Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

Admin Guide ( Unix System Administration ) Configuring SSH by ozb45831

VIEWS: 19 PAGES: 4

									Admin Guide ( Unix System Administration)

Configuring SSH Server
As CP+ admin, you can configure SSH Server.
To set up SSH Server, log in as admin and select SSH Server in the System Monitor
section of the left-side menu. You will have the following options to choose from:




    •   Authentication to set up SSH server authentication;
    •   Networking to set networking options: what addresses to hear, protocols to accept;
    •   Access Control to set network and login access control options;
    •   Miscellaneous Options to set other SSH server options;
    •   Client Host Options to add options for SSH client host
    •   User SSH Key Setup to configure the automatic setup of SSH for new Unix users
        created on your system.
This module allows to configure various options for the SSH server installed on the
system, as well as option used when an SSH client makes a connection from your
machine to another server. After making any server option changes, make sure to click the
Apply Changes button at the bottom of the page for the changes to take effect.


Authentication
This page is for configuring authentication-related options for your SSH server.
To set up authentication options, click the Authentication icon on the SSH Server page.
Fill the form that shows by choosing necessary options:




Some of the displayed options are :
    •   Allow authentication by password: with this option set to 'Yes', the user will be
        allowed to enter a password for authentication.
    •   Allow RSA authentication?: SSH can be setup to use RSA keys for authentication
        instead of the normal username and password used by telnet. If this is set to 'No',
        users will always need to enter their password. If this is set to 'Yes', users can log
        into a remote server without having to enter a password each time.
    •   Check permissions on key files?: If set to 'Yes', the SSH server will check each
        user's .ssh directory and any parent directories to make sure they are not group
        writable, and the .ssh/identity file to make sure it is not readable by anyone
        else. If set to No, no checking of file permissions will be done.
Click Save to preserve changes.
Networking
This page allows configuring networking options for the SSH server.
To set up networking options, click the Networking icon on the SSH Server page. On the
page that shows:




Some of the displayed options are:
    •   Disconnect if client has crashed?: If set to Yes, the SSH server will periodically
        check to see if the client is still alive. If not (because of a network error or client
        machine crash) it will be disconnected.
    •   Allow TCP forwarding?: If this option is set, users can tunnel TCP connections
        from client machines to machines on the server's network, and also allow
        connections back from the server to machines on the client network.
Choose other necessary options: addresses and ports to listen on, allowed protocols and
etc. Click Save.


Access Control
To configure it, click the Access Control icon on the SSH Server page. On the page that
shows:




Fill the form that shows by choosing necessary options: addresses and ports to listen on,
allowed protocols and etc. Click Save.


Miscellaneous Options
This page contains options that don't fit into any of the other categories. This option allows
to configure different options it. Click the Miscellaneous Options icon on the SSH Server
page and fill the page that shows:




Some of the displayed options are:
    •   Allow X11 connection forwarding?: with this option set to 'Yes', users making an
        SSH login from a Unix machine will be able to run X applications on the server and
        have the X connection tunnelled back through the SSH connection to their local
         display.
    •    System log facility: choose the syslog facility that is used to log error and
         information messages from the SSH server.
    •    Server key regeneration interval: set how often the SSH server re-generated the
         key used for encrypting connections. If you are cautious about security, set this to a
         lower number.
If necessary, set other options and click Save.


Client Host Options
This page displays hosts and host patterns for which SSH client options have been
defined. By default, defined are the options that apply to all client hosts. If necessary, you
can create additional sets of options in order to control how users login to other specific
servers.
To configure client options for SSH host:
    1. Click the Client Host Options icon on the SSH Server page.
    2. On the page that shows click Add options for client host, it will open the following
       page:




         Some of the displayed options are:
             •   Login as user: if no username is given on the ssh command line, the name
                 of the current user is used to login to the remote SSH server. However, this
                 option can be used to specify a different default username for a particular
                 host or hosts.
    3.   Escape character: when making an interactive SSH login, the escape character
         can be used to break out of the connection and close or suspend it.
    4.   Compress SSH traffic?: With this option enabled, the SSH client will compress all
         data sent to this host with the gzip algorithm. This can be useful if you are copying
         large files with scp over a slow link.
    5.   Local ports to forward to server: here you can enter local port numbers which will
         be forwarded to some host and port by the SSH server. This can be useful if you
         access to some machine on some network via SSH login, and you want to access
         other services like web or POP servers.
    6.   Server ports to forward to local: in this table you can enter port numbers on the
       server which will be forwarded to some host and port on the client machine's
       network.
    7. Set other options, if necessary, and click Save.
To remove this option, click the Delete button.


User SSH Key Setup
This page allows to configure the automatic setup of SSH for new Unix users created on
your system. If configured, new users will not have to run ssh-keygen before using SSH.
To configure it, click the user SSH Key Setup icon on the SSH Server page and choose
necessary options on the page that shows:
    1. Check Setup SSH key for new Unix users and select either of the below options:
           • Copy new identify.pub to authorized_keys.
    2. Use password as key passphrase.
    3. Click Save.

								
To top