Prerequisites

Figure 1125. Shell / Bash Slide presentation

Bash Guide for Beginners


Figure 1126. Secure Shell Slide presentation

The definitive guide, also available at SafariOnline

  • Public/private keys, pass phrases

  • Trusted hosts

  • Port forwarding

  • X11 forwarding

  • ssh agent


Figure 1127. Working with files Slide presentation

Figure 1128. Gathering network related information Slide presentation

Figure 1129. Handle processes Slide presentation

Figure 1130. vim text editor introduction Slide presentation

Vim Introduction and Tutorial


Figure 1131. Creating a ssh public/private key pair Slide presentation
ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/goik/.ssh/id_rsa): 
Created directory '/home/goik/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/goik/.ssh/id_rsa.
Your public key has been saved in /home/goik/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:mi/5CaYsND/Dc+qr8CJ9Yji/zzP1SwuES/OmlnqvvK0 goik@bw-lehrpool
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|                 |
|                 |
|     .           |
|    + . S        |
|  o. =.o         |
|.+ +.oOo.        |
|=o=+&*+=.o       |
|.=*%E#oo*.       |
+----[SHA256]-----+

Figure 1132. Configuration file permissions on windows network file systems Slide presentation
cd .ssh 

touch known_hosts 
cp id_rsa.pub authorized_keys 

setfacl -R --remove-all . * 

chmod go-w . * 
chmod ugo-x * 
chmod go-r id_rsa 

Enter secure shell client configuration directory.

Creating an empty file known_hosts being subsequently populated by ssh public host keys during remote logins. This allows for remote system identification.

The authorized_keys file contains the set of public keys providing remote log in authorization to the current system.

This invocation pays tribute when using a Windows network share: The extended ACLs are too open with respect to security considerations.

Only the owner is allowed to read .ssh directory content and files being contained within.

Configuration files do not necessitate execution privileges.

The ssh private key should only be accessible by its respective owner.


Figure 1133. Resulting permissions and configuration test Slide presentation
ls -al

drwxr-xr-x+  2 goik fb1prof    0 Oct 13 16:03 .
drwxr-xr-x+ 30 goik fb1prof    0 Oct 13 16:04 ..
-rw-r--r--+  1 goik fb1prof  398 Oct 13 16:02 authorized_keys
-rw-------+  1 goik fb1prof 1675 Oct 13 16:02 id_rsa
-rw-r--r--+  1 goik fb1prof  398 Oct 13 16:02 id_rsa.pub
-rw-r--r--+  1 goik fb1prof  222 Oct 13 16:03 known_hosts

Testing ssh private key based logins to your local system:

~> ssh localhost
Welcome to Ubuntu 18.04.3 LTS ...