Wiki source code of SSH

Last modified by Yunhao Wu on 2024/04/18 13:40

version	line-number	content
1.1	1	= SSH Zugriff =
	2
87.1	3
	4
1.1	5	{{toc/}}
	6
	7
87.1	8
	9	----
	10
	11
	12
1.1	13	{{html wiki="true"}}
	14	<a name='Fingerprints'></a>
	15	{{/html}}
	16
	17
	18	= 0. Fingerprints =
	19
87.1	20	A key fingerprint for SSH is a hash of the host's public key and is used to verify and identify the server. This can be used, for example, to check whether a host has changed (e.g. if the DNS server has been hacked and lxhalle.in.tum.de would suddenly point to a malicious server).
1.1	21
87.1	22	The ECDSA keys have been deactivated for security reasons.
1.1	23
	24	== lxhalle.in.tum.de ==
	25
87.1	26	The following table lists the fingerprints for lxhalle.in.tum.de.
60.1	27
1.1	28	\|= lxhalle\|= MD5-Fingerprint\|= SHA256-Fingerprint
	29	\| Ed25519 \| ##MD5:f8:73:a4:f9:47:8e:a2:ba:11:59:19:35:bf:d6:c7:c4## \| SHA256:dSj0mkyuOXEdpKGGJmXkvhDnvbjGmGCYQXA0pV8Pe4s
60.1	30	\| RSA \| {{html wiki="true"}}<span>MD5:4b:84:7e:c4:cf:b7:ff:fb:eb:d0:0c:7b:c3:97:05:54</br></span>{{/html}} \| SHA256:xJrFkhNs9pwibJFZZB5LvcrltWxfAIovk/UjKAXkIW4
1.1	31	Diese Fingerprints wurden zuletzt am 04.04.2019 verifiziert.
	32
	33	== ssh.ma.tum.de ==
	34
87.1	35	The following table lists the fingerprints for ssh.ma.tum.de.
60.1	36
1.1	37	\|= ssh.ma.tum.de\|= MD5-Fingerprint\|= SHA256-Fingerprint
	38	\| Ed25519 \| ##MD5:70:5d:b8:5f:51:69:60:07:22:a4:45:65:7b:c5:99:b9## \| ##SHA256:EbNhVTkW+74PX0tQNb9bai0HXAVcQLC9lOeS+BgatPM##
	39	\| RSA \| ##MD5:f0:07:65:2b:45:83:19:15:d9:fa:96:e4:5e:bc:8c:43## \| ##SHA256:4J5P9HV9KrmMS6aKWYukNjVpaSFBrea2iQvXZOCQ7sQ##
	40
	41	{{html wiki="true"}}
	42	<a name='OpenSSH'></a>
	43	{{/html}}
	44
	45
60.1	46	= 1. OpenSSH =
1.1	47
87.1	48	SSH (Secure Shell) is a tool for secure system administration, file transfer and other communication via the Internet or another untrusted network. It encrypts identities, passwords and transmitted data so that they cannot be intercepted and stolen. OpenSSH is an open source implementation of the SSH protocol.
1.1	49
87.1	50	OpenSSH comes with the following tools:
60.1	51
1.1	52	* SSH (Secure Shell Client, login auf einem remote System, Aufbau von Tunnel)
	53	* SCP (Secure Copy Protocol, cp über einen SSH Tunnel)
	54	* SFTP (Secure File Transfer Protocol, ftp über einen SSH Tunnel)
	55	* ssh-add, ssh-keysign, ssh-keyscan, ssh-keygen und ssh-agent (Keymanagement)
	56	* sshd (SSH Server)
	57	* sftp-server (SFTP Server)
63.1	58
87.1	59	Auf Linux und MacOS ist OpenSSH in der Regel vorinstalliert und es exisitert auch eine Implementierung für Windows, die auf Windows 10 seit dem “Windows 10 fall creators update” mitgeliefert wird.
1.1	60
	61	Unter Programme und Features lässt es sich seitdem aktivieren und seit etwa April 2018 sollte es standardmäßig aktiviert sein, wenn man auf dem aktuellstem Updatestand ist.
	62
	63
	64	{{html wiki="true"}}
	65	<a name='OpenSSHVerbindung'></a>
	66	{{/html}}
	67
	68
61.1	69	== 1.1. SSH Verbindung mit Passwort ==
1.1	70
87.1	71	Open the terminal (MacOS / Linux) or the PowerShell (Windows). In this you can now use
63.2	72
87.1	73
63.2	74	(% class="box" %)
	75	(((
87.1	76	$> ssh CIT-username@hostname
63.2	77	)))
1.1	78
87.1	79	to establish an SSH connection.
63.2	80
87.1	81
	82
	83
	84	So in our case, for example
	85
	86
63.3	87	(% class="box" %)
	88	(((
87.1	89	$> ssh musterma@lxhalle.in.tum.de
63.3	90	)))
1.1	91
87.1	92	(% class="box" %)
	93	(((
	94	$> ssh musterma@ssh.ma.tum.de
	95	)))
1.1	96
87.1	97
	98	If the server is unknown, i.e. the connection is being established for the first time or the known_hosts file has been deleted, confirmation of the server's public key fingerprint is required.
	99
63.3	100	(% class="box" %)
	101	(((
	102	~> The authenticity of host ‘<i>server (serverip)</i>’ can’t be established.
	103	~> ECDSA key fingerprint is <i>server fingerprint</i>
	104	~> Are you sure you want to continue connecting (yes/no)?
	105	)))
1.1	106
87.1	107	If the fingerprint is correct, the query can be confirmed. Now you will be asked for your password and you should be logged in to the server.
1.1	108
	109	{{html wiki="true"}}
	110	<a name='OpenSSHKey'></a>
	111	{{/html}}
	112
	113
63.5	114	== 1.2. SSH-Verbindgung ohne Passwort (OpenSSH Konfiguration) ==
1.1	115
87.1	116	The OpenSSH configuration files can be used to create aliases for SSH hosts and set options, among other things. More information can be found at https:~/~/www.ssh.com/ssh/config/
1.1	117
87.1	118	If the OpenSSH configuration file is not yet available, you can simply create it with
63.5	119
	120
87.1	121	(% class="box" %)
	122	(((
	123	touch ~~/.ssh/config
	124	)))
76.1	125
87.1	126	to create. Then open the configuration file (config) with a text editor, e.g. vi or vim in the terminal.
	127
63.5	128	(% class="box" %)
62.1	129	(((
76.1	130	vim ~~/.ssh/config
62.1	131	)))
1.1	132
87.1	133	An example host entry looks like this:
63.5	134
69.1	135	[[image:1677665498294-467.png]]
1.1	136
63.6	137
87.1	138	To extend an SSH connection to the Lxhalle without a password, you need a configuration file like the one below
69.1	139
	140	[[image:1677665518714-502.png]]
	141
	142
61.1	143	== 1.3. SSH Key ==
1.1	144
87.1	145	=== 1.3.1. Generate key pairSchlüsselpaar generieren (Private und Public) ===
1.1	146
87.1	147	To generate an SSH key, execute the following command.
1.1	148
65.3	149	(% class="box" %)
	150	(((
	151	ssh-keygen -t rsa -b 4096
	152	)))
1.1	153
87.1	154	– b stands for the number of bits with which the length of the key can be determined.
1.1	155
87.1	156	– t stands for the type of key.
1.1	157
69.1	158
87.1	159	If you specify this, you will be asked for a path where the generated key should be stored.
1.1	160
69.1	161	{{code language="none"}}
	162	$> ssh-keygen -t rsa -b 4096
1.1	163	> Generating public/private rsa key pair.
	164	> Enter file in which to save the key (/home/"$USER"/.ssh/id_rsa): <path_to_directory_to_store_key>
	165	> Enter passphrase (empty for no passphrase):
	166	> Enter same passphrase again:
	167	> Your identification has been saved in <path>
	168	> Your public key has been saved in <path>
	169	> The key fingerprint is:
	170	> SHA256:LtcxHv0vIgzbV/udUgBLQQ8ayBl10DzwLP0LtUC97mQ <username>@<hostname>
	171	> The key's randomart image is:
	172	> +---[RSA 2048]----+
	173	> \| ..==**o \|
	174	> \| + O*o. \|
	175	> \| o.=+o. \|
	176	> \| .o+o. \|
	177	> \| S +.oo. \|
	178	> \| ..o +.Eo. \|
	179	> \| . o=o +oo. \|
	180	> \| o. + ooo.o\|
	181	> \| o ..++\|
	182	> +----[SHA256]-----+
69.1	183	{{/code}}
1.1	184
87.1	185	=== 1.3.2. Transfer public key to server ===
1.1	186
87.1	187	The public key must be transferred to the server. This can usually be done simply via ssh-copy-id.
1.1	188
69.1	189	{{code language="none"}}
87.1	190	$> ssh-copy-id ITO-username@hostname
69.1	191	/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: <path_to_directory_where_key_is_stored>
	192	/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
	193	/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
	194	username@hostname password:
	195
	196	Number of key(s) added: 1
	197
	198	Now try logging into the machine, with: "ssh 'username@hostname'"
	199	and check to make sure that only the key(s) you wanted were added.
	200	{{/code}}
	201
87.1	202	The key should now have been installed on the server as an authorized key and a login with
65.4	203
	204	(% class="box" %)
	205	(((
76.1	206	ssh -i PfadZumKeyfile username@hostname
65.4	207	)))
1.1	208
87.1	209	should be possible. Alternatively, you can enter the identity file as specified above in the SSH configuration and connect with ssh alias.
1.1	210
87.1	211
	212
61.1	213	=== 1.3.3. SSH-Keygen Manpages ===
1.1	214
87.1	215	If you execute the following command in the terminal, you can find out more about SSH-Keygen
1.1	216
70.1	217	{{code language="none"}}
	218	$> ssh-keygen man
65.4	219
1.1	220	usage: ssh-keygen [-q] [-b bits] [-C comment] [-f output_keyfile] [-m format]
	221	[-t dsa \| ecdsa \| ecdsa-sk \| ed25519 \| ed25519-sk \| rsa]
	222	[-N new_passphrase] [-O option] [-w provider]
	223	ssh-keygen -p [-f keyfile] [-m format] [-N new_passphrase]
	224	[-P old_passphrase]
	225	ssh-keygen -i [-f input_keyfile] [-m key_format]
	226	ssh-keygen -e [-f input_keyfile] [-m key_format]
	227	ssh-keygen -y [-f input_keyfile]
	228	ssh-keygen -c [-C comment] [-f keyfile] [-P passphrase]
	229	ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]
	230	ssh-keygen -B [-f input_keyfile]
	231	ssh-keygen -D pkcs11
	232	ssh-keygen -F hostname [-lv] [-f known_hosts_file]
	233	ssh-keygen -H [-f known_hosts_file]
	234	ssh-keygen -K [-w provider]
	235	ssh-keygen -R hostname [-f known_hosts_file]
	236	ssh-keygen -r hostname [-g] [-f input_keyfile]
	237	ssh-keygen -M generate [-O option] output_file
	238	ssh-keygen -M screen [-f input_file] [-O option] output_file
	239	ssh-keygen -I certificate_identity -s ca_key [-hU] [-D pkcs11_provider]
	240	[-n principals] [-O option] [-V validity_interval]
	241	[-z serial_number] file ...
	242	ssh-keygen -L [-f input_keyfile]
	243	ssh-keygen -A [-f prefix_path]
	244	ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
	245	file ...
	246	ssh-keygen -Q -f krl_file file ...
	247	ssh-keygen -Y find-principals -s signature_file -f allowed_signers_file
	248	ssh-keygen -Y check-novalidate -n namespace -s signature_file
	249	ssh-keygen -Y sign -f key_file -n namespace file ...
	250	ssh-keygen -Y verify -f allowed_signers_file -I signer_identity
70.1	251	-n namespace -s signature_file [-r revocation_file]
	252	{{/code}}
1.1	253
87.1	254	== 1.4. Filetransfer with SFTP ==
1.1	255
87.1	256	The Secure File Transfer Protocol (SFTP) can be used to transfer data to or from a remote system.
1.1	257
70.1	258	{{code language="none"}}
	259	$> sftp
1.1	260	usage: sftp [-46aCfpqrv] [-B buffer_size] [-b batchfile] [-c cipher]
	261	[-D sftp_server_path] [-F ssh_config] [-i identity_file]
	262	[-J destination] [-l limit] [-o ssh_option] [-P port]
	263	[-R num_requests] [-S program] [-s subsystem \| sftp_server]
	264	destination
70.1	265	{{/code}}
1.1	266
87.1	267	You can simply use the sftp tool supplied with the OpenSSH implementation. Simply enter sftp in the terminal/powershell. The parameters are analogous to the ssh command, except that some flags are missing, such as X11 forwarding. You can also use the hosts defined in the SSH-Config.
1.1	268
87.1	269	For example:
1.1	270
65.4	271	(% class="box" %)
	272	(((
87.1	273	$> sftp CIT-username@lxhalle.in.tum.de
65.4	274	)))
1.1	275
87.1	276	Here you can now use interactive commands to navigate to the desired files/location in the file system (e.g.: ls, cd). Here you can now use get/put to download or upload files or folders (specify the -r flag so that the folder is transferred recursively).
1.1	277
87.1	278	More about the SFTP tool of the OpenSSH implementation can be found in the [[Manual>>https://man.openbsd.org/sftp]].
1.1	279
	280	----
	281
61.1	282	== 1.5. X11 Forwarding ==
1.1	283
87.1	284	On most Linux systems, the X Windows system is used to display a graphical user interface. The current version is X version 11, or X11 for short. With X11 Forwarding, you can now start an application on a remote system and transfer the graphical display to a local X11 server.
1.1	285
87.1	286	To be able to use X11 Forwarding, you only need to set the X11 Forwarding flag in the ssh command (i.e. simply add an -X). Alternatively, you can also activate X11 forwarding in the SSH config.
1.1	287
87.1	288	On most Linux systems with a graphical user interface, an X11 server should be supplied by default, otherwise you will have to install it from the package sources (e.g. pacman -S xorg or apt install xorg).
1.1	289
87.1	290	Since Mac OS X 10.5 you need additional libraries. More details on the Apple page:[[Informationen zu X11 für Mac>>https://support.apple.com/de-de/HT201341]].
1.1	291
87.1	292	An X11 server is also required under Windows. Under Windows 10, the Linux subsystem for Windows can be used for this (see below for setup). In this Linux it now works as under Linux natively. Simply install the corresponding xorg package and start the xorg server.
1.1	293
	294
84.1	295
87.1	296
84.1	297	= 2. Remote Desktop =
	298
87.1	299
84.1	300	[[image:Screenshot (28)ed.png]]
	301
	302
87.1	303	Enter lxhalle.in.tum.de as the server name for the computer and click Connect.
	304
	305
84.1	306	[[image:Screenshot (29)ed.png]]
	307
	308
87.1	309	click Yes.
	310
	311
84.1	312	[[image:30ed.png]]
	313
	314
87.1	315	Enter CIT ID and password, click OK.
	316
	317
84.1	318	[[image:Screenshot (31)ed.png]]
	319
	320
	321
	322
1.1	323	{{html wiki="true"}}
	324	<a name='Putty'></a>
	325	{{/html}}
	326
	327
87.1	328	= 3. Linux Subsystem for Windows 10 =
1.1	329
87.1	330	You can also install a Linux subsystem on Windows 10 that integrates into the Windows kernel and the Windows file system. It is a complete Linux that runs in the Windows kernel.
	331
1.1	332	{{html wiki="true"}}
	333	<a name='LinuxSubInstallation'></a>
	334	{{/html}}
	335
87.1	336	== 3.1. Install ==
1.1	337
87.1	338	Open the direct link menu with the Windows logo key + X or right-click on the Windows flag and open Windows PowerShell (Administrator):
1.1	339
	340	[[image:linux00.png\|\|width="1000"]]
	341
61.1	342
87.1	343	The user account control will now ask for administrator authorizations:
1.1	344
	345	[[image:linux01.png\|\|width="1000"]]
	346
	347
	348
87.1	349
	350
70.1	351	{{code language="none"}}
	352	Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
	353	{{/code}}
	354
87.1	355	and run it. If the feature is not found, the system is probably not up to date and should be updated.
70.1	356
1.1	357	[[image:linux02.png\|\|width="1000"]]
	358
	359	[[image:linux03.png\|\|width="1000"]]
	360
61.1	361
87.1	362	After completing the feature activation, restart the computer.
1.1	363
	364	[[image:linux04.png\|\|width="1000"]]
	365
	366
87.1	367	After restarting the computer, open the Microsoft Store (e.g.: open the Start menu and search for Microsoft Store).
61.1	368
1.1	369	[[image:linux05.png\|\|width="1000"]]
	370
61.1	371
87.1	372	Now search for Ubuntu in the Microsoft Store. Alternatively, there are OpenSUSE Leap, SUSE Linux Enterprise Server, Debian and Kali subsystems for Windows, which can also be used and installed via the Microsoft Store.
1.1	373
	374	[[image:linux06.png\|\|width="1000"]]
	375
	376	Dann auf Herunterladen klicken, um das gewählte Subsystem zu installieren.
	377
	378	[[image:linux07.png\|\|width="1000"]]
	379
70.1	380
87.1	381	After completing the installation, start the subsystem (can also be done via the start menu, e.g. simply search for Ubuntu)
1.1	382
	383	[[image:linux08.png\|\|width="1000"]]
	384
61.1	385
	386
87.1	387	The subsystem is now set up at the first start. This will take some time.
1.1	388
	389	[[image:linux09.png\|\|width="1000"]]
	390
61.1	391
	392
87.1	393	To complete the setup, you will be asked for a user name and password for the Linux subsystem. You can choose freely here and should choose a secure password.
1.1	394
	395	[[image:linux10.png\|\|width="1000"]]
	396
	397
	398
	399	{{html wiki="true"}}
	400	<a name='LinuxSubKonfiguration'></a>
	401	{{/html}}
	402
87.1	403	== 3.2. Configuration ==
1.1	404
87.1	405	OpenSSH can now be used as under Linux.
1.1	406
	407	[[image:linux11.png\|\|width="1000"]]
	408
	409	[[image:linux12.png\|\|width="1000"]]
	410
	411	[[image:linux13.png\|\|width="1000"]]

Wiki source code of SSH

Navigation