March 17, 2009 at 16:50

OpenSSH Installation


        The OpenSSH package is a free implementation of a network protocol that allows you to create secure connections, remotely control the operating system, and tunnel TCP connections (for example, to transfer files). OpenSSH contains the following clients: ssh - to replace rlogin and telnet, scp - to replace rcp and sftp - to replace ftp.

        It is developed by the OpenBSD project and distributed under the BSD license.
        Before installation, you must make sure that the system contains the following:

    1. Compiler C (e.g. gcc)
    2. Zlib - data compression library
    3. Openssl


        Next, you need to get the OpenSSH sources. They can be downloaded from the official site - OpenBSD.

       Installation from the source is trivial:
        $ ./configure
        $ make
        $ make install

        From the additional script keys ./configure, I note some:

    • --with-tcp-wrappers - is used to integrate the so-called TCP wrappers with the security system;
    • --with-ssl-dir - in this option you can specify the location of the OpenSSL libraries;
    • --with-pid-dir - indicates the location of the PID file in which the sshd daemon process ID is stored;
    • --with-xauth - indicates the location of the xauth command, which is used for X authentication.


        After installation is complete, you must configure the system. To do this, create SSH keys, which are unique identifiers of the system and allow clients to safely connect to the host on which the SSH server is installed.

        To generate the keys you need to do:
           $ make host-key

        Three keys must be created - for each of the three main encryption algorithms rsa1, rsa, dsa:
            $ ssh-keygen -t rsa1 -f / etc / ssh / ssh_host_key
            $ ssh-keygen -t rsa -f / etc / ssh / ssh_host_rsa_key -N ''
            $ ssh-keygen -t dsa -f / etc / ssh / ssh_host_dsa_key -N ''
        Two files are created for each key: the public key (the file ending with .pub) and the private key. Public keys can be made publicly available to allow users to add new keys.
        This completes the basic installation and configuration. The next step is to start the OpenSSH server. Different distributions do this differently. You can use such an init script - init-ssh .

    Original blog post
    Tags:

    Also popular now: