Solved

set up SSH for Putty acces on centos

Posted on 2010-11-10
23
1,776 Views
Last Modified: 2012-05-10
Hi,

I'm wondering how do I set up SSH so that I can login securely via PUTTY to my home server that's running Centos 5.x.

Much thanks,
Victor
0
Comment
Question by:Victor Kimura
  • 11
  • 10
  • +1
23 Comments
 
LVL 3

Expert Comment

by:bobalob
Comment Utility
Please see the following links...

http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-openssh-server-config.html

http://wiki.centos.org/HowTos/Network/SecuringSSH

You basically just need to install OpenSSH and generate some certificates. If you want to log in without requiring a password you can setup the authorized_keys file in a folder called .ssh in the users home directory. For Windows use the PuTTY agent Pageant, and on *nix you can share the public key easily enough.
0
 
LVL 14

Accepted Solution

by:
small_student earned 450 total points
Comment Utility
It comes ready for you out of the box. simply start putty and put the IP address and click open
0
 
LVL 14

Assisted Solution

by:small_student
small_student earned 450 total points
Comment Utility
If you are looking for fine tunning your configuration then there are many things you can do

1- Prevent root logins and login with a normal user then su - to become root
2- Change the port you connect to SSH
3- Disable passwrods and create key based authintication
4- Allow only certain users to have access to SSH

Let me know what you want exactly and I will guide through
0
 

Author Comment

by:Victor Kimura
Comment Utility
Hi small_student,

I'd like to set up all those options. So I don't need to install OpenSSH as bobalob suggested?

I tried to connect via my vista using PUTTY to my home server and it states network error:connection refused. I'm behind a router (Linksys WRV200).

What do I need to open in my router or is there some setting that I need to change on my centos?

Thanks, Victor

0
 
LVL 14

Assisted Solution

by:small_student
small_student earned 450 total points
Comment Utility
I think there is nothing you need to do on your router. You need to disable the firewall in Linux and also disable SELinux

from linux command line as user root issue the following command

service iptables stop
setenforce 0
chkconfig iptables off

Now make sure that the SSH service is up and running

service sshd status

It should give you running

Now after this please confirm that you could at least connect to SSH after that we would consider applying the seecurity measures we mensioned
0
 

Author Comment

by:Victor Kimura
Comment Utility
[root@seokingdomheaven vkimura]# service iptables stop
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter nat                [  OK  ]
Unloading iptables modules:                                [  OK  ]
[root@seokingdomheaven vkimura]# setenforce 0
[root@seokingdomheaven vkimura]# chkconfig iptables off
[root@seokingdomheaven vkimura]# service sshd status
openssh-daemon (pid  2808) is running...
[root@seokingdomheaven vkimura]#

I still get that same error.I'm thinking that I had to update my dns recently via dyndns. It shouldn't take long to propogate, right?
0
 
LVL 14

Assisted Solution

by:small_student
small_student earned 450 total points
Comment Utility
ok simply use the ip address in putty instead of the hostname

in putty's HostName or Ip Address Field put the ip of your server and the port should be 22

0
 

Author Comment

by:Victor Kimura
Comment Utility
I put my ip address in there.
0
 

Author Comment

by:Victor Kimura
Comment Utility
oddly enough I can't get my httpd to start. Are you sure that I shouldn't be opening something on the router?
0
 
LVL 14

Assisted Solution

by:small_student
small_student earned 450 total points
Comment Utility
Well if you are going through any sort of firewall then you should have port 22 open for SSH thats all you need to connect to SSH.
0
 
LVL 14

Assisted Solution

by:Deepak Kosaraju
Deepak Kosaraju earned 50 total points
Comment Utility
As long as u didn't add specific restrictions on your router u need not touch the setting on your router. Http is the another problem at first r u able to ssh to the machine using putty. Make sure ssh works first then we can help u on http.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:Victor Kimura
Comment Utility
No I just tried using putty from my windows vista. It's on the same lan. I assume that isn't the problem (being on the same lan - that is).
0
 
LVL 14

Assisted Solution

by:small_student
small_student earned 450 total points
Comment Utility
Your Vista and CentOS are on the same LAN
Your SSH service is up and running
IPtables is disabled on CentOS

You still cant connect.

Does your Vista have any sort of firewall, Mcafee,SYmantec, KAspersky agent, zonealarm, anti malware. anything of this type ? please disable them.

You can test with the follwoing

telnet 192.168.0.5 22

I am assuming that your CentOS ip is 192.168.0.5, post the output that you get please
0
 

Author Comment

by:Victor Kimura
Comment Utility
when I telnet 192.168.1.106 22 on my vista I get:
SSH-2.0-OpenSSH_4.3

so it looks like it's working.

0
 
LVL 14

Expert Comment

by:small_student
Comment Utility
Yup that means that it is working. Ok then when you use putty what do your get, post a screen shot of the error please
0
 

Author Comment

by:Victor Kimura
Comment Utility
0
 
LVL 14

Assisted Solution

by:small_student
small_student earned 450 total points
Comment Utility
Why does it show 24.84.77.119 on the title of the putty window, should'nt it be 192.168.1.106

put the IP 192.168.1.106 in putty and connect.

Please make sure that no software on your windows is preventing this from working.
0
 

Author Comment

by:Victor Kimura
Comment Utility
That seems to work with 192.168.1.106.

I tried logging in with my username vkimura and the password that I login to the computer but it's denying me to get in.

That other ip was obtained by searching for what's my ip on the WAN.
0
 

Author Comment

by:Victor Kimura
Comment Utility
Oh, I had to use root as the username.

But I want someone from outside my lan to putty into my machine.
0
 
LVL 14

Assisted Solution

by:small_student
small_student earned 450 total points
Comment Utility
Ok sounds good now, SSH is confirmed to be working.

Now you cannot do the follwoing

Vista --> Internet -->CentOS

Becasue both Vista and CentOS are on the same private network. That is why you cannot use the publicIP from inside your private LAN to connect to SSH.

Now for someone to connect to your CentOS your router must allow NAT to your server private address that is

publicIPOfRouter:Port22--->192.168.1.106:22

Hope  this helps
0
 

Author Comment

by:Victor Kimura
Comment Utility
Do i set that up in port forwarding or port triggering or both on my router. I get those two mixed up. I know the router has NAT. Is there a way to confirm this is working:
publicIPOfRouter:Port22--->192.168.1.106:22



0
 

Author Comment

by:Victor Kimura
Comment Utility
Can you please show me how to:
If you are looking for fine tunning your configuration then there are many things you can do

1- Prevent root logins and login with a normal user then su - to become root
2- Change the port you connect to SSH
3- Disable passwrods and create key based authintication
4- Allow only certain users to have access to SSH

Much thanks. I really appreciate your help. =)
0
 
LVL 14

Assisted Solution

by:small_student
small_student earned 450 total points
Comment Utility
All these configurations you do from the SSH configuration file

edit the file /etc/ssh/sshd_config

1- Prevent root logins and login with a normal user then su - to become root
change

PermitRootLogin yes

to

PermitRootLogin no

2- Change the port you connect to SSH

change

Port 22

to

Port 3451

Note: In this case you must access ssh using this port and allow this port through your firewall, and in putty you change port from 22 to this number

3- Disable passwrods and create key based authintication

This is a multy step procedure you will find it clear in this link

http://www.debian-administration.org/articles/530

4- Allow only certain users to have access to SSH

change

AllowUsers

to

AllowUsers username1 username2

Note: After each time you configure something in SSH you must reload the service

service sshd reload

Hope this helps
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now