Solved

Installing and configuring SSH on Linux

Posted on 2000-02-29
10
295 Views
Last Modified: 2010-03-18
Does anybody know how to install and configure SSH and be able to enable it through the firewall(Linux running ipchains)?

0
Comment
Question by:samcumar
  • 4
  • 2
  • 2
  • +2
10 Comments
 
LVL 3

Expert Comment

by:monas
ID: 2572813
Sure, somebody knows. But you should explain what exactly you want to do. And at what point you have stopped.

Questions for you for start:
1) do you want to install ssh on firewall machine or on one behind it;
2) where do you need to connect using ssh (select all that apply):
  a) to firewall from inside;
  b) to firewall from outside;
  c) to internal from outside;
  d) from inside mashine to outside server;
  e) from firewall to outside server;
  f) from firewall to inside server.
3) what version of Linux you are running;
4) are you ready to use ./configure;make;make install or you want to get everything precompiled?
0
 
LVL 3

Expert Comment

by:jyu_88
ID: 2573579
I guess, as long as you do ACCEPT TCP port 22, the default port for SSH.
0
 

Author Comment

by:samcumar
ID: 2574634
Monas,
These are the Answers to your question:-

1) I want to install ssh on my firewall and also on my webserver

2) The options that I choose are (b), (c) & (f)

3) (i) The firewall is running RedHat 5.2 but I upgraded the kernel to 2.2.12.
(ii) The webserver is running redhat 5.2 kernel ver 2.0.36 but I will be upgrading it to redhat 6.2 very soon.

(4) This is where I'm confused at the moment and I couldn't understand fully the README file for SSH.
What do I need to do here?

Thanks in advance for your help.
0
 
LVL 1

Expert Comment

by:hansendc
ID: 2575476
Are you just asking how to ssh to a machine behind the firewall?
0
 
LVL 3

Accepted Solution

by:
monas earned 100 total points
ID: 2575488
OK, question #5 is what version of ssh you trying to install.

Assuming  you installing 1.2.27 - then installation instructions are not in file README, but in file INSTALL. At the very begining of the file are three lines:

../configure
make
make install

these are the commands you need to invoke (all of them will require some time to complete and produce lot of output). Yes - there are lots of options for configure, but default set produces secure and reasonable configuration. Go with default. And if you will want to change something - you will be able rerun from the very begining.

When make install will complete - you will have software installed. To check that, you need to start ssh daemon (sshd), and then invoke "ssh localhost". [If] you succeed - you will arange sshd to start on every reboot of computer authomagically.

Do all this on internal server. When you are done with local installation you will be ready for enabling option (f). Assuming you have working configuration for your web connections from outside on your firewall check out /etc/ipchains.rules. There should be lines with 80:80 in them - double those and substitute 80:80 with 22:22 - as jyu_88 said - ssh works on port 22, and this way you will allow connections to it. Then run "/usr/bin/ipchains-restore < /etc/ipchains.rules"

When you'll find this working - add rules on firewall to
b) accept connections from everythere to port 22 on firewall;
d) if you don't do masquerading from internal network for all protocols - you should add rule to masquerade 22 port from your internal server to outside

Good Look!
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:samcumar
ID: 2578587
Thanks Monas,

The version of ssh I downloaded is 2.0.13. So I have to look at the README file then.

I shall try out on this Saturday. I will let you know if it works or not.

Thanks for your help.
0
 
LVL 3

Expert Comment

by:jyu_88
ID: 2578721
SSH2 with protocol 2.0 version above has license problem if you donot limit it to personal/home use. For free one, you have to stick to SSH1 with protocol version 1.50 and package version 1.2.27 (then you need to compile with RSAref instead of RSA, also you need to patch RSAref and ssh according to CERT warning)
0
 

Author Comment

by:samcumar
ID: 2578854
jyu_88
Thanks for the update.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2583260
You might also take a look at the new Universal SSH (http://www.ssh.com/). I know that it is/will be free for educational institutes and the current beta if free for all use.
0
 

Author Comment

by:samcumar
ID: 2610549
Thanks for the answer Monas, it worked. Though I struggled it finally worked.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now