Configuring an OpenSSH Server

To run an OpenSSH server, you must first make sure that you have the proper RPM packages installed. The openssh-server package is required and depends on the openssh package. The OpenSSH daemon uses the configuration file /etc/ssh/sshd_config. The default configuration file installed with Red Hat Linux should be sufficient for most purposes. If you want to configure the daemon in ways not provided by the default sshd_config, read the sshd man page for a list of the keywords that can be defined in the configuration file.

To start the OpenSSH service, use the command /sbin/service sshd start. To stop the OpenSSH server, use the command /sbin/service sshd stop. If you want the daemon to start automatically at boot time, refer to Chapter 21 for information on how to manage services.

If you reinstall a Red Hat Linux system, but clients connected to it before any of the OpenSSH tools were reinstalled, the client users will see the following message once the OpenSSH reinstall is complete:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @     WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!                    @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed.

The reinstalled system creates a new set of identification keys for the system, hence the warning about the RSA host key changing. If you want to keep the host keys generated for the system, back up the /etc/ssh/ssh_host*key* files and restore them after the reinstall. This process retains the system’s identity, and when clients try to connect to the system after the reinstall, they will not receive the warning message.