Connected to 10.0.0.1 (10.0.0.1)
Escape character is '^]'.
Welcome to Caitlin
Running Fedora
* All access is logged *
login: paul
Password:
Last login: Sat Jul 9 12:05:41 from 10.0.0.5
[paul@caitlin ~]$
Note that the server responds with Welcome to Caitlin, running Fedora, which is a customized message. Your machine will probably respond with Fedora and your kernel version. This is insecure: Giving away version numbers is never a smart move. In fact, even saying Fedora is questionable. Edit the issue and issue.net files in your /etc directory to change these messages.
Running the w command now shows you as connecting from the external IP address.
Setting Up an SSH Server
The OpenSSH server is set up to be automatically installed and run in Fedora, which means it should already be working on your system. However, if you have disabled it, you can re-enable it by selecting System Settings, Server Settings, Services and selecting the sshd box. As you might have gathered, sshd is the name for the SSH server daemon.
Two different versions of SSH exist, called SSH1 and SSH2. The latter is newer, is more secure, comes with more features, and is the default in Fedora Core Linux. However, support for SSH1 clients is also left enabled by default so that older clients can connect. Because it is less secure, you should disable SSH1 if you have no one who specifically relies on it.
To do this, edit the /etc/ssh/sshd_config file and look for this line:
#Protocol 2,1
Edit this line so that it becomes:
Protocol 2
This removes the comment sign (#) and tells sshd that you want it to only allow SSH2 connections. Save the file and exit your editor. The next step is to tell sshd to reread its configuration file, by executing this command:
kill -HUP `cat /var/run/sshd.pid`
If this returns cat: /var/run/sshd.pid: No such file or directory, it means you didn't have sshd running. Next time you start it, it reads the configuration file and uses SSH2 only.
You can test this change by trying to connect to your SSH server in SSH1 mode. From the same machine, type this:
ssh -1 localhost
The -1 switch forces SSH1 mode. If you successfully forced the SSH2 protocol, you should get the message Protocol major versions differ: 1 vs. 2.
The SSH Tools
To the surprise of many, OpenSSH actually comprises a suite of tools. You have already seen ssh, the secure shell command that connects to other machines, and sshd, the SSH server daemon that accepts incoming SSH connections. However, there is also sftp, a replacement for ftp, and scp, a replacement for rcp.
You should already be familiar with the ftp command because it is the lowest-common- denominator system for handling FTP file transfers. Like Telnet, though, ftp is insecure: It sends your data in plain text across the network and anyone can sniff your packets to pick out a username and password. The SSH replacement, sftp, puts FTP traffic over an SSH link, thus securing it.
The rcp command might be new to you, largely because it is not used much anymore. Back in its day, rcp was the primary way of copying a single file to another server. As with ftp, scp replaces rcp by simply channeling the data over a secure SSH connection. The difference between sftp and scp is that the former allows you to copy many files, whereas the latter sends just one.
Using scp to Copy Individual Files Between Machines
The most basic use of the scp command is to copy a file from your current machine to a remote machine. You can do that with the following command:
scp test.txt 10.0.0.1:
The first parameter is the name of the file you want to send, and the second is the server to which you want to send it. Note that there is a colon at the end of the IP address. This is where you can specify an exact location for the file to be copied. If you have nothing after the colon, as in the previous example, scp copies the file to your home directory. As with SSH, scp prompts you for your password before copying takes place.
You can rewrite the previous command so that you copy test.txt from the local machine and save it as newtest.txt on the server:
scp test.txt 10.0.0.1:newtest.txt
Alternatively, if there is a directory where you want the file to be saved, you can specify it like this:
scp test.txt 10.0.0.1:subdir/stuff/newtest.txt
The three commands so far have all assumed that your username on your local machine is the same as your username on the remote machine. If this is not the case, you need to specify your username before the remote address, like this:
scp test.txt [email protected]:newtest.txt
You can use scp to copy remote files locally by simply specifying the remote file as the source and the current directory (.) as the destination:
scp 10.0.0.1:remote.txt .
The scp command is nominally also capable of copying files from one remote machine to another remote machine, but this functionality has yet to be properly implemented in Fedora Core Linux. If a patch is released — and we hope one is eventually — the correct command to use would be this:
scp 10.0.0.1:test.txt 10.0.0.2:remotetest.txt
That copies test.txt from 10.0.0.1 to remotetest.txt on 10.0.0.2. If this works, you are asked for passwords for both servers.
