Understanding Remote Administration with OpenSSH

Question 1

telnet is susceptible to …

Answer 1

sniffing as it offers no encryption or modern security

Question 2

What replaced telnet?

Answer 2

SSH v2 replaced it, it uses port 22

Question 3

What else does ssh replace?

Answer 3

SSH also replaces rcp, rlogin, rsh

Question 4

What is ssh based on?

Answer 4

SSH is based on public/private key encryption

Question 5

What are some ssh features?

Answer 5

1) remote login
2) drop in commands: ssh remote_user@ ‘command in remote ip>
3) remote multi-system copying with scp

Question 6

What is the ssh dynamics for logging into a system?

Answer 6

1 client starts a connection via ssh port 22
2 server replies with Host Public key
3 client stores public key in ~/.ssh/known_hosts
4 Diffie-Hellman session key is agreed upon
5 Client authentication is accomplished
6 A secure and encrypted session is established

Question 7

what replaces rcp?

Answer 7

scp

Question 8

what replaces rsh?

Answer 8

ssh

Question 9

what replaces ftp?

Answer 9

sftp

Question 10

What are 2 common sftp commands to copy files to and from a remote system?

Answer 10

get file_to-copy /home/cloud_user
copies the file from the sftp to /home/cloud_user
————-
put -r bin/
places from the local system to the sftp in the current location

Question 11

What does this do?

ssh-copy-id .ssh/rsa_id.pub @

Answer 11

this copies the file to the authorized_keys file, alternatively, you can copy/paste the public key to the authorized_keys file in the target machine

Question 12

What file is used for ssh clients config?

Answer 12

for ssh clients, see /etc/ssh/ssh_config

Question 13

Where is the local user config for ssh client?

Answer 13

~/.ssh/config

Question 14

What is the default option for SSH connectivity when it connects to the first time?

Answer 14

The default option for SSH connectivity is to ask, that is why when you first connect to a server, it says:

The authenticity of host can;t be established.
ECDSA ley fingerprint is
Are you sure you want to continue connecting (yes/no)?

Question 15

What are the options in the ~/.ssh/config file?

Answer 15

ask > default option, ask to store the key if not already known
yes > will only connect if key is pre-shared (secure)
no > stores the key automatically (security risk!)
accept-new > auto add keys, won’t connect to changed keys

Question 16

Where is the system config saved for ssh servers?

Answer 16

system config is at /etc/ssh/sshd_config > this is the daemon, not for the clients

Question 17

What should you do after changing the file /etc/ssh/sshd_config?

Answer 17

you should restart the sshd service

Question 18

What are some options in the /etc/ssh/sshd_config?

Answer 18

Protocol > v2 is the default
AllowUsers > Deny all BUT these users
DenyUsers >  Allow all BUt these users
port > specify ssh port (can be several)
UsePAM

Question 19

the steps for key-based authentication are:

Answer 19

1 generate the key pair (ssh-keygen)
2 upload the public key to the remote server (ssh-copy-id)
3 verify the public key works
4 add your credentials to the ssh-agent
5 connect without password to the remote server