125

8.3.2 ssh

ssh is the client program, which can also be invoked as slogin. The client can be used either to log in to a host or to execute a program on a remote host, when the host is running sshd. The client is designed to be easy to use and to be run by any user. At the minimum, you can use the following command: ssh hostname which will let you log into a host thats running sshd. Or, you can execute a remote command with the following syntax: ssh hostname command

8.3.2.1 Understanding SSH authentication

Like the r utilities Unix users are familiar with, SSH lets you allow password-free access to a system based on a hostnameusername combination in a hosts.equiv file or .rhosts file. In other words, it doesnt trust network information alone for authentication, as IP addresses and DNS entries can be spoofed. The etchosts.equiv file is checked first, and contains hostname and username entries put there by the system administrator. Individual users can also create .rhosts files in their home directories that contain hostname and username entries for hosts they commonly log in from. This file is checked after hosts.equiv, and hosts.equiv can override .rhosts. Note: password-free access for root cant be granted in the hosts.equiv file, only in roots .rhosts file. Unlike the r utilities, SSH wont allow you to log in password-free based simply on hostname or username. You can specify otherwise at compile time, but this isnt recommended because it strips SSH of secure authentication. Normally, SSH requires an additional, more secure authentication method in order to proceed. The default additional method is RSA authentication using host keys. These keys are stored in the systems etcssh_known_hosts file or the users HOME.sshknown_hosts file. Another method is RSA authentication based on a users publicprivate key pair, where the server knows a users public key, and the users client program knows his private key. In this scheme, a user will store his public keys on a remote host in his HOME.sshauthorized_keys file. When the user connects to the system using ssh, it tells the server which userkey pair it would like to use. The server checks to see if that key pair is in the authorized_keys file and, if so, it encrypts a challenge message using the public key and sends it back to the users SSH client. The client then decrypts the message using the users private key, and sends the message back to the server—thus verifying that the user is who he says he is, without ever sending the private key over the network. Additionally, authentication can be made using a Trusted Information Systems TIS, recently acquired by Network Associates authentication server. We wont go into this type of authentication in this chapter, but information can be found in the README.TIS file that comes with the SSH distribution.

8.3.2.2 Running ssh in batch mode

ssh can also be called from a script in batch mode see the parameter later in this section to execute automated commands securely on a remote system. When in batch mode, ssh wont 126 ask for a password or passphrase as long as password authentication is not needed as when youre using RSA user authentication, and as long a passphrase isnt used to protect the users private key. Although this method is less secure, its useful in scripts where a user might not be around to supply input. Some security is still maintained because only the user, as the owner of her identity file, can read the private key due to file permissions.

8.3.2.3 Useful ssh parameters for our purposes