Installation guide

ManualsBrandsPythonQ ManualsIndustrial248-8XX

131

132

133

134

135

136

137

138

139

140

Chapter 9. SSH Protocol 133

• ssh_host_key.pub — The RSA public key used by the sshd daemon for version 1 of the SSH

protocol.

• ssh_host_rsa_key — The RSA private key used by the sshd daemon for version 2 of the SSH

protocol.

• ssh_host_rsa_key.pub — The RSA public key used by the sshd for version 2 of the SSH

protocol.

User-speciﬁc SSH conﬁguration information is stored in the user’s home directory within the

~/.ssh/ directory:

• authorized_keys — This ﬁle holds a list of "authorized" public keys for servers. When the

client connects to a server, the server authenticates the client by checking its signed public key

stored within this ﬁle. This is an optional authentication method.

• id_dsa — Contains the DSA authentication identity of the user.

• id_dsa.pub — The DSA public key of the user.

• id_rsa — The RSA public key used by sshd for version 2 of the SSH protocol.

• identity — The RSA private key used by sshd for version 1 of the SSH protocol.

• known_hosts — This ﬁle contains DSA host keys of SSH servers accessed by the user. This ﬁle is

very important for ensuring that the SSH client is connecting the correct SSH server. If a host’s key

has changed, and you are not absolutely certain why, you should contact the system administrator

of the SSH server to make sure that the server has not been compromised. If a server’s host keys

are legitimately altered by a re-installation of Red Hat Linux the next time you log into that server

you will be notiﬁed that the host key stored in the known_hosts ﬁle does not match. To connect

to the server, the user must open the known_hosts ﬁle in a text editor and delete the key for that

host. This allows the SSH client to create a new host key.

See the man pages for ssh and sshd for information concerning the various directives available in

the SSH conﬁguration ﬁles.

9.5. More Than a Secure Shell

A secure command line interface is just the beginning of the many ways SSH can be used. Given the

proper amount of bandwidth, X11 sessions can be directed over an SSH channel. Or, by using TCP/IP

forwarding, previously insecure port connections between systems can be mapped to speciﬁc SSH

channels.

9.5.1. X11 Forwarding

Opening an X11 session over an established SSH connection is as easy as running an X program on

the local machine. When an X program is run from the secure shell prompt, the SSH client and server

create a new secure channel, and the X program data is sent over that channel to your client machine

transparently.

X11 forwarding can be very useful. For example, you can use X11 forwarding to create a secure,

interactive session with up2date on the server to update packages. To do this, connect to the server

using ssh and type:

up2date &

You will be asked to supply the root password for the server. Then, Red Hat Update Agent will

appear and you can update your packages on the server as though you were sitting in front of the

machine.