“A cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers.” -Wikipedia
###Why would I want to use ssh?
Because it’s awesome!
OpenSSH server and client is installed by default in OpenBSD’s.
OpenSSH server is started at boot by default.
To check to make sure that the OpenSSH server (the ssh daemon, or sshd) is running, log into the system and do something like the following:
pgrep -lf sshd
And you should see soemthing like this:
If you do, sshd is running.
If you have an OpenBSD box with a user account, you can ssh into it.
Enter your password and that’s it!
To stop the daemon (must command as root):
There is also restart, reload, and check.
If a user is already ssh’d in the box, stopping the daemon will not stop active connections. It only stops new connections from initiating!
If you want to stop all ssh activity, you must also kill active ssh sessions in addition to stopping the daemon. “pgrep -lf sshd” will show active ssh connections.
In the ssh_config file there are many options available to tighten security. For example, you could do something like this:
Ciphers 3des PasswordAuthentication no Protocol 2 AllowUsers zamicol kur0 PermitRootLogin no Port 7070
Some of these settings may not be a good idea, but it might help keep the baddies away.
You must restart sshd for these changes to take effect.
Passwords are lame. That is why there is ssh-keygen, enabling passwordless logins.
Go to ~/.ssh
ssh-keygen -t rsa -b 2048 -C "LabelofYouChoosing"
ck a good lable, as it will identify your key to others.
It will ask for a place to save it. The default is fine.
Leave the passphrase empty.
Is your work place blocking that sweet, sweet ASCII porn? Use a ssh tunnel!
Here’s an example of port forwarding.
ssh -L localPort:hostYouAreRoutingThrough:hostPort destinationHost
So if your workplace was blocking reddit, this is how you get around that:
ssh -L 7070:reddit.com:80 homeIpAddress
Now in your browser, use the following URL to browse!
There’s Reddit! Weeeee!
What if you want to send all web browser traffic over a proxy?
ssh -D 7070 user@host
Then configure your browser to use the proxy on the local port 7070. Now you can browse anywhere over the proxy!
-D still does not tunnel DNS lookups. If you need all traffic to go through a tunnel, you can use vpn or ssh vpn!
###More Resources OpenBSD man page