Installing SSH-2 on SuSE 6.x and other System V based systems
Home Page: http://www.ipsec.com
Version: ssh-2.1.0
Description
SSH Secure Shell is the de facto standard for remote logins, with an
estimated three million users in 80 countries. It solves the most
important security problem on the Internet: hackers stealing passwords.
Typical applications include remote system administration, file transfers,
and access to corporate resources over the Internet.
This NHF is not going to go into great details as to how SSH2 works and
how to use every switch and option. What you will learn here is how to
install SSH2 using it's default settings and how to set it up so that the
SSH daemon (sshd2) starts when your system reaches a particular run level.
These instructions are SuSE 6.x specific but can be easily ported to work
on any Sys V Linux distro. The only thing you should have to change if
your using something other than SuSE is which runlevel you will want the
SSH2 daemon to start in. Normally you would want the SSH daemon to start
in the Multiuser, networking, standard runlevel which is runlevel 2 on
SuSE systems. For Red Hat runlevel 3 would be the runlevel in which you
would want the SSH2 daemon to start. I do not know the runlevels for
every Linux distro so you will have to consult your documentation or ask
someone who know's but I think it would be safe to bet most systems
will use runlevel 2 or 3.
Before we begin, let me talk about the licensing of SSH2. You have to
pay for SSH2 if your using it for commercial use. If your a non-profit
organization or an educational institute you can get a non-commercial use
license. You can also get a non-commercial use license if your going to
use it at home for non-commercial purposes such as wanting to learn how
to use SSH. You can get a non-commercial use license by going to http://commerce.ssh.com Once your at
commerce.ssh.com scroll down to about the center of the page where it
reads "SSH Secure Shell for Servers" there you will see a link that reads
[Non-commercial]. Just fill out the info they ask and it will generate a
license for you.
Since I was going to be connecting to my Linux box from my Laptop I also
got the "Secure Shell for Workstations" license.
Get the programs.
The list of download sites can be found here.
ssh-2.1.0.tar.gz is the SSH Server/Client for Unix/Linux
SSHWin-2.1.0.exe is the Windows client
One last thing before we begin, SSH by default listens on TCP port 22.
Edit your /etc/services file and check to see that the SSH service isn't
commented out or missing.
You should find the following two lines in /etc/services, if they are not
there, add them in:
ssh 22/tcp #SSH Remote Login Protocol
Installing SSH2 server.
1. Login as root.
2. Get the ssh-2.1.0.tar.gz file from www.ipsec.om and place it in your
/tmp directory.
3. cd to your /tmp directory or to the directory where you saved the
tarball.
4. Unpack the distribution with the following command:
tar -xvzf ssh-2.1.0.tar.gz
5. Now cd to /tmp/ssh-secure-shell-2.1.0-noncommercial
6. Run configure and make with the following command:
./configure && make.
If you are using TCP Wrappers and want SSH to support TCP Wrappers, then
use this command:
./configure --with-libwrap && make
7. Install SSH using the following command:
make install
8. Just follow the directions when prompted by the install, nothing
tricky here.
9. You can now start the sshd2 daemon if you like by using the command:
/usr/local/sbin/sshd2
If you have the SSH Win client installed on your Windows machine you
should be able to connect to your Linux machine via SSH at this time.
This document does not cover the installation procedures for the Windows
Client. Installing the Windows SSH client is really easy, nothing
special about it.
Starting the sshd2 daemon
There are several ways to start the SSH2 daemon. I start mine using
inetd with tcp_wrapper support enabled.
Manually
1. Run the command:
/usr/local/sbin/sshd2
Starting from inetd (without tcp_wrapper support)
1. Edit the file /etc/inetd.conf and add the following line:
ssh stream tcp nowait root /usr/local/sbin/sshd2 -i
2. Reboot your machine or restart inetd using killall -HUP
Starting from inetd (with tcp_wrapper support)
1. Edit the file /etc/inetd.conf and add the following line:
ssh stream tcp nowait root /usr/sbin/tcpd
/usr/local/sbin/sshd2 -i
2. Reboot your machine or restart inetd using kill -HUP inetd
Starting sshd at runlevel 2 (SuSE) or 3 (RH)
1. Copy the file sshd2.startup from:
/tmp/ssh-secure-shell-2.1.0-noncommercial to the /sbin/init.d directory
as sshd2 by using the command:
cp /tmp/ssh-secure-shell-2.1.0-noncommercial/sshd2.startup
/sbin/init.d/sshd2
2. cd to /sbin/init.d
3. Since with SuSE your going to start sshd2 in runlevel 2 we need to
make a few sym links. Run the following commands from the /sbin/init.d
directory:
ln -s ../sshd2 /sbin/init.d/rc2.d/S25sshd2
ln -s ../sshd2 /sbin/init.d/rc2.d/K15sshd2
Note: If your running Red Hat or another distro that has the same
runlevel format as Red Hat, create your symbolic links in rc3.d instead
of rc2.d
You can now restart your Linux machine and sshd2 should start
automatically.
If you dont want to reboot, you dont have to. Just run telinit s
then telinit 2 or telinit 3 (RH)
Setup your Windows client or Linux ssh client on another machine and test
it out, you should be good to go.
Conclusion
If everything went according to plan you should be able to make a secure
shell connection to your Linux machine. Please be aware that this is a
default install and that SSH2 has many features that are not covered in
this particular document. Please read the ssh and sshd man pages to learn
more or visit some of the sites that I have linked to below.
Cryptography A-2-Z
The Secure Shell
FAQ
SSH
Tutorial by -josh
Thank's to the following people and organizations.
Sensei @ LNO
SSH Communications
The #linuxnewbie gang on EFnet.
Happy Secure Shelling!
Dr SuSE
The doctor wrote this NHF using WebMaker 0.8.5
|
|
|
