C Ssh

02-05-2021
 |  [RAND-100] - Comments



SSH Keyboard Authentication. SSH Public Key Authentication. SSH Remote Shell. SSH using SOCKS Proxy. SSH Tunnel (Port Forwarding via direct-tcpip channel) SSH Tunnel with Dynamic Port Forwarding. Multi-Hop SSH (SSH Through SSH) Use PuTTY Key for SSH Authentication. Using sudo in an SSH. Mar 09, 2021 SSH, or Secure Shell, is a remote administration protocol that allows users to control and modify their remote servers over the Internet. The service was created as a secure replacement for the unencrypted Telnet and uses cryptographic techniques to ensure that all communication to and from the remote server happens in an encrypted manner. As of April 12, 2019, SSH keys are required when SSHing to CS/CSRES networks when outside of our networks, campus wireless, or the VPN. The University ISO will quarantine any host allowing SSH access that has not disabled password authentication. An SSH key pair consists of two keys: One public key and one private key. SSH.COM is one of the most trusted brands in cyber security. We help enterprises and agencies solve the security challenges of digital transformation with innovative access management solutions. About SSH.COM Popular. Gartner on Zero Standing Privileges PrivX - watch how it works.

Table of Contents

C Ssh
  • Overview
  • Connect to your server via SSH
  • Manage SSH keys
  • Generate a New Key
  • Import Key
  • Manage your keys

Table of Contents

  • Overview
  • Connect to your server via SSH
  • Manage SSH keys
  • Generate a New Key
  • Import Key
  • Manage your keys

SSH Access

Valid for versions 82 through the latest version

Last modified: February 23, 2021

Overview

This interface provides information about how to connect to another web server via the SSH (secure shell) network protocol.

The SSH network protocol allows you to connect to another web server over the internet via a command line interface (CLI). You can use this network protocol to remotely manage your server, configure CGI scripts, and perform other tasks.

Many modern operating systems, such as macOS® and Linux® distributions, include SSH. If you use Microsoft Windows® to connect to your server, you must use an SSH client, such as PuTTY, to log in to your server.

Many Unix-based operating systems include standardized commands. For a list of standardized Unix-based (POSIX) commands, read the GNU Coreutils documentation.

Ssh
Not all hosting providers allow shell access.

Connect to your server via SSH

To use PuTTY to connect to your server via SSH, perform the following steps:

  1. Download and install the PuTTY client.

  2. From the Windows Start menu, open the client.

  3. In the Session interface, enter the hostname or IP address of the server in the Host Name (or IP address) text box (for example, 192.0.2.0).

  4. Enter the port number in the Port text box (for example, 22).

  5. Select the SSH protocol.

  6. Click Open.

  7. Enter your cPanel account’s username.

  8. Enter your cPanel account’s password.

To log in to a server via SSH with PuTTY and a public key, perform the following steps:

  1. From the Windows Start menu, open the client.

  2. Navigate to the PuTTY Key Generator interface.

  3. Under the Actions heading, click Generate. PuTTY will generate the key and display the result under the Key menu.

  4. Copy the public key and paste it in the .ssh/authorized_keys file.

  5. Enter a passphrase in the Key passphrase and Confirm passphrase text boxes.

  6. Click Save private key and save the key as a .ppk file.

  7. In the Session interface, from the Saved Sessions menu, select your preferred authorization session and click Load.

  8. Navigate to the Auth interface under the SSH category.

  9. Click Browse, select the private key file to upload, and click Open.

  10. Navigate to cPanel’s Manage SSH Keys interface (Home >> Security >> SSH Access >> Manage SSH Keys) and import the server’s keys.

C Sharp

Log in with a Password

To log in to your server with a password via SSH using macOS or Linux, perform the following steps:

  1. Open a Terminal session.

  2. Run the following command: ssh -p port user@IP where port represents the port number, user represents your username, and IP represents your IP address. For example:

  3. Enter your password.

The password login process is similar to the following example:

Log in with a SSH Key

To log in to your server with a password via SSH using macOS or Linux, perform the following steps:

  1. Open a Terminal session.

  2. Run the following command: ssh -p port -i ssh-key user@IP where port represents the port number, ssh-key represents the file path to your SSH key, user represents your username, and IP represents your IP address. For example:

  3. Enter your SSH key password. If you did not set a password when you created the SSH key, press Enter when the system prompts you for a password.

The SSH Key login process is similar to the following example:

Manage SSH keys

This section of cPanel’s SSH Access interface allows you to create, import, manage, and remove SSH keys. The system will use these keys when you confirm that a specific computer has the right to access your website’s information with SSH.

Generate a New Key

Use this section of the interface to create new SSH key pairs, which include a public key and a private key.

To generate a new SSH key pair, perform the following steps:

  1. Click Manage SSH Keys.

  2. Click Generate a New Key.

  3. To use a custom key name, enter the key name in the Key Name (This value defaults to id_rsa): text box.

    If you use a custom key name, you must manually specify the SSH key when you log in to the server.

  4. Enter and confirm the new password in the appropriate text boxes.

    • This step is optional if your hosting provider sets the SSH Keys setting to 0 in WHM’s Password Strength Configuration interface (WHM >> Home >> Security Center >> Password Strength Configuration).
    • The system evaluates the password that you enter on a scale of 100 points. 0 indicates a weak password, while 100 indicates a very secure password.
    • Some web hosts require a minimum password strength. A green password Strength meter indicates that the password is equal to or greater than the required password strength.
    • Click Password Generator to generate a strong password. For more information, read our Password & Security documentation.

  5. Select the desired key type.

    • DSA keys provide quicker key generation and signing times.

    • RSA keys provide quicker verification times.

  6. Select the desired key size.

    Greater key sizes provide more security, but they result in larger file sizes and slower authentication times.

  7. Click Generate Key. The interface will display the saved location of the key.

    For the new SSH key to function, you must authorize the SSH key. For more information, read the Manage your keys section.

Import Key

To import an existing SSH key, perform the following steps:

  1. Click Manage SSH Keys.

  2. Click Import Key.

  3. To use a custom key name, enter the key name in the Choose a name for this key (defaults to id_dsa) text box.

    If you use a custom key name, you must manually specify the SSH key when you log in to the server.

  4. Paste the public and private keys into the appropriate text boxes.

  5. Click Import.

Manage your keys

The Public Keys and Private Keys tables display the following information about your existing keys:

  • Name — The key’s name. Public and private keys use the same key name.

  • Authorization Status — Whether you authorized the key.

    You must authorize new keys before you attempt to use them.
    This column only displays in the Public Keys table.

  • Actions — You can perform the following actions:

    • Delete Key — Click to delete the key, and then click Yes to confirm that you wish to delete the key.

    • View/Download — Click to view or download the key. To download the key, save the contents of the Public SSH Key text box to your computer.

    • Manage — Click to manage authorization for the key. A new interface will appear. Click Authorize to authorize the key, or Deauthorize to revoke authorization for the key.

      • You can only perform this action for public keys.

      • After you deauthorize a key, that key’s users cannot log in with the associated private key.

Additional Documentation

Table of contents

  1. Copying your key to a server

These notes are for Windows 10 only. If you find that you don't have the 'ssh' command, please ensure that you have all of the latest updates applied to your system. You can do so by selecting the Start button, then going to Settings > Update & Security > Windows Update, then selecting Check for updates.

For instructions on adding SSH keys for other platforms, visit this FAQ.

Introduction

As of April 12, 2019, SSH keys are required when SSHing to CS/CSRES networks when outside of our networks, campus wireless, or the VPN. The University ISO will quarantine any host allowing SSH access that has not disabled password authentication.

An SSH key pair consists of two keys: One public key and one private key. The public key, as the name suggests, is public and can be safely shared with the world. The private key should never be shared with anyone and should be kept safe.

In order to use SSH keys to connect to a remote computer, one must first create an SSH key pair on one's computer, then copy the public SSH key to the remote computer. You will create an SSH key pair on each computer that you want to SSH from. You can use the same public SSH key from one computer to connect to many others.

E.g., if you have two computers at home, home1 and home2, and want to use them to connect to remote1, remote2, and remote3 you would create an SSH key pair on both home1 and home2, and then send the public key from home1 to all three remote computers, and lastly you would send the public key from home2 to all three remote computers.

Ssh C Command

C# ssh tunnel

Below are the necessary instructions to create an SSH key pair and add your public key to your CS account. Adding your public SSH key to linux.cs.utexas.edu will automatically add it to all other machines on the CS network. For the purposes of these instructions, we will assume that you want to SSH into a CS machine from a computer at home. To avoid confusion, we will use the following terminology:

HOME = Your home computer
CS_USER = Your CS username
linux.cs.utexas.edu = The machine that you need to SSH into and add SSH key to.

NOTE: All commands will be run on HOME.

Open a CMD prompt

Firstly, you will want to open a CMD prompt in which you will type all of the commands in the next steps. To do so, simply:

  1. Hold the Windows key and press r. This will open the 'Run' window.
  2. Type cmd and press Enter (or click 'OK').

You will now have a black CMD prompt waiting for your input.

Creating a key

To create a 4096-bit RSA key, run the following:

  1. ssh-keygen -t rsa -b 4096
  2. Press Enter to use the default location. (Recommended) 1
  3. Enter a passphrase (ALWAYS use a passphrase!!) 23
  4. Enter your passphrase a second time.

It should look something like this:

Your public SSH key is located by default at C:Users<username>.sshid_rsa.pub and is perfectly safe to be shared with anyone.

Your private SSH key will be located by default at C:Users<username>.sshid_rsa. You should NOT touch this file or share it with anyone.

Copying your key to a server

From UT VPN, UT wireless, or CS network

If you are connected to UT VPN, or have brought your machine on campus and have connected to UT wireless or the CS network, then you can use the method below.

You can find more information on how to connect to UT VPN by visiting this page.

Ssh

To copy your SSH public key from HOME to linux.cs.utexas.edu, simply copy and paste the below command into a CMD prompt:

  1. type .sshid_rsa.pub | ssh CS_USER@linux.cs.utexas.edu 'umask 0077 && mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'
  2. If you see the text 'Are you sure you want to continue connecting (yes/no)?' type yes and press Enter.
  3. Enter CS_USER's password to send your public key to the server.
  4. If successful, you will not see any special output. It will go back to the normal CMD prompt with a blinking cursor.

Congratulations! You can now use your SSH key to log into any CS machine that you have access to!

From off-campus

Copy to a USB drive

If you are unable to connect to UT VPN or cannot bring your machine to campus, then copying your public SSH key to a USB drive is another solution.

On your home computer:

  1. Plug in a USB drive.
  2. If it does not auto-mount, open a file manager and open the USB device to view its contents.
  3. Open another File Explorer window and navigate to C:Usersyourusername.ssh.
  4. Copy the id_rsa.pub file to your USB's folder.
  5. Safely unmount/eject your USB drive and bring it to campus.

From here, you will want to log into a CS lab machine and do:

  1. Plug in the USB drive
  2. If it does not auto-mount, open a file manager and open the USB device to view its contents.
  3. In a terminal, run df -hT to find the full path to your mounted USB drive.
  4. cat /media/yourusername/directory/id_rsa.pub >> ~/.ssh/authorized_keys (Replace the second path with your real USB drive's mount point path)
  5. chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys
  6. If step #5's command gives any errors, please submit a helpreq.
  7. Safely unmount/eject your USB drive.

Using ssh-agent (optional)

ssh-agent is a program included in OpenSSH that will remember your SSH key and not require you to type its passphrase each time you use SSH. Your desktop environment on HOME should start up ssh-agent when you log in.

  1. Hold the Windows key and press r. This will open the 'Run' window.
  2. Type services.msc and press Enter (or click OK).
  3. Scroll through the list of services until you find 'OpenSSH Authentication Agent'.
  4. Right-click on 'OpenSSH Authentication Agent' and select 'Properties'.
  5. Under 'Startup type', choose 'Automatic'.
  6. Click 'Apply'.
  7. Click the 'Start' button underneath 'Service status'.
  8. Click 'OK' to complete this process and close the Services window.

From here the SSH Authentication agent is running and you can now use the ssh-agent command to have Windows securely remember your SSH private key's passphrase.

  1. To add your SSH key to the agent, simply type:

    ssh-add

  2. Type in your SSH key's passphrase and you're good to go!

You won't need to type in your passphrase or even ssh-agent any longer, even after a reboot. You can simply use your normal ssh commands.

Additional information

  1. If you choose to not use the recommended location for your private key, you will need to specify its location in either your ssh command (with -i) or after your ssh-add command if using ssh-agent.↩

  2. This is not your CS_USER's password. The passphrase that you choose for your SSH key should be different from your CS_USER's password. See Selecting a strong password to learn how to choose a secure passphrase instead of a password.↩

  3. When typing your passphrase, you won't see any output on your screen. This is normal and is for your security.↩