SitePoint Sponsor

User Tag List

Results 1 to 8 of 8

Thread: SSH Help needed

  1. #1
    SitePoint Enthusiast bsmith@interinc.com's Avatar
    Join Date
    Jun 2001
    Location
    Maryland, USA
    Posts
    47
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    SSH Help needed

    I'm having trouble with my ssh Server

    I checked and everything is installed (I think).

    /etc/ssh/dir

    ssh_host_dsa_key ssh_host_key ssh_host_rsa_key
    ssh_host_dsa_key.pub ssh_host_key.pub ssh_host_rsa_key.pub

    The host.allow has not been set up as of now.

    /etc/dir

    hosts.allow hosts.deny

    ---------------------------------------------------
    ---------------------------------------------------
    On linux.com under http://www.linuxhelp.net/guides/sirplaya/ssh.phtml

    the article talks about setting permissions and unmask

    The writers notes:

    What I did was edited my /etc/init.d/rc.local (Red Hat) (/etc/init.d/rcS in Debian) file to execute sshd at boot time. Some people debate on whether it should be in init.d instead, so I will show you how to do that later on in this guide.

    Now, set your umask so that the files you install preserve their permissions correctly.



    type --> umask 022

    --------------------------------------------
    --------------------------------------------
    The bases of my problem is that I have downloaded the file, host.allow

    #
    # hosts.allow This file describes the names of the hosts which are
    # allowed to use the local INET services, as decided
    # by the '/usr/sbin/tcpd' server.
    #


    sshd: ALL ##Should I leave setting at (ALL) ?
    sshdfwd-X11: my_host_name_in_full ##Right?

    Saved as host.allow with BBEdit

    When I go to upload it says "host.allow permission denied"

    So using fetch 4.0 I try to set the permission for the file first before I make changes.

    "same error message"

    Then I think I will try to set upload permissions for the whole folder /etc

    Site Response "Site Umask" not understood


    I don't know how to Telnet a file from my client to my remote (command) could possibly set permissions in Telnet?

    When I change a file do I need to reboot Apache? each time?

    Thanks for any help you can give

    "B"
    I am I, Therefore I bark.

  2. #2
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Brian,

    Again, you should not need to do anything with the hosts.allow file. I have ssh running on my RedHat box fine and I have never even touched that file in fact I have it but its blank. So I think you don't need it. Changing your permissions on the /etc folder is a very bad idea, you are better off using ftp to send files up then telnet in and copy them to wherever they need to go. Have you tried to start the ssh daemon yet? That is probably all you need to do.

    $> locate sshd

    You should get a result like
    /usr/sbin/sshd

    Whereever it resides then cd there, I'll use my example above
    $> cd /usr/sbin/
    $> ./sshd




    This should either start the ssh server or give you an error. If it starts it you should be all set and you can try the ssh login again. If it doesn't post the error message you get here.
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  3. #3
    SitePoint Enthusiast bsmith@interinc.com's Avatar
    Join Date
    Jun 2001
    Location
    Maryland, USA
    Posts
    47
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Exporting an Identity

    Okay....point taken.
    I am still in limbo abit and bouncing.

    What do you think about this...

    When you set up you ssh I am assuming you needed as well a set of "identity keys" correct? You then telnet them to your "admin"? correct. Now lets say I want to access the remote from a totally different location or client, as long as I have the paraphrase or pass I should be good to go right?

    See I bounce back and forth from Mac to PC. Depends on where I am @ or which program I need to interact with.

    I forget are you linux? If yes do you have virtualdomains On?

    Thanks

    "B"
    I am I, Therefore I bark.

  4. #4
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Brian, Yes you must generate a key on the server, but you should only need to do it once since that key lives on the server, you can connect to the server using ssh from any computer with a internet connection and an ssh client. But no ssh is not like pgp where you need to have some special key ring with all the client keys on it. Basically the key is used so ssh cqan encrypt the data coming across and does not need to be exported.

    Did you get sshd daemon running yet? If not did you get an error message?
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  5. #5
    SitePoint Enthusiast bsmith@interinc.com's Avatar
    Join Date
    Jun 2001
    Location
    Maryland, USA
    Posts
    47
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    What I have....

    I went on my PC using "Secure CT" SSH program.

    I went in on port 22 (ssh port right?)

    It then said prompted me to choose between accepting once or accepting & save the option of I think excepting the "Server host key finger print".

    So I say sure.

    Then it prompts for my password and I am in. But my Screen looks normal? When your SSH shouldn't it come across the screen as jumbled code? Or does it look normal it is in port 22 that is why no one can see? But we don't see the encryption either?

    "B"
    I am I, Therefore I bark.

  6. #6
    SitePoint Enthusiast
    Join Date
    Jun 2001
    Location
    Balto, MD
    Posts
    36
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey guys.

    SSH can be thought of as a secure tunnel telnet connection to your box.

    If you understand the theory behind public key cryptography, what I say later will make more sense.

    In general, FTP and Telnet are dangerous protocols form a server perspective. There are so many vulnerabilities in each of the daemons that running them on a public server is asking for problems (in my opinion). In the case where you NEED to run FTP, use a product that offers good, frequent updates when vulnerabilities are discovered.

    Now to the point:

    The login sequence for an SSH session is as follows:

    (If the host is unknown)Prompt to include the host (public key) key fingerprint for the host in the local system's database.

    (If the host is already known) Use designated host key to encrypt connection request to server.

    If connect request is successful, prompt for password of account. (If you are logged into your local machine as root, the connection to the other machine will by default be in the name of root as well.)

    IN the background, the remote machine will grab a copy of a unique session key for your local machine and use that to send encrypted connection information back to you.

    The key fingerprint will be the same on the remote machine forever (in theory), but SSH changes session keys regularly. THat is a very sound security idea.

    I noticed the first time I set SSH up that if the SSH daemon was not running, the port would report the version of SSH that it was running, but would not (could not) make a connection.

    SSH is wonderful. I use it often.
    ---***---***---
    Good Programming takes a long time and costs a lot of money.

    Bad programming is done by the hour and costs minimum wage.

  7. #7
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    To add to what jeffkenton said yes you should select accept & save. Then you are in, nothing will look encrypted on the screen it will look normal, buts encrypted. So you got it your in, right?
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  8. #8
    SitePoint Enthusiast bsmith@interinc.com's Avatar
    Join Date
    Jun 2001
    Location
    Maryland, USA
    Posts
    47
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    In like Flynn

    Thanks FreddydoesPHP and to JeffKenton for hanging in until I got it. Yes I'm in!!!

    Quick question guys....

    I am just getting familar with being a "site admin". What directories should I positively not mess with and which ones are the basic directories of files like .sshd and php.ini that i need to work in? I hate trouble.

    "B"
    I am I, Therefore I bark.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •