build:ssh
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
build:ssh [2008/02/02 18:28] 4.245.73.121 |
build:ssh [2008/05/08 22:42] (current) 4.245.76.155 |
||
|---|---|---|---|
| Line 4: | Line 4: | ||
| ===== Installation ===== | ===== Installation ===== | ||
| - | Install the package: | + | Install the SSH client and server packages: |
| <code rootshell> | <code rootshell> | ||
| - | apt-get install -y ssh | + | apt-get install ssh openssh-server |
| </code> | </code> | ||
| Line 18: | Line 18: | ||
| <code rootshell> | <code rootshell> | ||
| echo 'This system for use by SLUUG members ONLY. Unauthorized access prohibited.' > /etc/issue.net | echo 'This system for use by SLUUG members ONLY. Unauthorized access prohibited.' > /etc/issue.net | ||
| + | cat /etc/issue.net > /etc/issue | ||
| </code> | </code> | ||
| + | |||
| + | NOTE: On Bud, change the word ''members'' to ''administrators''. | ||
| Configure the SSH daemon to add the warning message. | Configure the SSH daemon to add the warning message. | ||
| Line 25: | Line 28: | ||
| </code> | </code> | ||
| - | **Add alternate port:** Have SSH accept connections on an alternate port for situations where port 22 is blocked at the client's end, or blocked by mistake on the server's end. Edit /etc/ssh/sshd_config to add new statement "Port 443" (without the quotes) after the existing Port statement. | + | **Add alternate port:** Have SSH on BudLight accept connections on an alternate port for situations where port 22 is blocked at the client's end, or blocked by mistake on the server's end. Edit /etc/ssh/sshd_config to add new statement "Port 443" (without the quotes) after the existing Port statement. |
| **This step seems obsolete and no longer needed since the reload of the systems.** Correct problem with "Request for subsystem 'sftp' failed on channel 0" when using SSH protocol version 2. Edit /etc/ssh/sshd_config to change value on sftp statement from "/usr/libexec/openssh/sftp-server" (which doesn't exist) to "/usr/lib/sftp-server". Also tell sshd to reread configuration using the kill command documented below. This was probably due to the upgrade to ssh a month or two ago on budlight and might not be needed on future uprades or installations. If "sftp -2" to the system works, then it is probably ok. | **This step seems obsolete and no longer needed since the reload of the systems.** Correct problem with "Request for subsystem 'sftp' failed on channel 0" when using SSH protocol version 2. Edit /etc/ssh/sshd_config to change value on sftp statement from "/usr/libexec/openssh/sftp-server" (which doesn't exist) to "/usr/lib/sftp-server". Also tell sshd to reread configuration using the kill command documented below. This was probably due to the upgrade to ssh a month or two ago on budlight and might not be needed on future uprades or installations. If "sftp -2" to the system works, then it is probably ok. | ||
| Line 34: | Line 37: | ||
| /etc/init.d/ssh restart | /etc/init.d/ssh restart | ||
| </code> | </code> | ||
| + | |||
| + | NOTE: You can probably run ''/etc/init.d/ssh reload'' instead of ''/etc/init.d/ssh restart'' if you like. | ||
| Or just send the daemon a HUP signal to have it reread the configuration file and activate the changes. | Or just send the daemon a HUP signal to have it reread the configuration file and activate the changes. | ||
| Line 42: | Line 47: | ||
| ===== Testing ===== | ===== Testing ===== | ||
| Log into the system as a user via SSH. | Log into the system as a user via SSH. | ||
| + | |||
| + | Log into the system as a user via sftp and try to transfer any file. | ||
| Try logging in as ''root'' via SSH. Make sure the access is denied, and that the attempt is logged. | Try logging in as ''root'' via SSH. Make sure the access is denied, and that the attempt is logged. | ||
| Line 61: | Line 68: | ||
| ===== TODO ===== | ===== TODO ===== | ||
| - | Publish the host public keys. | ||
| - | |||
| Enable/disable some more features to provide better security. | Enable/disable some more features to provide better security. | ||
build/ssh.1201998491.txt.gz ยท Last modified: 2008/02/02 18:28 by 4.245.73.121
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
