Archive for the ‘ssh’ Category

Connect Through SSH Without a Password

December 10, 2008 Leave a comment

lockpickOne day, you will find yourself trying to execute  a command on a remote UNIX box without the need of typing the password. The basis of using this technique relies on public keys which are a kind of digital signatures.

Let’s supose we have a server named “Mailserver” and another server called “Monitor” and you want Monitor to connect every 30 minutes to Mailserver and verify the health of some services.

Anyway, here is the quick-guide:

First of all connect to Monitor with the user of you choice.

Then,  type:

ssh-keygen -t rsa
This command will create the RSA public key of the current user. You will be asked to type a passphrase but it’s not necesary at all; You can just ignore it.

When the command finishes execution, a message will appear telling you the location of the new files. In most cases it is placed in the .ssh/ directory inside your home/ path.

Next, you’ll have to copy the public they to the authorized_keys2 file on the remote server (in this case Mailserver). To make it simple, here is the command (Remember to substitute user and hostname with your own):

scp ~/.ssh/ user@hostname:~/.ssh/authorized_keys2
This will the last time you’ll prompted to type the password. When the transfer finishes, you should be able to ssh from Monitor to Mailserver without being prompted for a pass. 🙂

NOTE: On some UNIX like Solaris the default location of the public-keys can vary from system to system.

NOTE 2: You must have RSAAuthentication yes in your /etc/ssh/sshd_config file. On many Linux installations this setting is commented out in a default install.

Categories: networking, ssh Tags: ,

Connection closed by remote host: ssh_exchange_identification

October 9, 2008 1 comment

Often when a process that uses SSH runs in a regular basis, you may get a “Connection closed by remote host” error.

For example, in my case I was using a Nagios based monitor that needed to connect to a group of hosts and, from time to time I got bursts of this error when trying to access the monitored machines.

This is an example of the log file:

10 13:43:02  hoard04 [2]: Protocol error. ssh is complaining, see next
message. #d83bb35 (ssh_common.c 427)
10 13:43:02  hoard04 [2]: ssh_exchange_identification: Connection
closed by remote host

Even though the problem solves automatically by just ingnoring it for a while (really) I prefer to fix the problem rather than the symptoms, so with a little help from google I came up with the right solution.

This problem happens when the server hits the MaxStartups limit in the /etc/ssh/sshd_config file. This value acts as a security measure if for example someone tries to compromise your server with a DoS attack. By default its set to 10 so its relatively easy for SSH to get stuck at 10 connections.

Anyway, to solve the issue you just have to edit the mentioned file and bump the MaxStartups limit to, say 25 or 50 if you need a lot of connections.

Categories: networking, ssh Tags:

Custom Message for SSH logins

October 8, 2008 Leave a comment

If you ever wanted to show a message anytime someone logs to your server through SSH, here you have the how-to:

You will need root access to the server.

Login as root and use your favorite editor to modify the /etc/motd file. For this example I’m using vi.

# vi /etc/motd

Now type in the message you wish all users to see once they login to your server. Lets try something like this:

If you are not an authorized user for this server
or you are a hacker trying to access confidential info, think before you type.
Maybe join the human race and refrain from hacking it?  See
“Schlindler’s List” part where the German commandant is shooting
prisoners in the prsion year “because he can”.  Schlindler tells him
“true power is in not doing evil even though you can.”
You know, no one crushed you under their boot when you were a
baby, although they certainly could have…  With great power comes great responsibility.

OK, Now you’re done editing the file, type Esc to enter command mode and then type :wq to save the changes

Logout from SSH, then log back again and you will see your custom message.

Please note that the message will be displayed AFTER people log in. If you want to show a message BEFORE, you might want to edit your sshd_config file.

Categories: ssh Tags: