Fedora iTOps Tube

Saturday, December 24, 2011

5 Basic Linux SSH Client Commands

Let us review the following 5 basic command line usage of the ssh client.

  1. Identify SSH client version
  2. Login to remote host
  3. Transfer Files to/from remote host
  4. Debug SSH client connection
  5. SSH escape character usage: (Toggle SSH session, SSH session statistics etc.)


1. SSH Client Version:

Sometimes it may be necessary to identify the SSH client that you are currently running and it's corresponding version number, which can be identified as shown below. Please note that Linux comes with OpenSSH.

 $ ssh -V OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003  $ ssh -V ssh: SSH Secure Shell 3.2.9.1 (non-commercial version) on i686-pc-linux-gnu 

2. Login to remote host:

  • The First time when you login to the remotehost from a localhost, it will display the host key not found message and you can give "yes" to continue. The host key of the remote host will be added under .ssh2/hostkeys directory of your home directory, as shown below.
 localhost$ ssh -l jsmith remotehost.example.com  Host key not found from database. Key fingerprint: xabie-dezbc-manud-bartd-satsy-limit-nexiu-jambl-title-jarde-tuxum You can get a public key's fingerprint by running % ssh-keygen -F publickey.pub on the keyfile. Are you sure you want to continue connecting (yes/no)? yes Host key saved to /home/jsmith/.ssh2/hostkeys/key_22_remotehost.example.com.pub host key for remotehost.example.com, accepted by jsmith Mon May 26 2008 16:06:50 -0700 jsmith@remotehost.example.com password: remotehost.example.com$ 
  • The Second time when you login to the remote host from the localhost, it will prompt only for the password as the remote host key is already added to the known hosts list of the ssh client.
          localhost$ ssh -l jsmith remotehost.example.com
jsmith@remotehost.example.com password:
remotehost.example.com$
  • For some reason, if the host key of the remote host is changed after you logged in for the first time, you may get a warning message as shown below. This could be because of various reasons such as 1) Sysadmin upgraded/reinstalled the SSH server on the remote host 2) someone is doing malicious activity etc., The best possible action to take before saying "yes" to the message below, is to call your sysadmin and identify why you got the host key changed message and verify whether it is the correct host key or not.
         localhost$ ssh -l jsmith remotehost.example.com
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the host key has just been changed.
Please contact your system administrator.
Add correct host key to "/home/jsmith/.ssh2/hostkeys/key_22_remotehost.example.com.pub"
to get rid of this message. Received server key's fingerprint: xabie-dezbc-manud-bartd-satsy-limit-nexiu-jambl-title-jarde-tuxum You can get a public key's fingerprint by running
% ssh-keygen -F publickey.pub
on the keyfile.
Agent forwarding is disabled to avoid attacks by corrupted servers.
Are you sure you want to continue connecting (yes/no)? yes
Do you want to change the host key on disk (yes/no)? yes
Agent forwarding re-enabled.
Host key saved to /home/jsmith/.ssh2/hostkeys/key_22_remotehost.example.com.pub
host key for remotehost.example.com, accepted by jsmith Mon May 26 2008 16:17:31 -0700
jsmith @remotehost.example.com's password:
remotehost$

3. File transfer to/from remote host:

Another common use of ssh client is to copy files from/to remote host using scp.

  • Copy file from the remotehost to the localhost:
         localhost$scp jsmith@remotehost.example.com:/home/jsmith/remotehostfile.txt remotehostfile.txt
  • Copy file from the localhost to the remotehost:
         localhost$scp localhostfile.txt jsmith@remotehost.example.com:/home/jsmith/localhostfile.txt

4. Debug SSH Client:

Sometimes it is necessary to view debug messages to troubleshoot any SSH connection issues. For this purpose, pass -v (lowercase v) option to the ssh as shown below.

  • Example without debug message:
         localhost$ ssh -l jsmith remotehost.example.com
warning: Connecting to remotehost.example.com failed: No address associated to the name
localhost$
  • Example with debug message:
         locaclhost$ ssh -v -l jsmith remotehost.example.com
debug: SshConfig/sshconfig.c:2838/ssh2_parse_config_ext: Metaconfig parsing stopped at line 3.
debug: SshConfig/sshconfig.c:637/ssh_config_set_param_verbose: Setting variable 'VerboseMode' to 'FALSE'.
debug: SshConfig/sshconfig.c:3130/ssh_config_read_file_ext: Read 17 params from config file.
debug: Ssh2/ssh2.c:1707/main: User config file not found, using defaults. (Looked for '/home/jsmith/.ssh2/ssh2_config')
debug: Connecting to remotehost.example.com, port 22... (SOCKS not used)
warning: Connecting to remotehost.example.com failed: No address associated to the name

5. Escape Character: (Toggle SSH session, SSH session statistics etc.)

Escape character ~ get's SSH clients attention and the character following the ~ determines the escape command. 
Toggle SSH Session: When you've logged on to the remotehost using ssh from the localhost, you may want to come back to the localhost to perform some activity and go back to remote host again. In this case, you don't need to disconnect the ssh session to the remote host. Instead follow the steps below.

  • Login to remotehost from localhost: localhost$ssh -l jsmith remotehost
  • Now you are connected to the remotehost: remotehost$
  • To come back to the localhost temporarily, type the escape character ~ and Control-Z. When you type ~ you will not see that immediately on the screen until you press <Control-Z> and press enter. So, on the remotehost in a new line enter the following key strokes for the below to work: ~<Control-Z>
     remotehost$ ~^Z
[1]+ Stopped ssh -l jsmith remotehost
localhost$
  • Now you are back to the localhost and the ssh remotehost client session runs as a typical unix background job, which you can check as shown below:
     localhost$ jobs
[1]+ Stopped ssh -l jsmith remotehost
  • You can go back to the remote host ssh without entering the password again by bringing the background ssh remotehost session job to foreground on the localhost
     localhost$ fg %1
ssh -l jsmith remotehost
remotehost$

SSH Session statistics: To get some useful statistics about the current ssh session, do the following. This works only on SSH2 client.

  • Login to remotehost from localhost: localhost$ssh -l jsmith remotehost
  • On the remotehost, type ssh escape character ~ followed by s as shown below. This will display lot of useful statistics about the current SSH connection.
         remotehost$  [Note: The ~s is not visible on the command line when you type.] 
remote host: remotehost
local host: localhost
remote version: SSH-1.99-OpenSSH_3.9p1
local version: SSH-2.0-3.2.9.1 SSH Secure Shell (non-commercial)
compressed bytes in: 1506
uncompressed bytes in: 1622
compressed bytes out: 4997
uncompressed bytes out: 5118
packets in: 15
packets out: 24
rekeys: 0
Algorithms:
Chosen key exchange algorithm: diffie-hellman-group1-sha1
Chosen host key algorithm: ssh-dss
Common host key algorithms: ssh-dss,ssh-rsa
Algorithms client to server:
Cipher: aes128-cbc
MAC: hmac-sha1
Compression: zlib
Algorithms server to client:
Cipher: aes128-cbc
MAC: hmac-sha1
Compression: zlib
localhost$

 


The Sample Cisco syslog.conf File

The Sample Cisco syslog.conf File

 

 
#
# All LOCAL3 messages (debug and above) go to the firewall file ciscofw
#
local3.debug /var/log/cisco/ciscofw
#
# All LOCAL4 messages  (debug and above) go to the Local Director file ciscold
#
local4.debug /var/log/cisco/ciscold
#
# All LOCAL6 messages  (debug and above) go to the CSS file ciscocss
#
local6.debug /var/log/cisco/ciscocss
#
# All LOCAL7 messages  (debug and above) go to the ciscoacl
# This includes ACL logs which are logged at severity debug
#
local7.debug /var/log/cisco/ciscoacl
#
# LOCAL7 messages  (notice and above) go to the ciscoinfo
# This excludes ACL logs which are logged at severity debug
#
local7.notice /var/log/cisco/ciscoinfo

Cisco CSS11000 (Arrowpoints)

Cisco CSS11000 (Arrowpoints)

The configuration for the Cisco CSS11000 load balancer series is more straightforward. You specify the facility with an intuitive number using the logging host command and set the severity with the logging subsystem command. This example shows the CSS11000 logging facility local6 and severity level 6 (Informational):

logging host 192.168.1.100 facility 6
set logging subsystem all info-6
logging commands enable

Cisco PIX Filewalls

Cisco PIX Filewalls

PIX firewalls use the numbering scheme in Table IV.2 to determine their logging facilities.

Table IV-2 Syslog Facility and Severity Numbering Scheme for PIX Firewalls

Facility

Logging Facility

Command Value

local 0

16

local 1

17

local 2

18

local 3

19

local 4

20

local 5

21

local 6

22

local 7

23

This configuration example assumes that the logging server is connected on the side of the "inside" protected interface. It sends log messages to facility local3 with a severity level of 5 (Notification) set by the logging trap command.

 
logging on
logging standby
logging timestamp
logging trap notifications
logging facility 19
logging host inside 192.168.1.100
 

Cisco Local Director

Cisco Local Director

Local Directors use the syslog output command to set their logging facility and severity. The value provided must be in the format FF.SS (facility.severity) using the numbering scheme in Table IV-1:

Table IV-1 Syslog Facility and Severity Numbering Scheme for Local Directors

Facility

FF Value

 

Severity

SS Value

local 0

16

 

System unusable

0

local 1

17

 

Immediate action required

1

local 2

18

 

Critical condition

2

local 3

19

 

Error conditions

3

local 4

20

 

Warning conditions

4

local 5

21

 

Normal but significant conditions

5

local 6

22

 

Informational messages

6

local 7

23

 

Debugging messages

7

This example uses facility local4 and the logging debugging messages from Table IV-1.

 
syslog output 20.7
no syslog console
syslog host 192.168.1.100
 

Catalyst CAT Switches running CATOS

Catalyst CAT Switches running CATOS

By default Cisco switches also send syslog messages to their logging server with a default facility of local7. Don't change this facility either, therefore making routers and switches log to the same file.

 set logging server enable set logging server 192.168.1.100 set logging level all 5 set logging server severity 6 

Cisco Routers

Cisco Routers

By default Cisco routers send syslog messages to their logging server with a default facility of local7. Don't set the facility in this case, but do tell the router to timestamp the messages and make the messages have the source IP address of the loopback interface.

 
service timestamps log datetime localtime
no logging console
no logging monitor
logging 192.168.1.100
 

Introduction - syslog Configuration and Cisco Devices

Introduction

Syslog reserves facilities local0 through local7 for log messages received from remote servers and network devices. Routers, switches, firewalls and load balancers each logging with a different facility can each have their own log files for easy troubleshooting. The following examples will show how to have a different log file for each class of device.
 

If you have a large data center, then you may also want to switch off all logging to /var/log/messages as suggested above for the home/SOHO environment. In all the network device configuration examples below we are logging to the remote Linux logging server 192.168.1.100 which we set up in the previous section.

Linux Users and Sudo

Linux Users and Sudo

Contents

 
 
 

Configuring the DHCP Server

Configuring the DHCP Server






 





 

Download and Install the DHCP Package

Download and Install the DHCP Package

Most RedHat and Fedora Linux software product packages are available in the RPM format, whereas Debian and Ubuntu Linux use DEB format installation files. When searching for these packages, remember that the filename usually starts with the software package name and is followed by a version number, as in dhcp-3.23.58-4.i386.rpm. (For help on downloading and installing the package, see Chapter 6, "Installing Linux Software".)

Note: With Fedora / Redhat the package to install would be dhcp. With Debian / Ubuntu the package is dhcp3-server.

Linux Boot Process

Linux Boot Process

Contents