| Skip Navigation Links | |
| Exit Print View | |
|
Managing Remote Systems in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Managing Remote Systems in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
1. Working With Remote Systems (Overview)
2. Administering the FTP Server (Tasks)
3. Accessing Remote Systems (Tasks)
Accessing Remote Systems (Task Map)
Logging In to a Remote System (ssh)
Authentication for Remote Logins (ssh)
The /etc/ssh_known_hosts and .ssh/known_hosts Files
What Happens After You Log In Using Secure Shell
Logging In to a Remote System to Copy a File (sftp)
How to Open and Close an sftp Connection to a Remote System
How to Copy Files From a Remote System (sftp)
How to Copy Files to a Remote System (sftp)
Remote Copying With the scp Command
Security Considerations for Copy Operations
Specifying the Source and Target for Copy Operations
The Secure Shell feature of Oracle Solaris provides secure access to a remote host over an unsecured network. In Secure Shell, authentication is provided by the use of passwords, public keys, or both. All network traffic is encrypted. Thus, Secure Shell prevents a would-be intruder from being able to read an intercepted communication. Secure Shell also prevents an adversary from spoofing the system.
Note - Oracle Solaris 11.1 is installed as secure by default. Only the ssh command accepts incoming network requests. Therefore, remote login should only be done using ssh.
If the system you are logging in to is in a remote domain, be sure to append the domain name to the system name. In the following example, example.com is the name of the remote domain, venus is the host name, and jdoe is the user:
ssh —l jdoe venus.example.com
Authentication (establishing who you are) for ssh logins is provided by a combination of system passwords and public host keys. Authentication operations can be performed either by the remote system or by the network environment.
The /etc/ssh_known_hosts and the .ssh/known_hosts files contain the list of known host keys on the system or account. By default, the ssh command verifies the remote host's key. The ssh command next checks the host keys stored in the /etc/ssh_known_hosts and ~/.ssh/known_hosts files. If there is no host key for the remote host in either file, the user is asked whether they trust the new remote host's key. If the user confirms, the remote host's key is then added to the user's ~/.ssh/known_hosts file before the user is prompted for their password.
In the following example, user jsmith is logging in to the remote host mars.example.com for the first time.
$ ssh -l jsmith mars.example.com The authenticity of host 'mars.example.com (10.80.226.105)' can't be established. RSA key fingerprint is 06:55:4d:4e:d2:4a:e6:d9:8a:c4:13:15:18:9a:ef:dd. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'mars.example.com' (RSA) to the list of known hosts. Password: Last login: Thu Jun 21 15:44:54 2012 from venus.example Oracle Corporation SunOS 5.11 11.1 June 2012 $
The RSA key fingerprint for mars.example.com is now in jsmith/.ssh/known_hosts. Subsequent logins by jsmith to mars.example.com will prompt for a system password. For example:
$ ssh -l jsmith mars.example.com Password: Last login: Thu Jun 21 15:45:47 2012 from mars.example Oracle Corporation SunOS 5.11 11.1 June 2012 $
Note - By default, you are unable to use the ssh command to log in to a system as root or as a privileged user.
For further information on Secure Shell authentication, refer to Secure Shell Authentication in Oracle Solaris 11.1 Administration: Security Services.
When you attempt to log in to a remote system with the ssh command, the sshd daemon on the remote system starts the login program. The login program then performs the same tasks as when you log in locally. The program authenticates the user, and if successful, it executes the user's login shell.
If the home directory for the user cannot be found, you are then assigned to the remote system's root (/) directory. For example:
Unable to find home directory, logging in with /
ssh [-l login-name] hostname | login-name@hostname
Logs you in to the remote system with the user name you supply
The name of the remote system that you are logging into
If the system's host key is verified, you are asked to provide a password. If the password is typed incorrectly, the system states the number of authentication failures and the last date of successful login.
If the operation succeeds, the following is displayed: information about your last remote login to that system, the version of the operating system that is running on the remote system, and whether you have mail waiting for you in your home directory.
Example 3-1 Logging In to a Remote System (ssh)
The following example shows the output of a remote login to pluto. The system's host key has not been identified in either the /etc/ssh_known_hosts or the .ssh/known_hosts file, and the user has incorrectly entered in the password at the first attempt:
$ ssh -l amy pluto The authenticity of host 'pluto (10:120:100:12)' can't be established. RSA key fingerprint is 06:55:4d:4e:d2:4a:e6:d9:8a:c4:13:15:18:9a:ef:dd. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'pluto' (RSA) to the list of known hosts. Password: Password: Warning: 1 failed authentication attempt at Wed Jun 27 12:47 2012 since last successful authentication. Last login: Wed Jun 27 12:19:04 2012 from venus.us. Oracle Corporation SunOS 5.11 11.1 June 2012 $
You can log out of a remote system by using either the exit or the logout command.
$ exit
$ logout
The Control-D command sequence also ends a session on a remote system. For example, on the host venus:
$ Control-D Connection to venus closed.
|