Install and Configure OpenSSH

OpenSSH is a replacement for telnet and ftp that eliminates eavesdropping, connection hijacking, and encrypts all communication between hosts. One of the most indepensible free security tools in existence.

• Install the OpenSSH and OpenSSL Packages:

openssh-<current-version>.rpm
openssh-server-<current-version>.rpm
openssh-clients-<current-version>.rpm
openssl-<current-version>.rpm

• Generate Public/Private Key Pair:

OpenSSH uses public key cryptography to provide secure authorization. Generating the public key, which is shared with remote systems, and the private key which is kept on the local system, is done first to configure OpenSSH.

orion$ ssh-keygen
Generating RSA keys: ...ooooooO....ooooooO
Key generation complete.
Enter file in which to save the key (/home/dave/.ssh/identity):
Created directory '/home/dave/.ssh'.
Enter passphrase (empty for no passphrase): <passphrase>
Enter same passphrase again: <passphrase>
Your identification has been saved in /home/dave/.ssh/identity.
Your public key has been saved in /home/dave/.ssh/identity.pub.
The key fingerprint is:
ac:42:11:c8:0d:b6:7e:b4:06:6a:a3:a7:e8:2c:b0:12 dave@orion

• Copy Public Key to Remote Host:

 host2$ mkdir -m 700 ~dave/.ssh
 host2$ cp /mnt/floppy/identity.pub ~dave/.ssh/authorized_keys

• Log in to Remote Host:

The SSH client (/usr/bin/ssh) is a drop-in replacement for rlogin and rsh. It can be used to securely login to a remote host:

 orion$ ssh host2
 Enter passphrase for RSA key 'dave@orion': <passphrase>
 Last login: Sat Aug 15 17:13:01 2000 from orion
 No mail.
 host2$

• Copy Files to Remote Host:

The OpenSSH package also includes scp, a secure and improved replacement for rcp. This allows you to securely copy files over a network.

 orion$ scp /tmp/file.tar.gz host2:/tmp
 Enter passphrase for RSA key 'dave@orion:
 file.tar.gz 100% |***************************| 98304 00:00

It is also possible to encapsulate ordinarily insecure protocols such as IMAP and POP within SSH to prevent transmitting clear text passwords to your mail server. Additionally, the rsync incremental file transfer utility can use SSH to securely synchronize two hosts or backup data to a log server securely. SSH can even be used to securely connect two subnets across the Internet, effectively creating a virtual private network. Disable remote root logins and emtpy password ability.