male ssh.HOWTO
home na webe http://www.cs.hut.fi/ssh respektivne ftp
1. Instalacia
moja verzia 1.2.26
skopnut overit signatury a kompile
./configure --with-etcdir=/etc/ssh
make
make install
treba vyrobit rc skript prikladam
rozhodol som sa vykaslat na Linux-PAM - treba patchovat moze to vsak byt
nutne v pripade shadow passwords
#!/bin/sh
#
# chkconfig: 345 55 45
# description: sshd (secure shell daemon) is a server part of the ssh suite.
# Ssh can be used for remote login, remote file copying, TCP port
# forwarding etc. Ssh offers strong encryption and authentication.
#
# Source function library.
. /etc/rc.d/init.d/functions
# See how we were called.
case "$1" in
start)
echo -n "Starting sshd: "
if test -r /var/run/sshd.pid && kill -0 `cat /var/run/sshd.pid`
then echo "already running according to /var/run/sshd.pid. Not started."
else /usr/local/sbin/sshd
echo sshd
fi
touch /var/lock/subsys/sshd
;;
stop)
echo -n "Stopping sshd: "
[ -f /var/run/sshd.pid ] || exit 0
kill -TERM `cat /var/run/sshd.pid`
rm -f /var/run/sshd.pid
rm -f /var/lock/subsys/sshd
echo "sshd"
;;
restart)
$0 stop
$0 start
;;
status)
status sshd
;;
*)
echo "Usage: $0 {start|stop|restart|status}"
exit 1
esac
exit 0
potom pridat prikazom chkconfig --add sshd
# chkconfig: 345 55 45 - hovori v runleveloch 345 START as 55 KILL as 45 pozri man chkconfig
2. Fine Tunnig
to come
if compiled with use TCP_Wrappers
e.g of hosts.allow
ALL: LOCAL 10.22.5.119 10.22.5.120
sshd: 10.9. 10.22.
#public keys
ssh-keygen -t dsa #to generate a key
client:
-rw------- 1 jakub jakub 61 2005-12-16 20:14 config
-rw------- 1 jakub jakub 744 2006-10-13 15:12 id_dsa
-rw------- 1 jakub jakub 604 2006-10-13 14:22 id_dsa.pub
-rw------- 1 jakub jakub 13 2006-10-13 14:29 identification
-rw------- 1 jakub jakub 5638 2006-07-27 11:24 known_hosts
content of the identification file as follows
IdKey id_dsa
server:
-rw------- 1 jakub www-data 604 2006-10-13 16:12 authorized_keys
-rw------- 1 jakub www-data 604 2006-10-13 16:07 id_dsa.pub
-rw------- 1 jakub www-data 686 2006-02-24 16:42 known_hosts
#for remote servers you can disable passwords altogether by using ! insterad of password