The OpenSSH package is a free implementation of a network protocol that allows you to create secure connections, remotely control the operating system, and tunnel TCP connections (for example, to transfer files). OpenSSH contains the following clients: ssh for replacing rlogin and telnet, scp for replacing rcp and sftp for replacing ftp.
Developed by the OpenBSD project and distributed under the BSD license.
Before installation, you must make sure that the system is installed:
- C compiler (for example, gcc)
- Zlib - data compression library
- Openssl
Next, you need to get the OpenSSH sources. They can be downloaded from the official site -
OpenBSD')
Installing from source is trivial:
$ ./configure
$ make
$ make install
From the additional keys of the script ./configure I will note some:
- --with-tcp-wrappers - serves for integration with the security system of the so-called TCP wrappers;
- --with-ssl-dir - in this option, you can specify the location of the OpenSSL libraries;
- --with-pid-dir - specifies the location of the PID of the file where the process ID of the sshd daemon is stored;
- --with-xauth indicates the location of the xauth command that is used for X authentication.
After installation is complete, you need to configure the system. To do this, you need to create SSH keys that are unique system identifiers and allow clients to securely connect to the host on which the SSH server is installed.
To generate keys you need to do:
$ make host-key
It is necessary to create three keys - for each of the three main encryption algorithms rsa1, rsa, dsa:
$ ssh-keygen -t rsa1 -f / etc / ssh / ssh_host_key
$ ssh-keygen -t rsa -f / etc / ssh / ssh_host_rsa_key -N ''
$ ssh-keygen -t dsa -f / etc / ssh / ssh_host_dsa_key -N ''
Two files are created for each key: a public key (a file with the ending .pub) and a hidden key. Public keys can be placed in public access to allow users to add new keys.
This completes the basic installation and configuration. The next step is to start the OpenSSH server. In different distributions this action is performed differently. You can use this init script,
init-ssh .
Original
blog post