“A cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers.” -Wikipedia
###Why would I want to use ssh?
Because it’s awesome!
OpenSSH server and client is installed by default in OpenBSD’s.
OpenSSH server is started at boot by default.
To check to make sure that the OpenSSH server (the ssh daemon, or sshd) is running, log into the system and do something like the following:
pgrep -lf sshd
And you should see soemthing like this:
7656 sshd
If you do, sshd is running.
If you have an OpenBSD box with a user account, you can ssh into it.
ssh yourUser@theBoxYouWantToSshInto
Enter your password and that’s it!
To stop the daemon (must command as root):
/etc/rc.d/sshd stop
/etc/rc.d/sshd start
There is also restart, reload, and check.
If a user is already ssh’d in the box, stopping the daemon will not stop active connections. It only stops new connections from initiating!
If you want to stop all ssh activity, you must also kill active ssh sessions in addition to stopping the daemon. “pgrep -lf sshd” will show active ssh connections.
In the ssh_config file there are many options available to tighten security. For example, you could do something like this:
Ciphers 3des
PasswordAuthentication no
Protocol 2
AllowUsers zamicol kur0
PermitRootLogin no
Port 7070
Some of these settings may not be a good idea, but it might help keep the baddies away.
You must restart sshd for these changes to take effect.
/etc/rc.d/sshd restart
Passwords are lame. That is why there is ssh-keygen, enabling passwordless logins.
Go to ~/.ssh
Type
ssh-keygen -t rsa -b 2048 -C "LabelofYouChoosing"
ck a good lable, as it will identify your key to others.
It will ask for a place to save it. The default is fine.
Leave the passphrase empty.
Is your work place blocking that sweet, sweet ASCII porn? Use a ssh tunnel!
Here’s an example of port forwarding.
ssh -L localPort:hostYouAreRoutingThrough:hostPort destinationHost
So if your workplace was blocking reddit, this is how you get around that:
ssh -L 7070:reddit.com:80 homeIpAddress
Now in your browser, use the following URL to browse!
http://localhost:7070
There’s Reddit! Weeeee!
What if you want to send all web browser traffic over a proxy?
ssh -D 7070 user@host
Then configure your browser to use the proxy on the local port 7070. Now you can browse anywhere over the proxy!
-D still does not tunnel DNS lookups. If you need all traffic to go through a tunnel, you can use vpn or ssh vpn!
###More Resources OpenBSD man page