[XenoCafe Logo] Click for Homepage
Home Tutorials Forum Blog Advertising Links Contact About

 



Secure Communications with SSH on RedHat Linux

Written by Tony Bhimani
July 22, 2004

Requirements
RedHat Linux 9
OpenSSH 3.5p1
PuTTY: A Free Telnet/SSH Client - which is available for download at http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
(or any other SSH client of your choice)

This tutorial covers installing and configuring OpenSSH to provide secure encrypted communications between two untrusted hosts over an insecure network. I'll be using RedHat 9 and OpenSSH 3.5p1 for the tutorial. To keep things simple, I'll only cover installing OpenSSH using RPM's. In the future I may provide instructions on compiling OpenSSH from source. Let's get started!

First thing we need to do is determine whether OpenSSH is already installed. Let's check with the RPM Package Manager. Issue this command.

rpm -qa | grep -i openssh

If OpenSSH is installed you should see something similar to this.

If you don't have OpenSSH installed, then we will download it and install it. We'll be getting our packages from this location using wget.
ftp://mirror.mcs.anl.gov/pub/redhat/redhat/linux/updates/9/en/os/i386/

Make sure you are root and switch to your home directory. Create a directory called openssh and move into it.

su -
[enter root password]
cd ~
mkdir openssh
cd openssh

Now issue these commands to download the OpenSSH RPM packages.

wget ftp://mirror.mcs.anl.gov/pub/redhat/redhat/linux/updates/9/en/os/i386/openssh-3.5p1-11.i386.rpm
wget ftp://mirror.mcs.anl.gov/pub/redhat/redhat/linux/updates/9/en/os/i386/openssh-clients-3.5p1-11.i386.rpm
wget ftp://mirror.mcs.anl.gov/pub/redhat/redhat/linux/updates/9/en/os/i386/openssh-server-3.5p1-11.i386.rpm

I should note you need to have OpenSSL installed to be able to use OpenSSH. Now unless you installed your OS with the bare minimums, OpenSSL should be installed by default since there are a lot of applications that use it. If it is not installed, download all the OpenSSL packages from the same ftp site and install those first.

You should have all three packages downloaded in the openssh directory. Verify this by doing a directory list (ls).

Now we will install OpenSSH. Issue this command.

rpm -ivh openssh*.rpm

You should see the RPM Package Manager install OpenSSH.

OpenSSH is now installed. Before we set up our SSH Daemon there are a couple things we need to change in the config file. We only want to use Protocol 2 and disable logins under root. This adds an extra bit of security to our server.

To edit the config file, switch over to /etc/ssh and open sshd_config in vi.

cd /etc/ssh
vi sshd_config

Put vi in insert mode by pressing the i key. Scroll down to where it says Protocol and go to the line below it. Add a blank line and type this.

Protocol 2

Your screen should look similar to this.

Then scroll down to where it says PermitRootLogin, add a blank line below it and type this.

PermitRootLogin no

Your screen should look similar to this.

Finally save the changes you made. Press ESC to exit insert mode, type :wq and press enter. Next we will start the SSH Daemon. Type this command.

/etc/init.d/sshd start

Your SSH service should start up.

So far so good. Our SSH service is up and running. I should mention that if you have a firewall running, you should open port 22 so you can connect to your server from a remote computer. Now we will attempt to establish a connection to our server.

To connect to our SSH server we will need to use a SSH client. In case you don't have a SSH client, I provided a link at the top of the page to a free one called PuTTY. Download it and save it to your desktop.

Then run it. You are greeted with a configuration window. In the Host Name/IP Address field, type in the IP address of your SSH server.

Click Open. PuTTY should now try to connect to your SSH server. You should get a screen similar to the following.

Click Yes. Log in to your system like normal. If all goes well you should have the prompt.

You have just made a secure SSH connection to your server.

This concludes the tutorial.



How would you rate the usefulness of this content?

Poor 1
2
3
4
5
6
7
8
9
Outstanding

Optional: Tell us why you rated the content this way.
Characters remaining: 1024
Average rating: 7.22 out of 9.

1 2 3 4 5 6 7 8 9
46 people have rated this content.
This page has been viewed 37,102 times
Copyright © 2004-2014 XenoCafe. All Rights Reserved. XenoCafe is Powered by Linux. Free your mind and your wallet. Switch to Linux.