Tip

Setting up SSH2 on Red Hat Enterprise Linux

Find out how to set up SSH2 (Secure Shell) on Red Hat Enterprise Linux (RHEL), using encryption keys instead of passwords in this tutorial. You can use this with either RHEL 4 or RHEL 5.

This tip describes how to set up SSH2 (Secure Shell) on Red Hat Enterprise Linux (RHEL) and to use encryption keys instead of passwords. This will enable the administrator to connect in a quicker, easier and more secure manner. It is applicable to either RHEL 4 or RHEL 5.

There are currently two versions of the SSH protocol in use, which are SSH1 and SSH2. The SSH1 protocol can be exploited through its connection setup protocol and is, therefore, not commonly used anymore. The SSH2 protocol however, has a more robust and more flexible connection-setup. There are two enterprise-level versions of SSH: one derived from ssh.com, and the other is OpenSSH. OpenSSH is free and used more often. In fact, OpenSSH is included with most Linux distributions.

Before I get into the step-by-step guide, here's a little background on Secure Shell, also known as Secure Socket Shell. It is a Unix-based command interface and protocol for getting secure access to a remote computer. Most often, SSH is used to control Web servers and other types of servers remotely. SSH commands are encrypted and secure in several ways. Both ends of the client/server connection are authenticated using a digital certificate, and passwords are protected by being encrypted.

SSH packets being sent from the SSH client to the server are encrypted with a form of shared-key cryptography, using a random key which is generated for each new connection and thrown away when that connection is over. The client and the server use public-key cryptography to agree on the session key, and either party may request a re-keying of the session at any time.

Once you become familiar with SSH keys, communication and file copying between servers/clients will be secure, quicker and more convenient.

Here's an example on setting up a secure connection between a RHEL client and RHEL server.

On the client, go to the .ssh directory, which is located under /root -- full path is /root/.ssh. Now, let's create our private and public keys and put them into a file.

Once the Linux machine has been successfully booted, the network service is usually already started. If not, it can be started by doing:

ssh-keygen -t dsa -b 1024 -f id_dsa_something -C 'Client'

This created a 1024 bit key and 2 files.

1. id_dsa_something  - This holds your client's PRIVATE Key.
2. id_dsa_something.pub - This holds your server's PUBLIC key.

Now, we need to place the key located in id_dsa_something.pub into the server's "authorized_keys2" file, which is located under /root/.ssh directory. If this file is not already there, we will create it. We'll copy the key over via a file copying program called "rsync."

Once the Linux machine has been successfully booted, the network service is usually already started. If not, it can be started by doing:

rsync -av -e ssh id_dsa_something.pub SERVERSIP:/root/.ssh/

Make sure to change "SERVERSIP" to the server's IP address. After entering this command, you will be prompted for the root password of the server; type it and press "Enter."

Now, on the server, do the following:

1. cd /root/.ssh
2. cat id_dsa_something.pub >> authorized_hosts2
3. chmod 600 authorized_hosts2

The second command copies the contents of id_dsa_something.pub into authorized_keys2 file. The third command gives it the correct permissions to be run by the system.

On the client, do the following:

1. cd /root/.ssh
2. eval 'ssh-agent'
3. ssh-add id_dsa_something
4. ssh-add -l

The second command starts the SSH agent program. Third and fourth commands add your private key to memory.

Simply SSH into the server.

ssh serversIP

When prompted, type in the root password. Now exit out and try to SSH into the server from the client once more. This time, you shouldn't be prompted for a password. Remember earlier that when we copied the .pub key over, we were prompted for a password. Also, there are two types of file copying programs for linux, rsync & scp.

Let's copy a file to the server using SCP from the client.

scp -o 'IdentityFile2 id_dsa_something' test.txt root@serversip:

Make sure to change test.txt to the file you want to copy over. Once you change the serversip to your server's IP address, you're all set.

Once you start using SSH, you'll see how much easier remote access and management is without passwords. With SSH, you can help your system connect to remote systems in a manner that is faster and safer, overall.

Dig Deeper on Data center ops, monitoring and management