Securing Remote Shells and File Transfers with OpenSSH


OpenSSH is an open-source implementation of the SSH (Secure Shell) protocol, a popular method of providing secure shell access and secure file transfers. All of the data transmitted between systems through the SSH protocol is encrypted, making it a much safer option for systems accessible from the Internet.

One handy thing about SSH is that it's already installed on Fedora Core. Even the SSH server (sshd) is set up and ready to accept connections. So we'll move on to FreeBSD.

To activate OpenSSH (FreeBSD)

OpenSSH is installed by default with FreeBSD, but you need to activate it.

1.

Log in as root, or use su to become root.

2.

sysinstall

Launch the system installation and configuration tool.

3.

Press C to choose the Configure option, and then press Enter.

4.

Press the down arrow key several times until Networking is highlighted in the FreeBSD Configuration Menu (Figure 5.14), then press Enter.

Figure 5.14. Configuring networking settings with the FreeBSD Configuration Menu.


5.

Press the down arrow key several times until sshd is highlighted in the Network Services Menu (Figure 5.15), then press Enter to select it.

Figure 5.15. Adding sshd to the system with the Network Services menu.


6.

Press X to return to the Exit item, and then press Enter to return to the FreeBSD Configuration Menu.

7.

Press X to return to the Exit item, then press Enter to return to the sysinstall Main Menu.

8.

Press X to exit sysinstall.

Restart to generate your SSH keys and activate the SSH daemon.

To install OpenSSH (Cygwin)

OpenSSH isn't installed by default with Cygwin, so we'll need to install and configure it.

1.

Launch the Cygwin Setup program.

2.

Click the Next button in the Cygwin Setup window several times until you get to the Select Packages screen.

3.

Expand the Net category by clicking the plus sign beside it.

4.

Scroll down to find the openssh package.

5.

Click the circle-arrow icon to change its Skip entry to a version number (Figure 5.16).

Figure 5.16. Installing the openssh package with the Cygwin Setup application.


6.

Click Next to install the new package and updates to any packages you already have installed.

7.

Click Finish to exit the Cygwin Setup program.

8.

Open a Cygwin window.

9.

ssh-host-config

The ssh-host-config command creates the various cryptographic keys used by SSH.

10.

When prompted, you can answer yes to all of the questions, except for the CYGWIN environment variable question. Type ntsec and press Enter.

11.

net start sshd

When the script is finished, you can start the SSH server with the net start command.

To activate OpenSSH (Mac OS X)

Under the current version of Mac OS X (10.3, code-named Panther), OpenSSH is already installed, although it may not be activated.

1.

Launch the System Preferences application (Figure 5.17) by choosing System Preferences from the Apple menu.

Figure 5.17. Mac OS X's System Preferences application lets you control most aspects of the operating system's behavior.


2.

Click the Sharing icon in the Internet & Network section.

3.

In the Sharing pane (Figure 5.18), if the Remote Login item is not checked, click the Start/Stop button.

Figure 5.18. The Sharing preferences let you configure several standard Internet servers, such as the SSH (Remote Login) server.


To log in through ssh

Because Telnet sessions aren't secure, you should use ssh to open shells on remote computers.

  • ssh userid@hostname

    Connect through ssh to hostname as userid. If your current user ID is the same as your user ID on hostname, you can leave out the userid@ part and just connect to hostname.

To transfer files through ssh

The FTP component of OpenSSH is a drop-in replacement for the standard Unix ftp command, except it's secure.

  • sftp userid@hostname

    Create a file-transfer session to hostname, logging in as userid. As with ssh, you can leave off the userid@ part if your current user ID matches your user ID on hostname.

    Once you're connected, sftp works exactly like the ftp command; all of the same commands are there, and they all work the way you expect them to.

Tips

  • Under Cygwin, Windows users without passwords cannot log in through the SSH server. You wanted to make them use a password anyway, didn't you?

  • lftp ( http://lftp.yar.ru) is an excellent command-line FTP client that can also transfer through HTTP, HTTPS (if built with the OpenSSL libraries), and OpenSSH. Because it supports the SSH protocol, it makes an outstanding replacement for the sftp command.




    Unix Advanced. Visual QuickPro Guide
    Unix Advanced: Visual QuickPro Guide
    ISBN: 0321205499
    EAN: 2147483647
    Year: 2003
    Pages: 116

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net