Differences

This shows you the differences between two versions of the page.


openssh [2016/02/19 20:16] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +====== OpenSSH ======
  
 +  * [[dropbear]]
 +  * [[libressl]]
 +  * [[monit]]
 +  * [[openssl]]
 +  * [[SSH]]
 +
 +  * [[ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/]]
 +  * [[http://cmrg.fifthhorseman.net/wiki/OpenSSH]]
 +  * [[https://dev.gentoo.org/~swift/docs/security_benchmarks/openssh.html]]
 +  * [[http://utcc.utoronto.ca/~cks/space/blog/sysadmin/SshdSelectiveOptions|Match support in SSHD]]
 +
 +=== Server Configuration ===
 +
 +OpenSSH requires that users be in the ''ssh-users'' group to login.
 +
 +A public key is recommended, but not required.
 +
 +<code>
 +# A barebones sshd_config
 +PermitRootLogin no
 +PasswordAuthentication no
 +UsePAM no
 +PrintMotd no
 +PrintLastLog no
 +Subsystem       sftp    /usr/lib64/misc/sftp-server
 +AllowGroups ssh-users
 +</code>
 +
 +=== User Configuration ===
 +
 +Don't hash known_hosts so that bash completion will work.  Add to ''~/.ssh/config'':
 +<code>
 +HashKnownHosts no
 +</code>
 +
 +Decide which public key to use.  Also see [[http://www.kelvinwong.ca/2011/03/30/multiple-ssh-private-keys-identityfile/|this]].
 +
 +<code>
 +IdentityFile ~/.ssh/id_rsa
 +</code>
 +
 +=== OS X ===
 +
 +SSHD must be enabled in ''System Preferences > Sharing'' with service ''Remote Login'' enabled.  A firewall rule must allow access on port 22 as well, which can be setup in ''System Preferences > Security > Firewall > Advanced'' with the following configuration:
 +
 +  * Block all incoming connections (unchecked)
 +  * Remote Login (SSH) - Allow incoming connections
 +
 +The config file for OS X for SSHD is located at ''/etc/sshd_config''
 +
 +Add these lines to the config file:
 +
 +<code>
 +PermitRootLogin no
 +PasswordAuthentication no
 +UsePAM no
 +AllowUsers <user-name>
 +</code>
 +
 +Then restart the SSH server manually from Terminal:
 +
 +<code>
 +launchctl stop com.openssh.sshd
 +launchctl start com.openssh.sshd
 +</code>
 +
 +=== Building from Source ===
 +
 +Use the local copy of OpenSSL:
 +
 +<code>
 +./configure --with-ssl-dir=/usr/local
 +</code>
 +
 +If looking for ''ssh-copy-id'', it will be in the ''contrib'' directory.

Navigation
QR Code
QR Code openssh (generated for current page)