1 #SSH Server on DragonFly
3 This document is very detailed so that a new user can be familiar with the environment.
5 If you try to ssh to a newly installed dfly from another system you will get this error
8 $ ssh root@172.16.50.62
9 ssh: connect to host 172.16.50.62 port 22: Connection refused
12 This is because sshd is not up and running on dfly.
13 At this point if you check /etc/ssh you will only have the following files
17 blacklist.DSA-1024 blacklist.RSA-2048 ssh_config
18 blacklist.DSA-2048 blacklist.RSA-4096 sshd_config
19 blacklist.RSA-1024 moduli
22 You don't have any SSH host keys generated for the system yet!
24 When you start sshd for the first time it is best to start it through the <b>"/etc/rc.d/sshd"</b> script which will automatically generate the host keys. For this to work right you need to do the following steps
26 1) Enable sshd in rc.conf
29 #echo "sshd_enable=yes" >> /etc/rc.conf
32 2) Start the sshd server using the rc script
35 # /etc/rc.d/sshd start
36 Generating public/private rsa1 key pair.
37 Your identification has been saved in /etc/ssh/ssh_host_key.
38 Your public key has been saved in /etc/ssh/ssh_host_key.pub.
39 The key fingerprint is:
41 Generating public/private dsa key pair.
42 Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
43 Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
44 The key fingerprint is:
49 Now if you go back and look in /etc/ssh you will find the SSH host key files too.
53 blacklist.DSA-1024 moduli ssh_host_key.pub
54 blacklist.DSA-2048 ssh_config ssh_host_rsa_key
55 blacklist.RSA-1024 ssh_host_dsa_key ssh_host_rsa_key.pub
56 blacklist.RSA-2048 ssh_host_dsa_key.pub sshd_config
57 blacklist.RSA-4096 ssh_host_key
60 At this point if you try to ssh to the dfly you will get the following error
63 $ ssh sgeorge@172.16.50.62
64 The authenticity of host '172.16.50.62 (172.16.50.62)' can't be established.
65 RSA key fingerprint is 46:77:28:c2:70:86:93:1a:23:32:5f:01:2c:80:de:de.
66 Are you sure you want to continue connecting (yes/no)? yes
67 Warning: Permanently added '172.16.50.62' (RSA) to the list of known hosts.
68 Permission denied (publickey).
71 This is because of the following configuration option in the default <b>"/etc/ssh/sshd_config"</b> file.
74 # To disable tunneled clear text passwords, change to no here!
75 # We disable cleartext passwords by default
76 PasswordAuthentication no
82 PasswordAuthentication yes
85 and reload <b>sshd</b> configuration
88 # /etc/rc.d/sshd reload
89 Reloading sshd config files.
92 Nowyou can login to the dragonfly system as a normal user.
95 $ ssh sgeorge@172.16.50.62
96 sgeorge at 172.16.50.62's password:
97 Last login: Tue Oct 19 04:17:47 2010
98 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
99 The Regents of the University of California. All rights reserved.
101 DragonFly v2.7.3.1283.gfa568-DEVELOPMENT (GENERIC.MP) #3: Thu Oct 14
107 But if you try to login by SSH as root you will get the following error.
110 $ ssh root at 172.16.50.62
111 root at 172.16.50.62's password:
112 Permission denied, please try again.
115 If you investigate the log of the dragonfly system <b>"/var/log/auth.log"</b> you will find a line similar to
118 Oct 19 07:29:36 dfly-vmsrv sshd[17269]: Failed password for root from 172.16.2.0 port 56447 ssh2
121 even if you typed the right password for root.
123 It is because of the following configuration option in the default <b>/"etc/ssh/sshd_config"</b> file
126 # only allow root logins via public key pair
127 PermitRootLogin without-password
130 which allowes only SSH key based authentication as root.
138 and reload <b>sshd</b> configuration
141 # /etc/rc.d/sshd reload
142 Reloading sshd config files.
145 you can login as <b>root</b>
148 $ ssh root@172.16.50.62
149 root at 172.16.50.62's password:
150 Last login: Fri Oct 8 12:22:40 2010
151 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
152 The Regents of the University of California. All rights reserved.
154 DragonFly v2.7.3.1283.gfa568-DEVELOPMENT (GENERIC.MP) #3: Thu Oct 14
157 Welcome to DragonFly!
161 Now in the <b>"/var/log/auth.log"</b> you will find a line similar to
164 Oct 19 07:30:32 dfly-vmsrv sshd[17894]: Accepted password for root from 172.16.2.0 port 56468 ssh2
167 <h2>WARNING :</h2> <b> It is not advisable to allow Root Login with password especially if your System is connected to the Internet unless you use Very Strong Passwords. You could be a victim of [ssh password based brute force attacks](http://en.wikipedia.org/wiki/Password_cracking#Brute_force_attack). If you are victim of one such attack you can find entries like the following in your <b>"/var/log/auth.log file"</b>.
170 Oct 18 18:54:54 cross sshd[9783]: Invalid user maryse from 218.248.26.6
171 Oct 18 18:54:54 cross sshd[9781]: input_userauth_request: invalid user maryse
172 Oct 18 18:54:54 cross sshd[9783]: Failed password for invalid user maryse from 218.248.26.6 port 34847 ssh2
173 Oct 18 18:54:54 cross sshd[9781]: Received disconnect from 218.248.26.6: 11: Bye Bye
174 Oct 18 18:54:55 cross sshd[27641]: Invalid user may from 218.248.26.6
175 Oct 18 18:54:55 cross sshd[3450]: input_userauth_request: invalid user may
176 Oct 18 18:54:55 cross sshd[27641]: Failed password for invalid user may from 218.248.26.6 port 34876 ssh2
177 Oct 18 18:54:55 cross sshd[3450]: Received disconnect from 218.248.26.6: 11: Bye Bye
178 Oct 18 18:54:56 cross sshd[8423]: Invalid user admin from 218.248.26.6
179 Oct 18 18:54:56 cross sshd[3131]: input_userauth_request: invalid user admin
180 Oct 18 18:54:56 cross sshd[8423]: Failed password for invalid user admin from 218.248.26.6 port 34905 ssh2
181 Oct 18 18:54:56 cross sshd[3131]: Received disconnect from 218.248.26.6: 11: Bye Bye
182 Oct 18 18:54:57 cross sshd[7373]: Invalid user admin from 218.248.26.6
183 Oct 18 18:54:57 cross sshd[28059]: input_userauth_request: invalid user admin
184 Oct 18 18:54:57 cross sshd[7373]: Failed password for invalid user admin from 218.248.26.6 port 34930 ssh2
185 Oct 18 18:54:57 cross sshd[28059]: Received disconnect from 218.248.26.6: 11: Bye Bye
186 Oct 18 18:54:58 cross sshd[12081]: Invalid user admin from 218.248.26.6
187 Oct 18 18:54:58 cross sshd[22416]: input_userauth_request: invalid user admin
188 Oct 18 18:54:58 cross sshd[12081]: Failed password for invalid user admin from 218.248.26.6 port 34958 ssh2
189 Oct 18 18:54:58 cross sshd[22416]: Received disconnect from 218.248.26.6: 11: Bye Bye