| |
Tips And Tricks For SSH And SSHFS, Part 1: Setup
By: Joe Purcell
Expert Author
2011-07-08
Secure Shell (SSH) access is a marvelous utility for all computer users. It can be used to seamlessly mount remote drives, run daily backups, and much more. The purpose of this series of articles is to share ideas on how Linux developers can get the most out of SSH and hopefully bring up new possibilities many are unaware of. In this part we will look at the initial setup of SSH and SSHFS.
Installation
For those who are new to Linux, articles that pass up the installation process are quite annoying. Using built in GUI-based package managers is easier for non-power Linux users. But, using the terminal is essential to release the full power that Linux offers. There is a learning curve, but starting now will have major pay offs in the long run. Assuming the reader is familiar with the terminal, the following simple command will install SSH and SSHFS:
sudo apt-get install ssh sshfs
For more in depth help with apt-get (aptitude), check out CyberCiti's cheat sheet. As an additional note, one of the things that makes SSH great is that it is supported on many operating systems. For working with Mac be sure to check out MacPorts which allows one to do sudo port install ssh! For working with Windows be sure to check out PuTTY for an SSH client, MobaSSH for a server or see the Lifehacker article to set it up using Cygwin.
Setup Single-Purpose Accounts
After installing and before configuring there are a couple things to note. First, it is best practice to create a user specifically for the purpose you intend; that is, create single-purpose accounts. Whether it be simply access to update a website or to view personal documents, creating users for these tasks isolates permissions and increases security. This requires a working knowledge of how Linux handles user permissions, which we won't go into here, but CyberCiti has two great articles on this here and here.
Once these specific accounts are setup, there are a number of ways to restrict user access. The first aspect of this is giving the user permission only for specific programs. For example, if the account is for changing website files, you can prevent the use of programs like su and passwd so that someone who breaks into the account can't switch users or change passwords. The second aspect is restricting read access so that the created user can only view their personal folder, or wherever you isolate them to. There are many other detailed aspects; user account management is a world of its own, but one that Linux gurus ought to become familiar with, because it wields enormous benefit.
Setup Networking
Second, as some may not be aware, if you want to be able to access your home computer from work or Starbucks or some other location, you will need to have a few things setup. One, you will need the WAN (Wide Area Network) IP to your house, which is provided to you by your ISP; you can find this at whatismyip.com. Two, you will need to forward port 22 on your home router to the computer you wish to access. This requires knowing the LAN (Local Area Network) IP of your computer and configuring that in your router. Setting this up is straightforward but can get dicey quick if you haven't done it before.
Setup Public-Private Keys
The last part of the setup is to exchange public keys for ease of use and better security. Using public keys prevents having to type in your password at every login, which makes using SSH and SSHFS much more friendly. Also, as we will come to next, using public key authentication is much more secure than password authentication. Check out a great CyberCiti howto on this.
Next, we will look at some tips on configuration that are essential to security and have practical benefit. In the mean time, hopefully, this is enough to get users started.
About the Author:
Joe Purcell is a technology virtuoso, cyberspace frontiersman, and connoisseur of Linux, Mac, and Windows alike.
|
|
