Victor Kimura
asked on
set up SSH for Putty acces on centos
Hi,
I'm wondering how do I set up SSH so that I can login securely via PUTTY to my home server that's running Centos 5.x.
Much thanks,
Victor
I'm wondering how do I set up SSH so that I can login securely via PUTTY to my home server that's running Centos 5.x.
Much thanks,
Victor
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Hi small_student,
I'd like to set up all those options. So I don't need to install OpenSSH as bobalob suggested?
I tried to connect via my vista using PUTTY to my home server and it states network error:connection refused. I'm behind a router (Linksys WRV200).
What do I need to open in my router or is there some setting that I need to change on my centos?
Thanks, Victor
I'd like to set up all those options. So I don't need to install OpenSSH as bobalob suggested?
I tried to connect via my vista using PUTTY to my home server and it states network error:connection refused. I'm behind a router (Linksys WRV200).
What do I need to open in my router or is there some setting that I need to change on my centos?
Thanks, Victor
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
[root@seokingdomheaven vkimura]# service iptables stop
Flushing firewall rules: Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â [ Â OK Â ]
Setting chains to policy ACCEPT: filter nat         [  OK  ]
Unloading iptables modules: Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â [ Â OK Â ]
[root@seokingdomheaven vkimura]# setenforce 0
[root@seokingdomheaven vkimura]# chkconfig iptables off
[root@seokingdomheaven vkimura]# service sshd status
openssh-daemon (pid  2808) is running...
[root@seokingdomheaven vkimura]#
I still get that same error.I'm thinking that I had to update my dns recently via dyndns. It shouldn't take long to propogate, right?
Flushing firewall rules: Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â [ Â OK Â ]
Setting chains to policy ACCEPT: filter nat         [  OK  ]
Unloading iptables modules: Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â [ Â OK Â ]
[root@seokingdomheaven vkimura]# setenforce 0
[root@seokingdomheaven vkimura]# chkconfig iptables off
[root@seokingdomheaven vkimura]# service sshd status
openssh-daemon (pid  2808) is running...
[root@seokingdomheaven vkimura]#
I still get that same error.I'm thinking that I had to update my dns recently via dyndns. It shouldn't take long to propogate, right?
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
I put my ip address in there.
ASKER
oddly enough I can't get my httpd to start. Are you sure that I shouldn't be opening something on the router?
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
No I just tried using putty from my windows vista. It's on the same lan. I assume that isn't the problem (being on the same lan - that is).
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
when I telnet 192.168.1.106 22 on my vista I get:
SSH-2.0-OpenSSH_4.3
so it looks like it's working.
SSH-2.0-OpenSSH_4.3
so it looks like it's working.
Yup that means that it is working. Ok then when you use putty what do your get, post a screen shot of the error please
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
That seems to work with 192.168.1.106.
I tried logging in with my username vkimura and the password that I login to the computer but it's denying me to get in.
That other ip was obtained by searching for what's my ip on the WAN.
I tried logging in with my username vkimura and the password that I login to the computer but it's denying me to get in.
That other ip was obtained by searching for what's my ip on the WAN.
ASKER
Oh, I had to use root as the username.
But I want someone from outside my lan to putty into my machine.
But I want someone from outside my lan to putty into my machine.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Do i set that up in port forwarding or port triggering or both on my router. I get those two mixed up. I know the router has NAT. Is there a way to confirm this is working:
publicIPOfRouter:Port22--- >192.168.1 .106:22
publicIPOfRouter:Port22---
ASKER
Can you please show me how to:
If you are looking for fine tunning your configuration then there are many things you can do
1- Prevent root logins and login with a normal user then su - to become root
2- Change the port you connect to SSH
3- Disable passwrods and create key based authintication
4- Allow only certain users to have access to SSH
Much thanks. I really appreciate your help. =)
If you are looking for fine tunning your configuration then there are many things you can do
1- Prevent root logins and login with a normal user then su - to become root
2- Change the port you connect to SSH
3- Disable passwrods and create key based authintication
4- Allow only certain users to have access to SSH
Much thanks. I really appreciate your help. =)
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-openssh-server-config.html
http://wiki.centos.org/HowTos/Network/SecuringSSH
You basically just need to install OpenSSH and generate some certificates. If you want to log in without requiring a password you can setup the authorized_keys file in a folder called .ssh in the users home directory. For Windows use the PuTTY agent Pageant, and on *nix you can share the public key easily enough.