Difference between revisions of "SSH"

From Cncz
Jump to navigation Jump to search
 
(One intermediate revision by the same user not shown)
Line 45: Line 45:
  
 
[nl]
 
[nl]
Om waarschuwingen over mogelijk veranderde ssh keys of 'unknown host' als je een ssh verbinding met een host
+
Om waarschuwingen te voorkomen over mogelijk veranderde ssh keys en ook meldingen als 'unknown host' als je een ssh-verbinding met een host
in het science.ru.nl domein maakt hebben we de publieke sleutel van al onze servers getekend.
+
in het science.ru.nl domein maakt, hebben we de publieke sleutel van al onze servers getekend.
 
Als je de volgende regels toevoegt aan het bestand 'config' in de .ssh directory in je (lokale) home directory
 
Als je de volgende regels toevoegt aan het bestand 'config' in de .ssh directory in je (lokale) home directory
 
(het kan zijn dat dit file nog niet bestaat)
 
(het kan zijn dat dit file nog niet bestaat)
 
[/nl]
 
[/nl]
 
[en]
 
[en]
To avoid warnings about possibly changed ssh keys or 'unkown host' the first time you connect to a  
+
To avoid warnings about possibly changed ssh keys and prevent messages with 'unkown host' the first time you connect to a  
host in the science.ru.nl domain we have signed the public keys of all our  servers.  
+
host in the science.ru.nl domain, we have signed the public keys of all our  servers.  
 
If you add the following lines to the file 'config' in the .ssh directory in your (local) home directory
 
If you add the following lines to the file 'config' in the .ssh directory in your (local) home directory
(the file may not exist yet)
+
(maybe this file has to be created)
 
[/en]
 
[/en]
 
   CanonicalDomains science.ru.nl
 
   CanonicalDomains science.ru.nl
Line 69: Line 69:
  
 
[nl]
 
[nl]
dan zullen ssh keys van science.ru.nl hosts automatisch geaccepteerd worden. De wijziging van het 'config' bestand zorgt ervoor dat
+
dan zullen door C&CZ getekende ssh keys van science.ru.nl hosts automatisch geaccepteerd worden. De wijziging van het 'config' bestand zorgt ervoor dat
 
[/nl]
 
[/nl]
 
[en]
 
[en]
then ssh keys of science.ru.nl hosts will be automatically accepted. The change to the 'config' file ensures that
+
then C&CZ signed ssh keys of science.ru.nl hosts will be automatically accepted. The change to the 'config' file ensures that
 
[/en]
 
[/en]
 
   ssh lilo5
 
   ssh lilo5
 
[nl]
 
[nl]
 
automatisch overeenkomt met lilo5.science.ru.nl (dus korte hostnaam volstaat) en de regel in known_hosts zorgt ervoor dat
 
automatisch overeenkomt met lilo5.science.ru.nl (dus korte hostnaam volstaat) en de regel in known_hosts zorgt ervoor dat
ssh alleen voor hostnamen die overeenkomen met *.science.ru.nl zal controleren of de publieke sleutel van de host getekend is door ons
+
ssh alleen voor hostnamen die overeenkomen met *.science.ru.nl zal controleren of de publieke sleutel van de host getekend is door C&CZ
en als dat inderdaad het geval is de sleutel zonder meer accepteren. Als je het config bestand niet wilt wijzigen dan moet je altijd de
+
en als dat inderdaad het geval is de sleutel zonder meer accepteren. Als je het config bestand niet wilt wijzigen, dan moet je altijd de
 
volledige hostnaam gebruiken lilo5.science.ru.nl want anders komt de regel in known_hosts niet overeen.
 
volledige hostnaam gebruiken lilo5.science.ru.nl want anders komt de regel in known_hosts niet overeen.
 
[/nl]
 
[/nl]
 
[en]
 
[en]
 
will match with lilo5.science.ru.nl and the line in known_hosts ensures that only for hostnames matching with *.science.ru.nl  
 
will match with lilo5.science.ru.nl and the line in known_hosts ensures that only for hostnames matching with *.science.ru.nl  
ssh will check if the public key of the host is signed by us and if that is indeed the case will accept the host key.  
+
ssh will check whether the public key of the host is signed by C&CZ and if that is indeed the case will accept the host key.  
If you do not want to change the config file then you will always have to use the fully qualified name lilo5.science.ru.nl.
+
If you do not want to change the config file then you will always have to use the fully qualified hostname lilo5.science.ru.nl.
 
[/en]
 
[/en]
  
 +
[nl]
 +
Ssh kan gebruikt worden voor
 +
* port forwarding op een andere host
 +
* proxying van bv web verkeer
 +
* bijna volledige VPN functionaleit
  
 
+
Zie [http://blogs.perl.org/users/smylers/2011/08/ssh-productivity-tips.html dit artikel] voor enkele geweldige tips hoe je de ssh client kunt gebruiken en instellen.
 
+
[/nl]
 +
[en]
 
Ssh can be used for:
 
Ssh can be used for:
 
* port forwarding on another host
 
* port forwarding on another host
Line 97: Line 103:
 
Please consult [http://blogs.perl.org/users/smylers/2011/08/ssh-productivity-tips.html this article] for some excellent tips on how to use and configure your ssh client.
 
Please consult [http://blogs.perl.org/users/smylers/2011/08/ssh-productivity-tips.html this article] for some excellent tips on how to use and configure your ssh client.
 
[/en]
 
[/en]
 
[nl]
 
Voor nuttige tips voor het efficient gebruik van SSH, zie [http://blogs.perl.org/users/smylers/2011/08/ssh-productivity-tips.html dit artikel].
 
[/nl]
 
  
 
=== [en]Preventing disconnects[/en] [nl]Verbindingsproblemen voorkomen[/nl] ===  
 
=== [en]Preventing disconnects[/en] [nl]Verbindingsproblemen voorkomen[/nl] ===  

Latest revision as of 13:54, 20 April 2021

SSH Secure Shell

SSH is used to get a secure terminal-connection to a login server. All Linux loginservers can be reached with SSH client software, not only on the standard port 22, but also on ports 80 and 443.


Recommended ssh client software

  • Windows:
    • MobaXterm. From the MobaXterm website: "MobaXterm is an enhanced terminal for Windows with an X11 server, a tabbed SSH client and several other network tools for remote computing (VNC, RDP, telnet, rlogin). MobaXterm brings all the essential Unix commands to Windows desktop, in a single portable exe file which works out of the box." The support of OpenGL could also be a reason to start using MobaXterm. If you use it professionally, you should consider subscribing to MobaXterm Professional Edition. MobaXterm is available on the S-disc.
    • Mosh (mobile Shell) when roaming and intermittent connections.
    • PuTTY.
    • The OpenSSH client provided by Cygwin.
  • Linux: Your computer should have ssh installed by default. Otherwise, install the openssh-client package. Install Mosh (mobile Shell) when roaming or having intermittent connections.
  • OS X: the ssh client should be available on your Mac. For graphical/X11 functionality one can install XQuartz. Install Mosh (mobile Shell) when roaming or having intermittent connections.
  • Android: JuiceSSH or ConnectBot. Install Mosh (mobile Shell) when roaming or having intermittent connections.

Recommended file transfer clients


SSH tips and settings

To avoid warnings about possibly changed ssh keys and prevent messages with 'unkown host' the first time you connect to a host in the science.ru.nl domain, we have signed the public keys of all our servers. If you add the following lines to the file 'config' in the .ssh directory in your (local) home directory (maybe this file has to be created)

  CanonicalDomains science.ru.nl
  CanonicalizeFallbackLocal no
  CanonicalizeHostname yes

and the following line to .ssh/known_hosts

  @cert-authority *.science.ru.nl ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHpJveyOrLKFRDsbiW/29OadbCbkmUaIXnWbhVwtytbpftAc7Stj2RYa8yBmgfdm82T/UBVu1tLbeeCYQI8UlCvbAALMx+I60ux+iEGVdDBgIOjeu6LuY12pksVlXy/nKc59+m3AdMXfGHA8cI/O8eFosQLJ+dck7SBcvTT4lPhEcSQxg==

then C&CZ signed ssh keys of science.ru.nl hosts will be automatically accepted. The change to the 'config' file ensures that

  ssh lilo5

will match with lilo5.science.ru.nl and the line in known_hosts ensures that only for hostnames matching with *.science.ru.nl ssh will check whether the public key of the host is signed by C&CZ and if that is indeed the case will accept the host key. If you do not want to change the config file then you will always have to use the fully qualified hostname lilo5.science.ru.nl.

Ssh can be used for:

  • port forwarding on another host
  • proxying for example web traffic
  • almost complete vpn functionality

Please consult this article for some excellent tips on how to use and configure your ssh client.

Preventing disconnects

In case you experience connectivity issues using ssh, use the following settings for your ssh-client. This can be done by adding the following lines to the config file .ssh/config (or /etc/ssh/ssh_config):

TCPKeepAlive no
ServerAliveInterval 60
ServerAliveCountMax 10