SSH & Creating keys

About SSH Keys [expand title="Read More..." swaptitle=" "]

Secure Shell (better known as SSH) is a cryptographic network protocol which allows users to securely perform a number of network services over an unsecured network. SSH keys provide a more secure way of logging into a server with SSH than using a password alone. While a password can eventually be cracked with a brute force attack, SSH keys are nearly impossible to decipher by brute force alone.

Generating a key pair provides you with two long string of characters: a public and a private key. You can place the public key on any server, and then unlock it by connecting to it with a client that already has the private key. When the two match up, the system unlocks without the need for a password. You can increase security even more by protecting the private key with a passphrase.[/expand]

Create the RSA Key Pair[expand title="Read More..." swaptitle=" "]

The first step is to create the key pair on the client machine (there is a good chance that this will just be your computer):

ssh-keygen -t rsa [/expand]

Store the Keys and Passphrase[expand title="Read More..." swaptitle=" "]

Once you have entered the Gen Key command, you will get a few more questions:

Enter file in which to save the key (/home/demo/.ssh/id_rsa):

You can press enter here, saving the file to the user home (in this case, my example user is called demo).

Enter passphrase (empty for no passphrase):

It’s up to you whether you want to use a passphrase. Entering a passphrase does have its benefits: the security of a key, no matter how encrypted, still depends on the fact that it is not visible to anyone else. Should a passphrase-protected private key fall into an unauthorized users possession, they will be unable to log in to its associated accounts until they figure out the passphrase, buying the hacked user some extra time. The only downside, of course, to having a passphrase, is then having to type it in each time you use the key pair.

The entire key generation process looks like this:

ssh-keygen -t rsa
OutputGenerating public/private rsa key pair.
Enter file in which to save the key (/home/demo/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/demo/.ssh/id_rsa.
Your public key has been saved in /home/demo/.ssh/id_rsa.pub.
The key fingerprint is:
4a:dd:0a:c6:35:4e:3f:ed:27:38:8c:74:44:4d:93:67 demo@a
The key's randomart image is:
+--[ RSA 2048]----+
|          .oo.   |
|         .  o.E  |
|        + .  o   |
|     . = = .     |
|      = S = .    |
|     o + = +     |
|      . o + o .  |
|           . o   |
|                 |
+-----------------+

The public key is now located in /home/demo/.ssh/id_rsa.pub. The private key (identification) is now located in /home/demo/.ssh/id_rsa. [/expand]

Copy the Public Key[expand title="Read More..." swaptitle=" "]

Once the key pair is generated, it’s time to place the public key on the server that we want to use.

You can copy the public key into the new machine’s authorized_keys file with the ssh-copy-id command. Make sure to replace the example username and IP address below.

ssh-copy-id demo@198.51.100.0 [/expand]

Trash-CLI

Command Line Interface

trash-cli trashes files recording the original path, deletion date, and permissions. It uses the same trashcan used by KDE, GNOME, and XFCE, but you can invoke it from the command line (and scripts).

It provides these commands:

  • trash-put trash files and directories.
  • trash-empty empty the trashcan(s).
  • trash-list list trashed files.
  • trash-restore restore a trashed file.
  • trash-rm remove individual files from the trashcan.

Usage

Trash a file:

$ trash-put foo

List trashed files:

$ trash-list
2008-06-01 10:30:48 /home/andrea/bar
2008-06-02 21:50:41 /home/andrea/bar
2008-06-23 21:50:49 /home/andrea/foo

Search for a file in the trashcan:

$ trash-list | grep foo
2007-08-30 12:36:00 /home/andrea/foo
2007-08-30 12:39:41 /home/andrea/foo

Restore a trashed file:

$ trash-restore
0 2007-08-30 12:36:00 /home/andrea/foo
1 2007-08-30 12:39:41 /home/andrea/bar
2 2007-08-30 12:39:41 /home/andrea/bar2
3 2007-08-30 12:39:41 /home/andrea/foo2
4 2007-08-30 12:39:41 /home/andrea/foo
What file to restore [0..4]: 4
$ ls foo
foo

Remove all files from the trashcan:

$ trash-empty

Remove only the files that have been deleted more than <days> ago:

$ trash-empty <days>

Example:

$ date
Tue Feb 19 20:26:52 CET 2008
$ trash-list
2008-02-19 20:11:34 /home/einar/today
2008-02-18 20:11:34 /home/einar/yesterday
2008-02-10 20:11:34 /home/einar/last_week
$ trash-empty 7
$ trash-list
2008-02-19 20:11:34 /home/einar/today
2008-02-18 20:11:34 /home/einar/yesterday
$ trash-empty 1
$ trash-list
2008-02-19 20:11:34 /home/einar/today

Remove only files matching a pattern:

$ trash-rm \*.o

Note: you need to use quotes in order to protect the pattern from shell expansion.

FAQ

How to create a top level .Trash dir?

Steps

sudo mkdir --parent /.Trash
sudo chmod a+rw /.Trash
sudo chmod +t /.Trash

Can I alias rm to trash-put?

You can but you shouldn’t. In the early days I thought it was a good idea to do that but now I changed my mind.

Although the interface of trash-put seems to be compatible with rm, it has different semantics which will cause you problems. For example, while rm requires -R for deleting directories trash-put does not.

But sometimes I forget to use trash-put, really can’t I?

You could alias rm to something that will remind you to not use it:

alias rm='echo "This is not the command you are looking for."; false'

Then, if you really want to use rm, simply prepend a slash to bypass the alias:

\rm file-without-hope

Note that Bash aliases are used only in interactive shells, so using this alias should not interfere with scripts that expect to use rm.

SSH Error – ‘Host key verification failed’

So what is it and why do I need to know about it?

SSH, also known as Secure Socket Shell, is a network protocol that provides administrators with a secure way to access a remote computer. SSH also refers to the suite of utilities that implement the protocol. Secure Shell provides strong authentication and secures encrypted data communications between two computers connecting over an insecure network such as the Internet. SSH is widely used by network administrators for managing systems and applications remotely, allowing them to log in to another computer over a network, execute commands and move files from one computer to another.

The encrypted keys for each computer are stored in a file /home/User/.ssh       known_hosts

You will need to turn on View Hidden Files in your file explorer to see the .ssh folder and all other system folders and files.

When you look at the known_hosts file there will be a line for each computer that looks like this:

|1|guO7PbLLb5FWIpxNZHF03ESTTKg=|r002DA8L2JUYRVykUh7jcVUHeYE= ssh-rsa AAAAB3NzaC1yc2EAAFADAQABAAABAQ....etc

The problem is that the hostname is “Hashed”. This is great from a security point of view. But not so useful in a “home network scenario”.

So we need to turn off the setting “HashKnownHosts = yes” to “HashKnownHosts =no “

This setting is located at /etc/ssh     ssh_config  at the bottom of the file for me anyway!

After you change this setting you will need to delete the known_hosts file. You will then have to reauthorize the connection to each of your computers, again. But this time when you look at the file, there will now be an I.P. Address at the start of each line.

[192.168.1.101]:22 ssh-rsa AAAAB3NzaC1yc2EAAFADAQABAAABAQ....etc

So next time you have an error you won’t need to delete the known_hosts file but instead just edit it and delete the one line that correlates to the computer that you’re trying to connect to.

 

Need Help?

Easy Blog’s

New service: Blogs

NerdPower has a new Domain: PersonalBlog.com.au

What this means is Your blogging just got easy and Personal. We create a WordPress Site already themed and ready to go, you just add your blog’s. It’s that simple and if you get stuck, you can always ask for help!

If you want a custom Email to go with the blog we can do that too.

All it costs is $1 per week for te Blog,

and $1 per week for the Email.

Yep, That’s right.

$2 per week for a private blog and email so you can stop Facebook & Google spying on you… well limit the data they get. 😉

For example get a blog of michael.personalblog.com.au & michael@personalblog.com.au

Contact Nerdpower for more info.

Mate-Terminal – Manual page:

MATE Terminal

/assets/img/mate/terminal.pngMATE Terminal is a terminal emulation application that you can use to access a UNIX shell in the MATE environment. With it, you can run any application that is designed to run on VT102, VT220, and xterm terminals. MATE Terminal also has the ability to use multiple terminals in a single window (tabs) and supports management of different configurations (profiles). MATE Terminal is a fork of GNOME Terminal.

Continue reading Mate-Terminal – Manual page:

LFTP – FTP Download Client

LFTP is a sophisticated ftp/http client, and a file transfer program supporting a number of network protocols. Like BASH, it has job control and uses the readline library for input. It has bookmarks, a built-in mirror command, and can transfer several files in parallel. It was designed with reliability in mind.

Continue reading LFTP – FTP Download Client