Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
21222324252627282930
The remote computer attempts to authenticate the local computer using RSA or Â
DSA certicates. If this isn’t possible, the local computer is prompted for a local
username and password.
After successful authentication, the session begins. A remote shell, a secure le Â
transfer, a remote command, or other action can take place through the encrypted
tunnel.
The following are SSH tools:
 sshd—A daemon that acts as a server to all other commands
 ssh—The primary user tool, which includes a remote shell, remote command, and
port-forwarding sessions
 scp—Secure copy, a tool for automated le transfers
 sftp—Secure FTP, a replacement for FTP
Generating Key Pairs for Key-Based SSH Connections
By default, SSH supports the use of password, key, and Kerberos authentication.
The standard method of SSH authentication is to supply a user name and password
as login credentials. Identity key-based authentication lets you log in to the server
without supplying a password.
Key-based authentication is more secure than password authentication, because it
requires that you have the private key le and know the password that lets you access
that key le. A key must be generated for each user account that needs to use ssh.
How SSH key-based authentication works:
1 A private and a public key are generated, each associated with a user name to
establish that user’s authenticity.
2 When you attempt to log in as that user, the user name is sent to the remote
computer.
3 The remote computer looks in the users .ssh/ folder for the user’s public key.
This folder is created when using SSH the rst time.
4 A challenge is sent to the user based on his or her public key.
5 The user veries his or her identity by using the private portion of the key pair to
decode the challenge.
6 After the key is decoded, the user is logged in without a password.
This is especially useful when automating remote scripts.
Note: If the server uses FileVault to encrypt the home folder of the user you want to
use SSH to connect as, you must be logged in on the server to use SSH. Alternatively,
you can store the keys for the user in a location that isn’t protected by FileVault, but
this isn’t secure.
28 Chapter 4 Connecting to Remote Computers