What is SSH ?
The Internet has developed the need for some secure methods of communication. One such method is Secure Shell (SSH) encryption.It is developed by SSH Communications Security Ltd., “Secure Shell” is a program to log into another computer on a network, to execute commands in a remote machine, and to move files from one machine to other. It provides strong authentication and secure communications over insecure channels. It is a replacement for rlogin, rsh, rcp, and rdist. SSH protects a network from attacks such as IP spoofing, IP source routing, and DNS spoofing. An attacker who has managed to take over a network can only force ssh to disconnect. He or she cannot play back the traffic or hijack the connection when encryption is enabled.This SSH uses one open and one secret key. In contrast to Kerberos, SSH does not use a central server for security. SSH uses port 22.
It is actually a suite of three utilities – slogin, ssh, and scp – these are secure versions of the earlier UNIX utilities, rlogin, rsh, and rcp. SSH commands are encrypted and secure in several ways. Both ends of the client/server connection are authenticated using a digital certificate, and passwords are protected by being encrypted. SSH uses RSA public key cryptography for both connection and authentication.
Starting a Server ?
Any SSH server can be run either by the regular user or by root. If it is launched by root, server will listen in port 22 and it will accept both root and user login. Otherwise it will listen in port 2222 and allow only user login.
If you do not have a root-access to your device, the only option is to run server as normal user using port 2222 allowing only user to login. You can still use sudo getroot to become root.
Before starting the server, check which user you are currently
$ whoami
user
This can also be seen from the character which is seen just after the current path and before the edit area of the terminal/console. For normal user it shows “$” and for root it shows “#”.
When you finishes with passwords and/or keys, start the server
/var/lib/install/etc/init.d/dropbear-server start
It depends on which user you started the server with, it prints out for the normal user
If I will be running as a regular user, I will listen to port 2222
Starting any SSH server: any.
or for the root just
Starting any SSH server:any.
You can check that the SSH server is running
$ ps ax | grep any
209 5 user 584 S /var/lib/install/usr/sbin/any -d /var/
286 0 user 360 S grep any
In the second column it is seen that the server is running as an ordinary user.
Starting and stopping server automatically?
For becoming a root and create a symlink that will make the any SSH server to start and stop automatically
$ sudo gainroot
(output supressed)
# ln -s /var/lib/install/etc/init.d/any-server /etc/rc2.d/S20any-server
Security warning for SSH server
If any one is hosting your SSH server to public, remember to disable the root access. This is very important! because lots of “hacker”s are running brute force tools and these tools are trying to scan the open ssh port and brute force to get root access. If your root password somehow easy to guess, or you are not lucky enough, your server will be “hacked” and become a unsecured machine.
This is how you can disable the root access ?
Edit /etc/ssh/sshd_config, search for PermitRootLogin and change the yes to no. Then restart ssh server
sudo /etc/init.d/ssh restart
Do not take the risk to enable root access, unless you are sure what are you doing. If you need root access, consider to use sudo.
How to hide your Password without Public Keys:
If you do not want’s to type your password at the command line for each operation and don’t have the ability to put your public key on the SSH server are as follows:
1) Create the following one-line Perl script and save it as my_ssh_cvs.pl
system(“plink.exe”, “-ssh”, “-pw”, “YOURPASSWORD”, @ARGV);
2)Now use PERL2EXE or ActiveState’s perldevkit (perlapp -f my_ssh_cvs.pl) to create an executable from the script, e.g., my_ssh_cvs.exe
3) Delete my_ssh_cvs.pl
4) Run WinCVS
5) Select Admin/Preferences…
6) Click Settings… (for the ssh protocol)
7) Click “If ssh is not in the PATH” and enter my_ssh_cvs.exe
For “additional SSH options”, leave it blank
