RHCSA

SECURE SHELL

In Red Hat Enterprise Linux systems, OpenSSH implements the Secure Shell or SSH protocol. The SSH protocol allows systems to communicate over an insecure network in an encrypted and secure manner. You can use the ssh command to establish a secure connection to a remote system, authenticate as a specific user, and obtain an interactive shell session as that user on the remote system. You can also use ssh to run a single command on the remote system without launching an interactive shell.

SSH HOST KEYS

SSH protects communication with public-key encryption.

Before an SSH client connects to an SSH server, the server sends a copy of its public key to the client.

This is used to configure the secure encryption for the communication channel and to authenticate the server to the client.

When a user uses the ssh command to connect to an SSH server, the command checks to see if it has a copy of the public key for that server in its local known hosts files.

The system administrator may have pre-configured it in /etc/ssh/ssh known hosts, or the user may have a /.ssh/known hosts file in their home directory that contains the key.

SSH will check the key from the known hosts files for that server to the one it received if the client already has a copy of the key.

If the keys do not match, the client considers that the server may have been compromised or that network traffic to the server has been hijacked, and it asks the user for confirmation before continuing the connection.

The ssh command will ask you to log in any way if the client does not have a copy of the public key in its known hosts files.

If you do, a copy of the public key will be preserved in your.ssh/known hosts file so that further authentication of the server will be carried out automatically.

SSH Known Hosts Key Management

You must amend the known hosts files to ensure that the entry for the old public key is replaced with an entry with the new public key in order to log in without issues if a server’s public key is changed because the key was lost due to hard drive failure or replaced for some other valid reason.

The /etc/ssh/ssh known hosts file and each user’s /.ssh/known hosts file on the SSH client include public key information.

There is one line per key.

A list of hostnames and IP addresses that use that public key is contained in the first field.

The key’s encryption algorithm is contained in the second field.

The key itself is the last field.

Your connection to each remote SSH server stores its public key in the /etc/ssh directory in files with the extension .pub.

We suggest students interested in learning linux technology will consider RHCSA online Training Centers in Kochi or search it on internet to get a RHCSA Bootcamp in Kochi to develop a skill and improve knowledge in linux.

Author: STEPS