[clug] Learning mc -> Private viewing

Scott Ferguson scott.ferguson.clug at gmail.com
Mon Apr 20 16:37:31 MDT 2015


On 21/04/15 01:51, Bryan Kilgallin wrote:
> Thanks again, Scott:
> 
> I am working through your suggestions.
> 
>> *1.* May I suggest on Ubuntu you edit ~/.ssh/config and add an entry
>> like:-
> 
> I am using Ubuntu 12.04 LTS. But in my "~/.ssh/" directory is only the
> text file "known_hosts". Its content appears to be encrypted.

Which tells me you haven't generated an ssh key pair, or connected to
that box from another box using ssh key authentication. If you had you'd
also have:-
authorized_keys  (public keys of allowed ssh key connections)
id_rsa (your ssh private key)
id_rsa.pub (your ssh public key)

Run ssh-keygen to create a key pair, when you connect to another device
by ssh the id_rsa.pub will be offered and you'll be asked to:- supply
your password; confirm that the fingerprint of your machine matches the
device. Your pub key will then be added to authorized_keys, and the
fingerprint of your device (either by ip address or hostname) will be
added to known_hosts. NOTE: you can use other encryption protocols than
rsa; id_rsa is the default name - you can:- use any name; have more than
one key pair; authorized_keys is not encrypted

Ref: man ssh
~/.ssh/known_hosts
Contains a list of host keys for all hosts the user has logged into that
are not already in the systemwide list of known host keys.  See sshd(8)
for further details of the format of this file.

NOTE: you can manually add your public key to another devices
authorized_keys:-
echo ~/.ssh/id_rsa.pub >>
someuser at somebox:/home/someuser/.ssh/authorized_keys


> 
>> Replace $PhoneNickname with a nickname for your phone (e.g. p)
>> Replace $FQDN with the fully qualified domain name of the phone (see
>> /etc/hosts on Ubuntu for the name)
> 
> In my "/etc/" directory is a file called "hosts". It lists the IP
> addresses of localhost and my PC and phone nicknames.
> 
>> Once that's done you can just use the nickname to ssh/scp etc.
> 
> Yes, I thus (by nickname) SSH into the phone.

That's different. /etc/hosts contains IP addresses and names that match
(you can have multiple names for an IP address).
~/.ssh/config and /etc/ssh/config can contain different names for an IP
address *and* the user name

> 
>> *2.* May I also suggest using a private key instead of insecure
>> password logins?
> 
> I feel clueless (lacking confidence) on this subject. Please suggest a
> beginner's on-line reference.

A search engine is your friend - there are thousands of them. Try man
ssh to begin.

> 
>> If you have ssh always listening on port 22 *and* allow both root
>> logins and password authentication you should at least configure port
>> knocking or fail2ban to stop brute force attacks.
> 
> I feel ignorant here! So again I ask for referral to an introductory
> on-line explanation!

Debian online manual - see the section on security.
A search engine query for ssh best practice security will also yield
useful results. Add the word howto if you wish.

> 
>> (but given that most people leave the PIN for their voice mail set to
>> the default last 4 digits of their phone number I may have unrealistic
>> expectations)
> 
> Long ago, people working on computers had doctoral degrees. Then
> marketing expanded the number of machines beyond four!
> 
>> To check what port the phone uses run either of the following on the
>> phone:-
>> echo ${SSH_CLIENT##* }
> 
> The result was null.

That's not unusual, that's why I offered two methods to determine the
ssh port used. "ssh -vvv somedevicenamethatisinthehostsfile" will give
you more information about attempted ssh connections.

> 
>> cat /etc/ssh/sshd_config | grep -v "^#" | grep -i ^"port "
> 
> I got a file not found error. So I looked in in the phone's "/etc/"
> directory. But it didn't have an "ssh" subdirectory!

Your phone may be using dropbear instead of openssh - or it may not have
ssh at all. Sorry, the airline luggage handlers "misplaced" my psychic
abilities. Apparently they're awaiting my collection in Singapore.

> 
>> *3.* If you find working in a single session frustrating may I suggest
>> "screen"?
> 
> It's installed--though I don't know how to use it! Can you recommend a
> tutorial?

man screen
Try searching for "linux screen howto"
screen (start a screen session)
Ctrl+a (start a screen command)
Ctrl+n (create new screen session)
Ctrl+p (switch between screen sessions)
Ctrl+c (kill a screen session)

> 
>> Add the following to ~/.bashrc
> 
> My default shell is fish.

man fish (I don't use fish - it's a perfectly cromulent shell, as are
many others).
Try searching for "linux fish howto"

> 
>> Lots of tutorials on screen at the Google University
> 
> I am wallowing in need-to-know!
> 

May I suggest using a search engine to swim in a sea of answers. Or,
better, read the man and info files - almost every other source of
information is drawn from them. (use the source luke).

Kind regards


More information about the linux mailing list