What is SSH?
The Internet has developed the need for some secure methods of communication. One such method is Secure Shell (SSH) encryption. It is developed by SSH Communications Security Ltd., “Secure Shell” is a program to log into another computer on a network, execute commands on a remote machine, and move files from one machine to other. It provides strong authentication and secure communications over insecure channels. It is a replacement for rlogin, rsh, RCP, and rdist.
SSH protects a network from attacks such as IP spoofing, IP source routing, and DNS spoofing. An attacker who has managed to take over a network can only force ssh to disconnect. He or she cannot playback the traffic or hijack the connection when encryption is enabled. This SSH uses one open and one secret key. In contrast to Kerberos, SSH does not use a central server for security. SSH uses port 22.
It is actually a suite of three utilities – slogin, ssh, and scp – these are secure versions of the earlier UNIX utilities, rlogin, rsh, and rcp. SSH commands are encrypted and secure in several ways. Both ends of the client/server connection are authenticated using a digital certificate, and passwords are protected by being encrypted. SSH uses RSA public-key cryptography for both connection and authentication.
Starting a Server?
Any SSH server can be run either by the regular user or by root. If it is launched by root, the server will listen in port 22 and it will accept both root and user login. Otherwise, it will listen in port 2222 and allow only user login.
If you do not have root access to your device, the only option is to run the server as a normal user using port 2222 allowing only the user to log in. You can still use Sudo get root to become root.
Before starting the server, check which user you are currently
$ whoami
user
This can also seen from the character which seen just after the current path and before the edit area of the terminal/console. For a normal user, it shows “$” and for root, it shows “#”.
When you finish with passwords and/or keys, start the server
/var/lib/install/etc/init.d/dropbear-server start
It depends on which user you started the server with, it prints out for the normal user
If I will be running as a regular user, I will listen to port 2222
Starting any SSH server: any.
or for the root just
Starting any SSH server: any.
You can check that the SSH server is running
$ ps ax | grep any
209 5 user 584 S /var/lib/install/usr/sbin/any -d /var/
286 0 user 360 S grep any
In the second column, it seen that the server running as an ordinary user.
Starting and stopping server automatically?
For becoming a root and create a symlink that will make any SSH server start and stop automatically
$ sudo gainroot
(output supressed)
# ln -s /var/lib/install/etc/init.d/any-server /etc/rc2.d/S20any-server
Security warning for the SSH server
If anyone is hosting your SSH server to the public, remember to disable the root access. This is very important! because lots of “hacker”s are running brute force tools and these tools are trying to scan the open ssh port and brute force to get root access. If your root password is somehow easy to guess, or you are not lucky enough, your server will “hacked” and become an unsecured machine.
This is how you can disable the root access?
Edit /etc/ssh/sshd_config, search for PermitRootLogin and change the yes to no. Then restart ssh server
sudo /etc/init.d/ssh restart
Do not take the risk to enable root access, unless you are sure what are you doing. If you need root access, consider using sudo.
How to hide your Password without Public Keys:
If you do not want to type your password at the command line for each operation and don’t have the ability to put your public key on the SSH server are as follows:
- Create the following one-line Perl script and save it as my_ssh_cvs.pl
system(“plink.exe”, “-ssh”, “-pw”, “YOURPASSWORD”, @ARGV); - Now use PERL2EXE or ActiveState’s perldevkit (perlapp -f my_ssh_cvs.pl) to create an executable from the script, e.g., my_ssh_cvs.exe
- Delete my_ssh_cvs.pl
- Run WinCVS
- Select Admin/Preferences…
- Click Settings… (for the ssh protocol)
- Click “If ssh is not in the PATH” and enter my_ssh_cvs.exe
- For “additional SSH options”, leave it blank