Gice

Technology and General Blog

The SSH protocol is a safe protocol that is usually utilized to link to distant equipment these as servers and network products, together with routers and switches. It performs in a client-server setup and, by default,  listens on port 22 ( whilst this can be adjusted when essential ). SSH  employs various encryption and hashing strategies to make certain the interaction between the shopper and the remote host is encrypted and safe and sound from eavesdropping.

SSH information are saved in the .ssh folder.  This is a concealed folder that resides in the household directory. The  .ssh directory is not established by default it is created when you initiate a link with a remote host or use the ssh-keygen command to create the non-public and general public authentication keys as when you want to established up passwordless ssh authentication.

The .ssh folder.  consists of necessary SSH documents such as:

  1. Community and Private keys ( id_rsa and  id_rsa.pub ).
  2. The regarded_hosts file – Has public keys of all the remote devices that you have linked to.
  3. The  config shopper configuration file

If the config file doesn’t exist, you can simply produce 1 as shown.

The .ssh/config customer configuration file

Every time you initiate an SSH connection, you require to specify facts this kind of as the IP address or domain name and the port SSH is listening to. For instance,

$ ssh [email protected]  -p 22

It can be hectic to have to often keep in mind such aspects. And this is the place the ~/.ssh/config file comes in.  The ~/.ssh/config file is a configuration file that allows you to configure for each-person configuration information of the remote host. It saves you the agony of often possessing to recall the for every-host facts demanded for connection.

A sample config file appears as shown.

Host staging-server
     HostName 192.168.2.103
     User james
     Port 22

A simple SSH command into the remote host  would seem as follows:

The .ssh/config  file permissions 

By default, the  ~/.ssh/config consumer configuration file possesses the  644 file permissions. You can confirm that using the ls -la command as follows.

This implies that the owner and group of the file the two have read through and publish permissions (rw) while other end users have read permissions only (r).

Observe:

As a rule of thumb, hardly ever assign write permissions to other users. This poses a security hazard to your file, and other customers who are not yourself or in your group can modify the contents of the file. Assigning generate permissions will end result in the ‘Bad owner or permissions’  mistake as indicated down below.

Below, the config file was assigned the permissions 666. This implies that every person can both read and create the file.

Similarly, the identical scenario applies here the place the file has been assigned 777 permissions. This indicates that all people can read, compose and execute the file. Simply set, any one has all the legal rights to the probably harmful file.

Greatest apply recommends that you leave the default permissions at 664 or 600, where only the proprietor has read through and produce permissions (rw). This way, the file stays harmless from getting modified by unauthorized end users.

On top of that,  make sure that you have the file. If the file is improved to yet another person, SSH will not be able to take care of the hostname supplied in the config file.

In the instance underneath, the ~/.ssh/config ownership has been established to bob:bob.

To resolve this challenge, I reverted again to the original file ownership using the chown command.

$ sudo chown james:james ~/.ssh/config

With the file permissions reverted, now I can have access by invoking the SSH command adopted by the hostname specified in the config file.

And that is all you want to know about placing permissions on the ~/.ssh/config file. Assure you never set read through permissions to the relaxation of the users and make certain that you possess the file.

Leave a Reply

Your email address will not be published. Required fields are marked *