Configuration for ssh is done in two places:
- In the /etc/ssh directory as root
- In the user’s .ssh subdirectory
From a system perspective, /etc/ssh/sshd_config may need to be changed in order to restrict ssh version 1, allow root login (PermitRootLogin) or make other various changes. The sshd daemon can be restarted without disrupting current connections. In /etc/ssh is also a file called ssh_known_hosts. If you will be using ssh as the root user, I recommend making a symbolic link between root’s known_hosts file and this one. Then make sure and connect to any new hosts as root before connecting as a user. In this way, you will maintain a global known_hosts command and individual users will not have to maintain their individual host lists.
From a user perpective, ssh is set up by creating a public and private key pair with the ssh-keygen command:
$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/username/.ssh/id_rsa): Created directory '/home/username/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/username/.ssh/id_rsa. Your public key has been saved in /home/username/.ssh/id_rsa.pub. The key fingerprint is: 45:36:66:b8:39:bc:e0:84:ae:eb:50:e3:28:ec:47:0a username@hostname $ cd .ssh $ ls -l total 16 -rw------- 1 username staff 1675 Nov 24 12:40 id_rsa -rw-r--r-- 1 username staff 401 Nov 24 12:40 id_rsa.pub
The file ‘id_rsa’ is your private key and should be kept on any system that is trying to ssh out. The file ‘id_rsa.pub is your public key. Give this to other people so that they can put in into a file on their side called ‘authorized_keys’. If you want to test ssh by connecting to yourself, simply move or copy ‘id_rsa.pub’ to ‘authorized_keys’. At this point you should be able to test ssh by connecting to yourself:
$ pwd /home/username/.ssh $ ls -la total 16 drwx------ 2 netiq staff 256 Nov 24 12:50 . drwxr-xr-x 3 netiq staff 256 Nov 24 12:47 .. -rw------- 1 netiq staff 1675 Nov 24 12:47 id_rsa -rw-r--r-- 1 netiq staff 401 Nov 24 12:47 id_rsa.pub $ mv id_rsa.pub authorized_keys $ ssh localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. RSA key fingerprint is 3b:4b:af:d1:b3:ec:51:83:96:48:ea:8e:09:83:d4:80. Are you sure you want to continue connecting (yes/no)?yes Warning: Permanently added 'localhost,127.0.0.1' (RSA) to the list of known hosts. Last unsuccessful login: Mon Nov 24 12:43:24 CST 2008 on ssh from 10.32.12.45 Last login: Mon Nov 24 12:48:14 CST 2008 on /dev/pts/1 from 10.32.12.45 ********************************************************** * * * * * Welcome to AIX Version 5.3! * * * * * * Please see the README file in /usr/lpp/bos * * for information pertinent to * * this release of the AIX Operating System. * * * * * ********************************************************** $ exit Connection to localhost closed.
Generally you will no only connect to yourself, but you will also not use the name ‘localhost’. After running this test, however, you will have created a new file called ‘known_hosts’ that contains a bit of data which describes this server. This is a human-readable file that will collect information about all of the servers that you connect to. This is the file that is over-ridden by /etc/ssh/ssh_known_hosts.
Once ssh is configured, scp and sftp will also work. If you are a micro-focus cobol user, you might see a different ‘scp’ which will seem wierd, simply change your path to fix this or fully qualify scp:
psoft$scp
PVER1
GERR00Not enough parameters
psoft{fsprd75}$whence scp
/usr/lpp/cobol/bin/scp
psoft$/usr/bin/scp
usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]
[-l limit] [-o ssh_option] [-P port] [-S program]
[[user@]host1:]file1 [...] [[user@]host2:]file2