SSH Guide

**Note: This Guide was written for use by my Computer Science class

on Linux (and Mac OS X where noted). I haven’t used SSH on Windows; but hopefully someone can make sure this guide works also on Windows by noting differences). SSH comes with nearly all Linux distros and all Mac OS X releases.
**

OS Specific Colours: Linux - Mac OS X - Windows
**
**
**Download SSH For Windows
**

***Windows: ****You need to follow README located in Start > All Programs > OpenSSH > README to set up password directories and files. After that is done; just do Start > Run; type cmd and hit enter to get Windows command line. All commands beginning with SSH should run unmodified. ****

By default it allows access to your username and password; which is okay but not totally secure! If you are logging on from a machine which has the same username as one you are trying to access you can drop ‘myusername@’ bit. mylaptop represents the IP address of the machine you are trying to contact!

$ ssh myusername@mylaptop

To forward X server (use the flag -Y on Mac OS X) :
$ ssh -X myusername@mylaptop

To use a different port (where port is WXYZ) also: (use the flag -Y on Mac OS X):
$ ssh -X myusername@mylaptop -p WXYZ

How to get it more secure:* *

*Generate your own key (this will ask for a password; can be left

blank but not recommended):*

$ ssh-keygen

Copy your key to machine you want to login to:
$ scp ~/.ssh/id_dsa.pub mylaptop:~/.ssh/authorized_
keys2
(This command uses SCP (Secure Copy) to copy your key into a list of keys allowed on remote machine. You also have an authorized_keys2 on your computer)

Edit Configuration File:

Finally edit configuration to make it more secure (nano is a lightweight text editor - this command will be very different on Windows; since it won’t have sudo command, nano editor or the SSH configuration file in the same place; I currently have no clue what it would be on Windows):
$ sudo nano /etc/sshd_config

• Options I recommend changing (hash at the start means it is commented out; so remove to take effect) :*
  #Port 22 - change to whatever; recommended between 2000-65000

• Enable these three:*
  #RSAAuthentication yes** **
  #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys

Set to ‘yes’ and uncomment to allow forwarding of visuals:*
#X11Forwarding no

• Set to ‘yes’ and uncomment if you want to use your machine as a proxy:*
  #AllowTcpForwarding yes
  #PermitTunnel no *Now save the file with you changes ( CTRL and X; it will ask to save; enter Y and enter key). These will not come in to effect until to stop and start the SSH server! * Stop/Start on Linux To stop SSH server, enter:
  $ sudo /etc/init.d/ssh stop
  To start SSH server, enter:
  $ sudo /etc/init.d/ssh start
  To restart ssh server, enter:
  $ sudo /etc/init.d/ssh restart

Stop/Start OS X To stop SSH Server, enter: $ sudo /sbin/service ssh stop To Start SSH server, enter: $ sudo /sbin/service ssh start **
That is it!**
Most of the options you can skip based on preference. I recommend not allowing password only login and setting up keys. It is much harder to break; and there is no ‘known’ way to break it….