Ok, I want to install SSH.

But which package should I use?

And what need I configure with my telnet client?

Is there anyway to only enable SSH access to a few clients?

I too am thinking of installing SSH!

Q: what are the benefits over Telnet?

Q: at the cobalt site there are two pkg files to install, one called server and one is a client. Which one do I need to install?
Any problems with these packages?

I am on a raq4i and have mysql, webalizer and php4.04 installed!

Thanks

Originally posted by Surfer
I too am thinking of installing SSH!

Q: what are the benefits over Telnet?

Q: at the cobalt site there are two pkg files to install, one called server and one is a client. Which one do I need to install?
Any problems with these packages?

I am on a raq4i and have mysql, webalizer and php4.04 installed!

Thanks


The benefits of SSH over telnet are numerous, but the biggest and most important is that you are no longer sending your password across the wire in clear text.

If you want your RaQ to be the destination of ssh sessions, then you only need to install the server ssh. If you want your RaQ to be able to ssh into other servers, then you need the client side ssh.

As a minimum, I would recommend you install the server side ssh, and get yourself a ssh client for whatever box you are currently using for the telnet client (I presume a PC?). If it is a PC you are running, and that PC happens to be running windoze, then you can use the Putty ssh client to access the ssh server on your RaQ.

Go here http://www.chiark.greenend.org.uk/~sgtatham/putty/ for putty. Go here http://www.openssh.org/ for ssh info.

I just finished installing the latest version of ssh server on my new RaQ3, and it even works. If you would find it helpful, I'll post the steps that I took. But for starters, the server ssh package and putty should get you going.

Thanks for your reply Mike!

Is the cobalt package an OK version to install?
I think it's 2.1...

Thanks

Mike,

Is Putty any good? I saw the site for it a while ago but was a little off put by the look of it. I ended up getting SecureCRT instead. While looking around for a SSH client I was a little suprised by the lack of opensource or freeware available, though regular telnet software is growing like weeds.

Greg Moore

I have installed the server part and disabled the telnet server! It all seems to work fine!

Q: how can I tell that I have secure connection in my SSH client? I am using MacSSH.

Thanks

Hehe... Surfer, looks like you are taking over my place as a thread starter :p

Now I have a few new questions.

How can I disable telnet?

How can I give SSH access to certain users only?

How can I prevent users from running eggdrops etc which need server processes to run? I heard that I just need to disable the crontab and something else and that should do it. Is it true?

Originally posted by akashik
Is Putty any good? I saw the site for it a while ago but was a little off put by the look of it. I ended up getting SecureCRT instead. While looking around for a SSH client I was a little suprised by the lack of opensource or freeware available, though regular telnet software is growing like weeds.


Putty is free, and it works OK. It is enough to get you going in ssh. Personally, after looking at and using putty, I purchased an ssh client from http://www.ssh.com/ That is a nice package that also includes sftp (secureFTP). However, to get sftp to work on my RaQ, I had to download and install the latest version of ssh that I downloaded from http://www.openssh.org.

Originally posted by akashik

Is Putty any good? I saw the site for it a while ago but was a little off put by the look of it. I ended up getting SecureCRT instead. While looking around for a SSH client I was a little suprised by the lack of opensource or freeware available, though regular telnet software is growing like weeds.


There are a fair number of opensource and/or free ssh clients out there. I've only tried the following, but there's also LSH, etc...

PuTTY is gooood, and free. So is Teraterm + SSH extensions (only for SSH protocol 1 only), and Mindterm (get it now before the new license conditions take effect).

Can you guys answer my questions ? I felt totally neglected here...

Hello ~~~~?!!@!#!@$

Originally posted by Donovan
How can I disable telnet?

Don't enable it (are you looking for something more than this?)

Originally posted by Donovan
Now I have a few new questions.

How can I disable telnet?

How can I give SSH access to certain users only?

How can I prevent users from running eggdrops etc which need server processes to run? I heard that I just need to disable the crontab and something else and that should do it. Is it true?

I can only answer one: to disable telnet, go to the Server management, Control Panel. Uncheck the telnet box. Click on Save changes.

That will disable telnet for all your sites.

Visit http://www.core-sdi.com and http://www.cert.org for valuable information regarding SSH (and other) vulnerabilities. Check there before you install an SSH package to make sure you've got the safest, most up-to-date one.

Disabling cron will keep your users from running anything in the background on your server. Cron is a scheduling daemon that runs specified processes at specified intervals.

Andy

Originally posted by AndyB
Visit http://www.core-sdi.com and http://www.cert.org for valuable information regarding SSH (and other) vulnerabilities. Check there before you install an SSH package to make sure you've got the safest, most up-to-date one.

Disabling cron will keep your users from running anything in the background on your server. Cron is a scheduling daemon that runs specified processes at specified intervals.

Andy


SSH2 is OK, SSH1 has a vulnerability. The cobalt package is SSH2.

Disabling cron may not be success oriented. Various system processes use it.

I assumed that you can deny crontab access to users. Disabling cron for the whole server would definitely be bad. :agree:

Is there anyway to disable SSH for users ?

Or I will need to enable SSH for users who want it? Is it disabled for users by default? Or it's open for every user?

Since you asked this question a rather long time ago-i'm sure you allready know the answer. But, for others:
Yes, you can disable and enable SSH for specific user usage.
Once you install the SSH package (from pkg.nl.cobalt.com), you disable "Telnet access" in the global admin control panel. Then, when you setup individual sites using "add virtual site", check "shell access" for each site you want to give SSH access to.
Or, if the site is allready setup, you can change this setting in the sites control panel at yourdomain.com/siteadmin.

Hope this helps,

David Kiley

Is there a way to disable use of telnet while still allowing use of SSH? This is what I really need...
thanks!

Yes, 1st install the SSH package located on the cobalt package site (http://pkg.nl.cobalt.com/). Then, disable the telnet server option under your server wide control panel. Then, on each individual site that you want SSH access, enable telnet/shell access on that individual sites control panel site settings (yourdomain.com/siteadmin). This will disable telnet on the server, but allow SSH. You have to enable the individual shell option for each site you want to allow SSH on.

The openSSH Server cobalt package I installed was configured to fallback to SSH version 1 if a version 2 connections cannot be made. Unfortunately, there is a vulnerability.

see my previous post:
http://webhostingtalk.com/showthread.php?s=&threadid=24355

easy fix:
login. su to root.
pico -w /etc/ssh/sshd_config

at the top of the file, change:
Protocol 2,1
to:
Protocol 2

type:
/etc/rc.d/init.d/sshd restart

I only mention this again because I see port 22 was scanned 10 times on my box last week!
(search the forums for postings regarding snort)