user-avatar
Today is Thursday
April 30, 2026

Archives: 7 July 2009

July 7, 2009

adding alias for commands in Bash

by viggy — Categories: Uncategorized — Tags: , Leave a comment

Courtesy to hypexr.org.

If you have used UNIX for a while, you will know that there are many commands available and that some of them have very cryptic names and/or can be invoked with a truckload of options and arguments. So, it would be nice to have a feature allowing you to rename these commands or type something simple instead of a list of options. Bash provides such a feature : the alias .
Aliasses can be defined on the command line, in .bash_profile, or in .bashrc, using this form :

alias name=command

This means that name is an alias for command. Whenever name is typed as a command, Bash will substitute command in its place. Note that there are no spaces on either side of the equal sign. Quotes around command are necessary if the string being aliassed consists of more than one word. A few examples :

  • alias ls=’ls -aF –color=always’
  • alias ll=’ls -l’
  • alias search=grep
  • alias mcd=’mount /mnt/cdrom’
  • alias ucd=’umount /mnt/cdrom’
  • alias mc=’mc -c’
  • alias ..=’cd ..’
  • alias …=’cd ../..’

The first example ensures that ls always uses color if available, that dotfiles are listed as well,that directories are marked with a / and executables with a *. To make ls do the same on FreeBSD, the alias would become :

  • alias ls=’/bin/ls -aFG’

To see what aliasses are currently active, simply type alias at the command prompt and all active aliasses will be listed. To “disable” an alias type unalias followed by the alias name.

One more important thing. After you have added alias in .bashrc, you need to inform your system about the changes and hence execute the following command:

  • source .bashrc

July 7, 2009

OpenSSH Public Key authentication

by viggy — Categories: Uncategorized — Tags: , , Leave a comment

Please refer to man pages of SSH command for latest updates.

This is method is used usually when you are a server administrator and usually work by logging through SSH in to the server. You will not like to enter the password everytime you want to log in. For this you can follow this method.

Host-based authentication works as follows: If the machine the user logs
in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote
machine, and the user names are the same on both sides, or if the files
~/.rhosts or ~/.shosts exist in the user’s home directory on the remote
machine and contain a line containing the name of the client machine and
the name of the user on that machine, the user is considered for login.
Additionally, the server must be able to verify the client’s host key
(see the description of /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts,
below) for login to be permitted. This authentication method closes se-
curity holes due to IP spoofing, DNS spoofing, and routing spoofing.
[Note to the administrator: /etc/hosts.equiv, ~/.rhosts, and the
rlogin/rsh protocol in general, are inherently insecure and should be
disabled if security is desired.]

Public key authentication works as follows: The scheme is based on pub-
lic-key cryptography, using cryptosystems where encryption and decryption
are done using separate keys, and it is unfeasible to derive the decryp-
tion key from the encryption key. The idea is that each user creates a
public/private key pair for authentication purposes. The server knows
the public key, and only the user knows the private key. ssh implements
public key authentication protocol automatically, using either the RSA or
DSA algorithms. Protocol 1 is restricted to using only RSA keys, but
protocol 2 may use either. The HISTORY section of ssl(8) contains a
brief discussion of the two algorithms.

The file ~/.ssh/authorized_keys lists the public keys that are permitted
for logging in. When the user logs in, the ssh program tells the server
which key pair it would like to use for authentication. The client
proves that it has access to the private key and the server checks that
the corresponding public key is authorized to accept the account.

The user creates his/her key pair by running ssh-keygen(1). This stores
the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol
2 DSA), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in
~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA), or
~/.ssh/id_rsa.pub (protocol 2 RSA) in the user’s home directory. The us-
er should then copy the public key to ~/.ssh/authorized_keys in his/her
home directory on the remote machine. The authorized_keys file corre-
sponds to the conventional ~/.rhosts file, and has one key per line,
though the lines can be very long. After this, the user can log in with-
out giving the password.

The most convenient way to use public key authentication may be with an
authentication agent. See ssh-agent(1) for more information.

Challenge-response authentication works as follows: The server sends an
arbitrary “challenge” text, and prompts for a response. Protocol 2 al-
lows multiple challenges and responses; protocol 1 is restricted to just
one challenge/response. Examples of challenge-response authentication
include BSD Authentication (see login.conf(5)) and PAM (some non-OpenBSD
systems).

Finally, if other authentication methods fail, ssh prompts the user for a
password. The password is sent to the remote host for checking; however,
since all communications are encrypted, the password cannot be seen by
someone listening on the network.

ssh automatically maintains and checks a database containing identifica-
tion for all hosts it has ever been used with. Host keys are stored in
~/.ssh/known_hosts in the user’s home directory. Additionally, the file
/etc/ssh/ssh_known_hosts is automatically checked for known hosts. Any
new hosts are automatically added to the user’s file. If a host’s iden-
tification ever changes, ssh warns about this and disables password au-
thentication to prevent server spoofing or man-in-the-middle attacks,
which could otherwise be used to circumvent the encryption. The
StrictHostKeyChecking option can be used to control logins to machines
whose host key is not known or has changed.

When the user’s identity has been accepted by the server, the server ei-
ther executes the given command, or logs into the machine and gives the
user a normal shell on the remote machine. All communication with the
remote command or shell will be automatically encrypted.