Setting up sshd

Setting up an ssh server.

BASIC SETUP
Install the package openssh-server, which provides sshd. Then start sshd: as root, service sshd start. Insure there are no error messages.

Open port 22 for incoming ssh in your firewall. TODO: Document a distro-agnostic way of doing this.

Confirm you can ssh to yourself: (ssh user@localhost).

If you want to ssh into your box from other computers in your local network, confirm that works, too: (ssh user@hostname). You will need to have first assigned a hostname to the computer running sshd.

Set sshd to run on boot. TODO: Document a distro-agnostic way of doing this.

If all you want is to be able to ssh into your box from inside a local trusted network, you are done.

MAKING SSHD ACCESSIBLE FROM OUTSIDE THE LOCAL NETWORK
The server will need either a static IP address or dynamic DNS mapping. Confirm you can ssh into it from outside your local network (ssh user@my.example.com).

SSH’s default port 22 is a common target of online attacks, so use a nonstandard port. To encourage you, some ISPs block 22 and other common ports by default. Use an open port check tool and discuss the issue with your ISP; better providers will consider unblocking needed ports for customers who demonstrate competence. Happily, merely running Linux is a pretty good sign of competence.

Other ISPs block all ports for incoming transmissions originating beyond the ISP’s server on inexpensive service packages. This makes using sshd impossible unless you upgrade your service package. If this describes your ISP, consider switching.

PROTECTING SSHD IN UNTRUSTED NETWORKS
Insure you are following ssh best practices. In particular, on untrusted networks sshd should not use port 22. Use a nonstandard port that is not already assigned in /etc/services, configuring firewalls and routers accordingly.

REFERENCES
Webmin has an sshd module.

Advertisements

About Warren Post

So far: Customer support guy, jungle guide, IT consultant, beach bum, entrepreneur, teacher, diplomat, over-enthusiastic cyclist. Tomorrow: who knows?
This entry was posted in Uncategorized and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s