SSH Setup

From Linuxhelp Wiki

erliacelbo

free sonyericsson ringtones free mono ringtones buy valium diazepam clomid online fioricet online order paxil kyocera ringtones mp3 ringtones mp3 ringtones cheap alprazolam alltel ringtones cheap alprazolam buy lipitor hydrocodone online free verizon ringtones but levitra cheap tramadol hydrocodone online sprint ringtones order xanax free real ringtones tracfone ringtones propecia online order ativan free samsung ringtones tramadol online buy didrex clomid cheap lorazepam free samsung ringtones albuterol online zyban online soma online but clonazepam cheap paxil real ringtones sildenafil online cheap soma ambien online cheap wellbutrin cheap adipex buy propecia free real ringtones buy diethylpropion polyphonic ringtones rivotril online free jazz ringtones lipitor lorazepam online prozac online carisoprodol online free polyphonic ringtones tenuate online cheap valium free polyphonic ringtones lipitor online free free ringtones phentermine online sagem ringtones free free ringtones ultracet online ortho online vigrx online nexium meridia online free sharp ringtones free music ringtones diazepam online cheap carisoprodol but wellbutrin meridia online free ringtones buy xanax mtv ringtones cheap fioricet mp3 ringtones free nextel ringtones cheap adipex xanax online free sagem ringtones cheap diazepam clonazepam online free polyphonic ringtones carisoprodol online buy wellbutrin free kyocera ringtones ativan online viagra online lorazepam online cheap ultram kyocera ringtones order alprazolam alltel ringtones ambien online cheap vicodin free motorola ringtones sony ericsson ringtones punk ringtones viagra online cheap phentermine xanax online ultram online valium online cingular ringtones adipex online cyclobenzaprine online cheap propecia cheap tenuate cheap carisoprodol ultracet online pharmacy online online free wwe ringtones cheap diazepam cheap xenical free nokia ringtones qwest ringtones cheap zanaflex cheap diazepam free verizon ringtones motorola ringtones lortab online buy prozac ericsson ringtones ortho cyclobenzaprine online cheap celexa free free ringtones phentermine free cool ringtones cheap prozac qwest ringtones cialis online sprint ringtones cheap nexium real ringtones sagem ringtones tracfone ringtones free nokia ringtones punk ringtones free mp3 ringtones sony ringtones ativan online but hgh midi ringtones free alltel ringtones cheap flexeril sony ericsson ringtones motorola ringtones vicodin online free tracfone ringtones buy soma levitra online free motorola ringtones cheap didrex sildenafil online pharmacy online online cheap zoloft order hydrocodone sony ringtones cingular ringtones viagra paxil online buy ambien buy lortab hydrocodone online cheap vigrx ativan online hgh online sildenafil online viagra online buy ortho nextel ringtones lisinopril online funny ringtones free sony ericsson ringtones buy vicodin hydrocodone order ativan free mono ringtones clonazepam levitra sprint ringtones cialis online sony ringtones order levitra cheap zanaflex but phentermine order celexa cheap ultracet wwe ringtones free sharp ringtones buy norco soma cheap ultracet free cingular ringtones cheap adipex cheap xenical cheap albuterol cheap tenuate

Author:	Janou
Created On:	December 28th, 1999
Updated On:	December 29th, 1999

[edit]

New Server Installation

So you might say, "What's wrong with plain telnet?". Well with regular telnet, your password is sent to the other machine in plain text form allowing the sniffing of passwords. With SSH strong cryptography is used for protecting all transmitted confidential data, including passwords, binary files, and administrative commands.

I first learned about ssh when I became involved in an IRC server that required it. I thought that it was going to be a problem to install because when you hear the word "security", you say to yourself, "Good Gosh .. I am gonna have to get this, then that, then the other ..."

Well, I am here once again to give you assurance that it is no where as bad as you think. Within a few minutes, I had ssh up and running, and also found a few cool ssh clients for those people that are using IP MASQuerading from a windows machine. I have also listed some links to where you can get some cool clients for Windows.

The two current versions of ssh are SSH and SSH-2. The differences between the two include different protocols and different licensing schemes. However, whatever your needs are, this guide will pretty much help you install either one. My emphasis will be on ssh.

The first thing you need to do is get the SSH software and install it. The ssh software you will need is packaged in a tar file which is available on the web. You can get the necessary file(s) by logging onto:

ftp://ftp.cs.hut.fi/pub/ssh

ftp://dimonieta.udg.es/mirror/ssh/

For the installation of ssh, you will need:

ssh-1.2.27.tar.gz for ssh or

ssh-2.0.13.tar.gz for ssh-2

Also please make sure to get the recent patch for SSH-1.2.27 that corrects a buffer overflow in rsaglue.c. You can download the patch from http://www.ssh.org/patches/patch-ssh-1.2.27-rsaref.buffer.overflow. To install it, simply copy the file into the ssh-1.2.27 source directory and as root run the command:

patch -p1 -l < patch-ssh-1.2.27-rsaref.buffer.overflow

After you have patched SSH, for most machines and configurations all you need to do is the typical:

./configure
make
make install

For those people that are in a networked environment with a shared binary, after you make install on one machine, you can do make hostinstall on the others to generate host keys and install config files.

For you tarball scaredy cats, tarballs are not hard at all. With tarballs, you get to control how the program is installed. You have the option to change parms, function calls, paths, etc.

Once the compile is done, you can check to see if sshd_config and ssh_config was created in the /etc directory.

What I did was edited my /etc/init.d/rc.local (Red Hat) (/etc/init.d/rcS in Debian) file to execute sshd at boot time. Some people debate on whether it should be in init.d instead, so I will show you how to do that later on in this guide.

Now, set your umask so that the files you install preserve their permissions correctly.

umask 022

Now that you got that all out of the way, you can now make the key-gen. Change your directory to /etc (cd /etc) and run:

ssh-keygen -b 1024 -f /etc/ssh_host_key -N

The ssh-keygen binary lies in the /usr/local/bin, and also the /usr/ssh paths.

This will generate and test /etc/ssh_host_key and /etc/ssh_host_key.pub. Be patient, generating the key takes several seconds. ssh_host_key is a private key file (mode 0600, owned by root); sshd_host_key.pub is the public key file (mode 0644, owned by root). The security of SSH sessions depends, in part, on the security of the private key.

By running ssh-keygen to create the host key will create the file ~/.ssh/random_seed (~/ means your home dir). This file is a by-product of the key creation process and may be deleted after you have generated the key.

This is the Install boot script thingy for the init.d I mentioned earlier.

As root, copy sshd.rc to your system's init.d directory and create a link so that sshd will start automatically when you reboot. The appropriate path varies by system.

For Linux, initialization varies by vendor. For a Redhat system, as root, run

mv /etc/sshd.rc /etc/rc.d/init.d/sshd

cd /etc/rc.d/rc3.d 
ln -s ../init.d/sshd S70sshd    -- to create the symbolic link

For other Linux systems, install as appropriate, using the instructions above as a guideline.

[edit]

Customizing this configuration

The default configuration should work for most systems. If you need to change the defaults, edit /etc/sshd_config. See the sshd man page for details about the options. The sshd man page is available in /usr/local/man/man8/sshd.8; it can be read with "man sshd" or "man ssh".

Running sshd

The sshd will start automatically when the system reboots. You can manually start the daemon now to see if it works. As root, run:

/usr/local/sbin/sshd

Testing sshd

Try to connect to your host. As a user, enter the command:

ssh -l your_login_name hostname_or_ip -c 3des

If you get "connection refused," you may need to make a small change in your local tcpwrapper configuration files. Check to see if you have an /etc/hosts.deny file. Look for the entry in that file that looks like this:

ALL: ALL

If you find it, add the following entries to your /etc/hosts.allow file:

sshd: ALL
sshdfwd-X11: your_local_hostname

The first entry permits remote sshd connections into your host. Instead of using "ALL", you can use this area to restrict the machines that are allowed to connect.

The second entry permits the forwarding of ssh X connections. For example, if your machine were named example.linuxhelp.net, that setting would read:

sshdfwd-X11: example.linuxhelp.net

I have listed below some windows ssh clients that you can use to telnet into. Remember, ssh uses port 22, and normal telnet uses port 23. This is something I found out when It wasn't working for me .. :)

[edit]