Jump to content
Sign in to follow this  
websmythe

Configuring ssh after a Synaptic install?

Recommended Posts

-------------

RESOLVED

-------------

Hi. I running on Debian 4, installed the openssh-server /w the blacklist & rssh & molly-guard using Synaptic Package Manager, but can't connect using PuTTY from my Vista box. Could somebody show me what I need to enable in the config files (see below) to get it to work? Thanx.

 

The story so far...

I've read the man pages, which seem pretty daunting at this point, and been trawling the net, where I've found lots of juicy tidbits, but nothing that walks me thru it line by line. It's not PuTTY cause I had it working last nite when I did a commandline install using "apt-get install ssh", but I also got some sort of legacy message. As I've done a reinstall since then, I thought I'd try and avoid the legacy issue and use Synaptic. From what I have found on the net, all the needed files "seem" to be in the right place, but it looks like there's a bunch of stuff that is commented out that shouldn't be (I think...)

 

# /etc/ssh/sshd_config
# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile	%h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding no
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

# /etc/ssh/ssh_config
# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
#   ForwardAgent no
#   ForwardX11 yes
#   ForwardX11Trusted yes
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no

Share this post


Link to post
Share on other sites

k, we are officially one giant leap closer. Yeah!

 

I remembered that last night I was going through http://www.howtoforge.com/perfect_setup_debian_etch_p3 which starts a Debian 4 install from scratch. And in Section 5 - page 3, right after installing openssh-server, he sets the machine ip from the default install dhcp assigned address to a static address, and sets the hostname.

 

--------------------------------------------------------------------

UPDATE:

 

PuTTY now connects from my Vista box.

Unfortunately, it says... "Network Error: Connection Refused"

But Hey! Almost home.

 

UPDATE:

I thought I try un-commenting all the lines in ssh_config

 

*** YEAH!!! : SUCCESS!!! ***

 

UPDATE:

Musta been something I did or didnt do. After a resinstall (again :)),

using Synaptic and going thru the config made it work perfect.

And I didn't edit ssh_config or sshd_config. Go figure. Must be a Noob's world.

 

Anyways, any comments, re: things I'm not aware off, and/or things I should tweak, especially re: Security, would be most appreciated.

 

Thanx for reading this far :)

Share this post


Link to post
Share on other sites

i'd start reading the Remote Access section of linux-noob.com

 

things to think about would be

 

* deny ssh login to root

* ssh rate limiting

* users allowed/denied

 

and more, just check out the Remote Access section for tips with ssh (and scp and so on)

 

be aware that you need to restart the sshd service after making changes to the config file

 

cheers

anyweb

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...