[sllug-members]: How does one properly implement OpenSSH?

[Jeff Schroeder]

Nathan asked:

> How does one properly implement OpenSSH?

OpenSSH is a very versatile tool, used for everything from remote logins 
to encrypting CVS traffic to running X remotely.  There's no particular 
way to "implement" it... it depends on why you want it.  If you don't 
know why you want SSH, then you may not need it.

> Do you need RSA keys?

In order to do password-less authentication, yes.  You'll need a public 
and private keypair.  The private key is stored on your local (desktop) 
machine; the public key is copied to the remote server.  Then you can 
login to the server over SSH using the keys to authenticate you instead 
of a password.

There are other uses for keys, such as validation, but I find 
password-less authentication to be the most useful.

> Should I change the port number on which SSH accepts connections?

Perhaps.  Many automated programs will attempt to make connections on 
the standard port (22) and hack into your server with usernames ranging 
from "root" to "webmaster" to "bob".  Moving it to another port will 
prevent many of those attacks, but of course you should already have 
strong passwords.  Moreover, changing ports is just security through 
obscurity, which is a debatable approach.

> How do I set up users?

For remote logins, the users are simply the system users on the server.  
In other words, if you have an account "george" on the server, then you 
can login as that user via SSH.

Hope that helps.

Jeff


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://sllug.org/pipermail/sllug-members/attachments/20080325/5ccd8e08/attachment.pgp