● Secure Shell (SSH/SSH2) Setup - 荔园在线 | 深圳大学学生论坛,荔园晨风BBS,深大在线网站

荔园之美，在春之萌芽，在夏之绽放，在秋之收获，在冬之沉淀

发信人: Lg (创造人生的传奇), 信区: Linux
标  题: Secure Shell (SSH/SSH2) Setup
发信站: BBS 荔园晨风站 (Sun Jan  2 14:22:41 2000), 转信

Secure Shell (SSH/SSH2) Setup
by Janou Milligan, sirplaya@linuxhelp.net
Created on December 28th, 1999
Last updated on December 29th, 1999

New Server Installation

So you might say, "What's wrong with plain telnet?". Well with regular telnet,
your password is sent to the other machine in plain text form allowing the
sniffing of passwords. With SSH strong cryptography is used for protecting all
transmitted confidential data, including passwords, binary files, and
administrative commands.

I first learned about ssh when I became involved in an IRC server that
required it. I thought that it was going to be a problem to install because
when you hear the word "security", you say to yourself, "Good Gosh .. I am
gonna have to get this, then that, then the other ..."

Well, I am here once again to give you assurance that it is no where as bad
as you think. Within a few minutes, I had ssh up and running, and also found
a few cool ssh clients for those people that are using IP MASQuerading from a
windows machine. I have also listed some links to where you can get some cool
clients for Windows.

The two current versions of ssh is SSH and SSH-2. The differences between the
two include different protocols and different licensing schemes. However,
whatever your needs are, this guide will pretty much help you install either
one. My emphasis will be on ssh.

The first thing you need to do is get the SSH software and install it. The ssh
software you will need is packaged in a tar file which is available on the
web. You can get the nesseary file(s) by logging onto:

ftp://ftp.cs.hut.fi/pub/ssh

or

ftp://dimonieta.udg.es/mirror/ssh/

For the installation of ssh, you will need:

ssh-1.2.27.tar.gz for ssh or

ssh-2.0.13.tar.gz for ssh-2

Also please make sure to get the recent patch for SSH-1.2.27 that corrects a
buffer overflow in rsaglue.c. You can download the patch from
http://www.ssh.org/patches/patch-ssh-1.2.27-rsaref.buffer.overflow. To install
it, simply copy the file into the ssh-1.2.27 source directory and as root run
the command:

patch -p1 -l < patch-ssh-1.2.27-rsaref.buffer.overflow

After you have patched SSH, for most machines and configurations all you need
to do is the typical:

./configure
make
make install

*** For those people that are in a networked environment with a shared binary,
after you make install on one machine, you can do make hostinstall on the
others to generate host keys and install config files.

For you tarball scaredy cats, tarballs are not hard at all. With tarballs, you
get to control how the
program is installed. You have the option to change parms, function calls,
paths, etc.

Once the compile is done, you can check to see if sshd_config and ssh_config
was created in the
/etc directory.

What I did was edited my /etc/init.d/rc.local (Red Hat) (/etc/init.d/rcS in
Debian) file to execute
sshd at boot time. Some people debate on whether it should be in init.d
instead, so I will show
you how to do that later on in this guide.

Now, set your umask so that the files you install preserve their permissions
correctly.

type -->  umask 022

Now that you got that all out of the way, you can now make the key-gen.
Change your directory
to /etc (cd /etc) and run:

ssh-keygen -b 1024 -f /etc/ssh_host_key -N ''

*** The ssh-keygen binary lies in the /usr/local/bin, and also the /usr/ssh
paths

This will generate and test /etc/ssh_host_key and /etc/ssh_host_key.pub. Be
patient, generating
the key takes several seconds. ssh_host_key is a private key file (mode 0600,
owned by root);
sshd_host_key.pub is the public key file (mode 0644, owned by root). The
security of SSH
sessions depends, in part, on the security of the private key.

By running ssh-keygen to create the host key will create the file ~/.ssh/
random_seed (~/ means
your home dir). This file is a by-product of the key creation process and may
be deleted after you
have generated the key.

This is the Install boot script thingy for the init.d I mentioned earlier

As root, copy sshd.rc to your system's init.d directory and create a link so
that sshd will start
automatically when you reboot. The appropriate path varies by system.

For Linux, initialization varies by vendor. For a RedHat system, as root,
run

mv /etc/sshd.rc /etc/rc.d/init.d/sshd

cd /etc/rc.d/rc3.d
ln -s ../init.d/sshd S70sshd    -- to create the symbolic link

For other Linux systems, install as appropriate, using the instructions above
as a guideline.

Customizing this configuration

The default configuration should work for most systems. If you need to change
the defaults, edit
/etc/sshd_config. See the sshd man page for details about the options. The
sshd man page is
available in /usr/local/man/man8/sshd.8; it can be read with "man sshd" or "
man ssh".

Running sshd

The sshd will start automatically when the system reboots. You can manually
start the daemon
now to see if it works. As root, run:

/usr/local/sbin/sshd

Testing sshd

Try to connect to your host. As a user, enter the command:

ssh -l your_login_name hostname_or_ip -c 3des

If you get "connection refused," you may need to make a small change in your
local tcpwrapper
configuration files. Check to see if you have an /etc/hosts.deny file. Look
for the entry in that file
that looks like this:

ALL: ALL

If you find it, add the following entries to your /etc/hosts.allow file:

sshd: ALL
sshdfwd-X11: your_local_hostname

The first entry permits remote sshd connections into your host. Instead of
using "ALL", you can
use this area to restrict the machines that are allowed to connect.

The second entry permits the forwarding of ssh X connections. For example,
if your machine
were named example.linuxhelp.net, that setting would read:

sshdfwd-X11: example.linuxhelp.net

I have listed below some windows ssh clients that you can use to telnet into.
Remember, ssh uses
port 22, and normal telnet uses port 23. This is something I found out when
It wasn't working for
me .. :)

- TTSSH: An Extension for TeraTerm - http://www.zip.com.au/~roca/ttssh.html
- PuTTY: A Free Win32 Telnet/SSH Client -
http://www.chiark.greenend.org.uk/~sgtatham/putty/
- Secure CRT - http://www.vandyke.com/

If you experience problems with ssh, please send email to sirplaya@linuxhelp.
net

Special shout out to my pplz: LyteSter, x2xtreme, ToxiC_Myst (did you get your
sparc box up
and running yet?), FEDERAL_AGENT (Pretty fly for a Desi Guy), and to the Linux
/Unix
community!

--
☆ 来源:．BBS 荔园晨风站 bbs.szu.edu.cn．[FROM: bbs@210.39.3.71]
※ 修改:·georgehill 於 Jan  2 15:35:08 修改本文·[FROM: 192.168.1.115]

荔园在线首页友情链接：深圳大学深大招生荔园晨风BBS S-Term软件网络书店