
|
||||||
student@helloworld:~$
|
student@helloworld:~$
|
||||||
```
|
```
|
||||||
|
|
||||||
|
So, how did I add my public key to the `student`'s account authorized keys?
|
||||||
|
There is a program called `ssh-copy-id` that can do it for you, but I personally always just copy and paste it to the users `~/.ssh/authorized_keys` file.
|
||||||
|
This is an example of a server I use with the public keys that are allowed to log in.
|
||||||
|
As you can see there are **four** key's that are allowed to log in.
|
||||||
|
|
||||||
|
```
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9FDWJ6Dr45xQsv/dwqxBVtXuHORtfKtw7tuIe0nq4wRAhdz9XGJ+3s1Czj2YvlMV6rjxjpShG39A6Tnj9oQmqcWdxhmrXAjBQNgVJP6Gpg1NaXSsysEDcKjOcKqqwCHxQ6mYZCl7/vtQotZsTQ+aQW65+D+L6vxNEO6m+XDI283dM1FGQhn7OAN/tZf+tLRT6A4QCF1YEtb2uOsNsU8B+ilBNreqekvJRJ2dYT2QHdNdS2aEMhnHWzsnh4f2bzbpugoiWPGKiHwazePisWUU2/DjQmDq6d3sJ4AeQCt8R4ZlptOleGLdTNCjhRMDvUAMcNsR9OyeFiSok7DFHQw3Z waldek@leanone
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGKt7Qn9SSSJ7apRbCAqOYltUP+oM5wOIRQ3TLHwiGPYYHt38XWUrUjklRKWH+hagMnHiPHxbloYTtm/OzS9OXOTQJH4n+5c0Jq3OHrMQDztsqWK//gsxBZd7wlA/j6O/7Pr/6jxL0w+bwt1k+VDZR/3Mms3mRfmvGMeg5Wmr2/5GrTZocrUrKH4zgINoAk+6698T9E4YUQp1SLCg634KHA5HqupB9H7aLMovJ1p4K+qOV/MtspzgDvIkZMTFRZ9JvDqYWovaYlr5/zHBnag6/tPgBl+kmEDx6q8mybdtsB9oeARM2O2KKUISzA0PawBFbCNcI3RUSd91trzlhhUQ8 pi@pizone
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRFprKfRnfxs5lxJXfB5166OHPHHUFr4x2bqxAUc/vtkfmopytf/rhRtgnUeffoZW+KmzhWXuUKw+AjXOfO2OtsyMkbQoJKb3gsZ+KknsWsLEWCx5f8V0sc7y5UHedAuaE9Ax+KqnbPnXJWNtRVxjJCcsWnZNSKERwSjNV/K4yWsFwcdwQirurLB1AZXF0wSNd9ch4/fNX8CjOTuEkOhsUgZ9NZbNAV0LgiVeqghY9JsNt40kYNYX2BQNWk9oEaKdn0YCP+em6CPrDA6MT/rkScr+DPOGpT6GBtXirj+Krw924KjF6eSH9dnWy/ysKlp0CvflQOaVN1zEVZjDGwiAz waldek@vps-42975ad1
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnKJ8fwHAEe6NS7MTqlAtqzUzqA0ATibR1XP8nirZritVQv7uDNVH91SKM5GSP5gTOzCmW4NQVVv47KvmRQ6yp6BugCsKL96rPMA6m/b9cTA5YDwm90cfb5I6h+kRL2mp4O63ahgGDAb5XgVy3Tq2qyxLbbkKylhw6VQFsHQXObTevSvMrRzc8t29DwS/tfbhT3R6opa2j+5woXDLpKaHrBsw9LFoelkh8jgQ9fbDx2hXwzeccaT3qpycRjtwhraVtt/FTEpJ60R+ooB/Nx2ndlT4qs3P/G3HFrbvlLzjMGlAcjHNkXgQRy6850ACC8RtM6+s4K1RCNU0fPXSy3tkb waldek@helloworld
|
||||||
|
```
|
||||||
|
|
||||||
|
![ssh connection overview](./assets/ssh_connection_01.jpg)
|
||||||
|
|
||||||
|
![ssh communication overview](./assets/ssh_connection_02.jpg)
|
||||||
|
|
||||||
|
### Keys for gitea
|
||||||
|
|
||||||
|
Now that you know how to **create** your own RSA keys I would like you to:
|
||||||
|
|
||||||
|
* create one (and save it somewhere safe)
|
||||||
|
* use it to push/pull from your personal [gitea](https://gitea.86thumbs.net)
|
||||||
|
|
||||||
|
I'll let you figure it out by yourself but if you're stuck have a look at [this](https://gitea.86thumbs.net/user/settings/keys) and [this](https://pandammonium.org/how-to-change-a-git-repository-from-https-to-ssh/).
|
||||||
|
|
||||||
## Standard usage
|
## Standard usage
|
||||||
|
|
||||||
## Tweaking the sshd configuration file
|
## Tweaking the sshd configuration file
|
||||||
|
|
Loading…
Reference in New Issue