RE: sshd / ssh setup
- From: "fbsd_user" <fbsd_user@xxxxxxxxxxxxxxx>
- Date: Wed, 8 Feb 2006 19:38:27 -0500
fbsd_user wrote:
Have user who is logging in to USA site from Asian public internetThere are a lot of options here, but here's how I do it. Not
cafes using his personal windows/xp notebook. Trying to setup the
USA server and his windows/xp notebook to use SSH.
Added sshd_enable="YES" to USA site server rc.conf and rebooted
system.
During boot process, followed sshd instruction and built
the root user keys. Have read the handbook but have no clue as
how to proceed. The handbook covers all the many different ssh
config options, but does not say how to really use it.
necessarily the best way, but it works for me.
Need procedures toCreate a regular login for each outside user using adduser.
1. setup users on FreeBSD target sshd server.
Make sure port 22tcp is open inbound.
Login as that user and run:
ssh-keygen -t rsa
I don't have many users so I disable ChallengeResponse
authentication
and require users to submit keys. To do that, edit
/etc/ssh/sshd_config and set:
ChallengeResponse no
I also set:
Protocol 2
2. setup users on FreeBSD remote box to ssh to sshd server.
Have them run the same ssh-keygen -t rsa
Tell them to send you ~/.ssh/id_rsa.pub
Concatenate that to the ~/.ssh/authorized_keys2 files in their home
directory on your server. Make sure the key ends up on a new line in
authorized_keys2. If there wasn't a newline at the end of the file
previously, it will end up concatenating it to the end of whatever
keys are already there. If that happens, just go in with a text
editor
and break the line.
The user should then be able to ssh into your box.
3. setup users on windows/xp remote box to ssh to sshd server.
Install Putty
http://www.chiark.greenend.org.uk/~sgtatham/putty/
Run puttygen and generate an SSH2 RSA key (select this at the bottom
of the dialog box). Tell them to save the public and private keys,
and
then to copy the contents of the Public key for pasting.. field at
the
top of the screen, paste it into a file in notepad, and email it to
you. Concatenate that to the end of their ~/.ssh/authorized_keys2
file
as you did for your freebsd users.
If they're going to be logging in often, tell them to run pageant to
cache the private key.
Then they can run putty and connect to your server.
Again, you might not want to do it this way if you don't want to
mess
around with having users send you keys, but it's a lot more secure.
Pretty soon you'll be be getting a 100 or more hits a day from
crackers trying to log into your system. They'll never get anywhere
if
you're using key based authentication.
--
Ken Stevenson
Allen-Myland Inc.
*******************************************************************
-----Original Message-----
From: owner-freebsd-questions@xxxxxxxxxxx
[mailto:owner-freebsd-questions@xxxxxxxxxxx]On Behalf Of Ken
Stevenson
Sent: Wednesday, February 08, 2006 6:02 PM
To: fbsd_user@xxxxxxxxxxxxxxx
Cc: freebsd-questions@FreeBSD. ORG
Subject: Re: sshd / ssh setup
Ken
Thanks that helps a lot.
Only thing missing is what is ssh login syntax to login from the
remote FreeBSD pc?
Can I also remotely login as root on sshd server system?
I guess the setup instructions are with the putty pgm for ssh access
from windows/xp
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: sshd / ssh setup
- From: Ken Stevenson
- Re: sshd / ssh setup
- References:
- Re: sshd / ssh setup
- From: Ken Stevenson
- Re: sshd / ssh setup
- Prev by Date: Re: Porblem with Openoffice 2.0.1
- Next by Date: Re: sshd / ssh setup
- Previous by thread: Re: sshd / ssh setup
- Next by thread: Re: sshd / ssh setup
- Index(es):
Relevant Pages
|
