Tikejhya: Ashish Nepal

Knowledgebase

Category: SSH

ssh from local to remote machine

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Local output to remote file.
# df -h | ssh -i /var/tmp.txt remote.machine.com “cat > /tmp/mylocal_disk_space”

Execute remote command and mail the output.
# ssh -p22 -i /tmp/mykey.pem remote.machine.com ‘df -h’ | mail -s “output” tikejhya@tikejhya.com

Recompiling SSH (New version) Centos 5.x 6.0

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Recompiling SSHD in Centos. Using the same bind directory
I have shown little sample here with openssh 6.0p1 on centos 5.6 (tested).

Problems faced and solution :

root@ashishnepal ssh]# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: /etc/ssh/sshd_config line 22: Unsupported option GSSAPIAuthentication
/etc/ssh/sshd_config line 23: Unsupported option GSSAPICleanupCredentials
/etc/ssh/sshd_config line 25: Unsupported option UsePAM
[ OK ]

SCRIPT

#!/bin/bash

yum -y install libgssapi pam-devel

SOURCEDWN="http://www.mirrorservice.org/sites/ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.0p1.tar.gz"
SOURCELOCATION=/usr/local/src
CONFIGLOCATION=/etc/ssh/
FILE=openssh-6.0p1.tar.gz

cd $SOURCELOCATION && wget $SOURCEDWN && tar -zxvf $SOURCELOCATION/$FILE ;
echo `mkdir $CONFIGLOCATION/old ;
mv $CONFIGLOCATION/ssh* $CONFIGLOCATION/moduli $CONFIGLOCATION/old/serv` ;
cd /usr/local/src/openssh-6.0p1 &&
./configure --sysconfdir=/etc/ssh --bindir=/usr/bin/ --sbindir=/usr/sbin --with-pam --with-kerberos5 && make && make install;
cd /etc/ssh/;
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak && cat /etc/ssh/old/sshd_config | grep -v "^#" >> /etc/ssh/sshd_config;
echo `ssh -V`;
service sshd restart

Problem: However, script includes the below given problem if you skim through.

./configure --sysconfdir=/etc/ssh --bindir=/usr/bin/ --sbindir=/usr/sbin
make
make install

[root@ashishnepal ssh]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd: /etc/ssh/sshd_config line 22: Unsupported option GSSAPIAuthentication
/etc/ssh/sshd_config line 23: Unsupported option GSSAPICleanupCredentials
/etc/ssh/sshd_config line 25: Unsupported option UsePAM
                                                           [  OK  ]

if you need UsePAM yes and GSSAPIAuthentication Yes you should also config with pam and kerberos5 as given above.
inorder to make it usable you might need “yum install libgssapi pam-devel”

Solution: After installing libgssapi and pam-devel

./configure --sysconfdir=/etc/ssh --bindir=/usr/bin/ --sbindir=/usr/sbin --with-pam --with-kerberos5

SSH (Passwordless)

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

#ssh-keygen -t rsa

ssh-copy-id -i ~/.ssh/id_rsa.pub user@servername

or

Copy the content of /root/.ssh/id_rsa.pub to /root/.ssh/authorized_keys
#id_rsa.pub >> authorized_keys
Make sure the permissions are:
#chmod 755 .ssh
#chmod 600 ~/.ssh/authorized_keys

More Tips & Tricks
• You have to disable strict mode in ssh config file if the home directory has access to other users.
• You can restrict the hostnames from where they can connect to the server
Sample:
from=”*.example.com,*.test.com”, [ space] ssh-rsa
or from=”required ip” ssh-rsa

Note: id_rsa.pub is public key, id_rsa is private key, authorized_keys is the key that enables authorization

Powered by WordPress & Theme by Anders Norén