Hello all,

I would like to install SSH on my servers, where can I get it and can some one give me some install dupe on how to.
I am running Plesk as well, and Linux 7.1.

Any info would be helpful.

Rich :confused:

goto http://www.openssh.com/

Its not that hard to install. If you want to compile the source code, read the INSTALL file included.

If you want to go the easy rpm way. go here
ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/rpm/

I just found out that we are runningredhat 7.1 which already has SSH on it .
So how will I no if it is active, I have putty program that is what I have been using.

I no these are stupid questions but have not used SSH before.

Rich

Download the SSH client at openssh.org for linux..

type:

tar -xzvf file.tar.gz
./configure --prefix=/usr/local/openssh
make
make install

and then cd to /usr/local/openssh/sbin and type ./sshd :)

mkaufman


Hello

Doesn't 7.1 have SSH already installed, how can I varify that?

Yeah, it probably does..but I always like to re-install it myself

Matt thanks for the info, I will check it out.

Rich

To find out if you have SSH installed, telnet to your server (I assume you can) and execute:

rpm -qa | grep -i ssh

You would need 3 packages: openssh, openssh-clients and openssh-server.

If you have old versions do check for upgrades since SSH had a security problem a short while ago. If you have just openssh-clients you will have to uninstall it before adding both server and clients.

To uninstall:

rpm -e openssh-clients

To install openssh and both server and clients, check what's the current version on RedHats site and issue:

rpm -U url_and_path_to_the_correct_new_package_on_RH_site

You should restart xinetd for changes to take effect, if that doesn't do the trick, you might need to restart the server.

I'd advise you to stop using telnet alltogether and don't even run it on your servers. Also configure SSH to use only protocol ver.2 and not 1 and do not allow root logins... Use admin and than su to root when you have to...

Tell us how it goes :)

Ales

It looks like it is installed already.

How do I turn off the telnet now and then can start using SSH.
Now will the clients have access to the SSH as well or do I need to config some thing else.

Iam using a client to access called Putty been using it in the telnet mode.

So what else needs to be done yet, can you give me a idea.

openssh-askpass-2.9p2-11.7
openssh-clients-2.9p2-11.7
openssh-2.9p2-11.7
openssh-askpass-gnome-2.9p2-11.7
openssh-server-2.9p2-11.7


Rich
:)

Check if you can connect with SSH first :D . You don't have to disable telnet to try, just use putty in SSH mode (actually, DON'T disable telnet before you try). It should work.

I also advise you to prevent SSH from using protocol 1 and root logins. In case you want to do that, do the following:

look in /etc/ssh/sshd_config

if there is no line beginning with protocol, add it just after the "Port":

Protocol 2

Than look further down to find:

PermitRootLogin yes

and change "yes" to "no". Save the file and restart sshd:

/etc/init.d/sshd restart

Now you won't be able to login as root but anyone trying to hack you by guessing or brute forcing would need to find out the admin and root password, not just root...

To disable telnet, edit the file /etc/xinet.d/telnet and change disable=no to disable=yes. Kill it if it's running... And like I said, first check if SSH is working like it should :cartman:

Basically, for the security of your box, don't run anything you don't need, especially telnet, portmap and such. Update all the packages as needed (look into up2date service from RedHat, it's free for one server). And get a good ipchains or iptables set of rules set up (disregard if you already know all this...).

Ales

Ales
Thanks for all this good info some I no some I didn't no.
Stupid question but, if I make Protocol 2 then I can't login either correct as root?
I may not have that right on what you are saying.


Rich

If you enable protocol 2 you can still login as root, admin or any other user you might have.

Only if you change the line PermitRootLogin, then the root login will be disabled.

I suggest you take all this one step at the time, if something is wrong, don't go to the next step:

1- set putty to use SSH mode and login to the server. You can use root or admin username and password. This verifies that SSH is running and that you can use it to login to the server

2- disable protocol 1 and root login inside the /etc/ssh/sshd_config file, using my instructions from the previous post. Logout from the server.

3- login again, using putty in SSH mode. You will have to set it to use protocol 2 and use admin username. When you login to the server, issue command:
su root

it will ask you for your root password and it will change your mode from admin to root.

4- now you verified that you can connect using SSH without problems so you can disable telnet (as I wrote in the previous post) and stop it from running (kill or stop the service running at that moment)

5- you're done... from now on, just use SSH and admin username/password to login to the server. Use 'su root' command if you need to change from admin to root.

That's it. Ask if there is anything unclear...

Ales

edited to add: protocol 2 is safer than protocol 1, that's why is safer to disable protocol 1 alltogether and just use 2. Disabling root logins is also safer, so that noone can try to guess your root password. They must now first guess the admin password and than guess root after they have loged in. Twice the work, so it's safer....

Ales

No I am going to take it one step at a time, I haven't anything yet not tell Monday.
All this info is great, and I will put it to work on Monday I have 3 servers that I need to do it to.

So like I said before thanks for ALL your help.

Have a great wekend.


Richard Junek

Also, to make sshd automatically start when system boots, type /usr/sbin/setup and check "sshd".