topic Re: Installing SSH in Operating System - HP-UX

Installing SSH

Priss — Thu, 05 Jun 2003 09:26:59 GMT

Hi,

I've been reading some posts of how to install SSH. I am new to this and I am still a bit confuse :(

I want to able to ssh into my hp-ux, also ssh out from it (server and agent). I belive I've got a choice of using HP SSH and OpenSSH (and others). Which one is easier to install since I am new to unix admin and don't want too much complications - not yet anyway :). I also need some advice on configuration. ie. IP restrction and change of default port 22.

Many thanks in advance.

Priss

Re: Installing SSH

Stefan Farrelly — Thu, 05 Jun 2003 09:38:55 GMT

1. install HP's bundled version of SSH. Its far simpler to install and you dont really need to configure anything. Install and go.

2. To restrict ip access use /var/adm/inetd.sec (see man inetd.sec) Its easy, define servies (ssh) and what to deny.

3. Changing the default port may not be easy, and it will cause problems with other people running SSH which still use the default port of 22, but you should be able to configure it in /opt/ssh/etc/sshd_config and ssh_config.

Re: Installing SSH

Tore_1 — Thu, 05 Jun 2003 09:41:58 GMT

works out of the box. Try installing both and choose whatever works...

Re: Installing SSH

Bill Douglass — Thu, 05 Jun 2003 11:05:20 GMT

The HP version of ssh is much easier, as it includes the required libraries statically linked into it.

On the other hand, if you need to compile it yourself for specific options, then downloading the source from

http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/openssh-3.6.1p1/

is the way to go. However, you will need to install zlib, libiconv, tcpwrappers and openssl first.

Keep ssh on port 22. You'll have much less grief with ssh clients that way.

Re: Installing SSH

Priss — Thu, 05 Jun 2003 17:41:35 GMT

Thank you guys :)

Re: Installing SSH

Chris Vail — Thu, 05 Jun 2003 17:44:15 GMT

Once you get ssh installed, follow my instructions (attached) on how to configure it. Once you get it up and running, you'll never go back.

Chris

Re: Installing SSH

Donald A. Sime — Thu, 05 Jun 2003 18:03:40 GMT

I see that you are using a key for which there is no passphrase.
Isn't that somewhat insecure?

Re: Installing SSH

Andrew Cowan — Fri, 06 Jun 2003 05:34:53 GMT

Using a key without a passphrase is always less secure, however, if you use a passphrase, you cannot issue automated/scripted commands as they will keep prompting you.

You can get over this by using the key management daemon and this will hold your key and passphrase in memory until you logout.

From a security point of view using passphrases is mixed blessing because:

1. There are no limits/restrictions on the phrase, ie you can use just and that is valid.
2. There is no way of enforcing ageing etc. as you can with passwords.

Another word of caution. Out of the box SSH does not record login/outs in the "wtmp" file, thus (b)last etc. won't show anything.

Re: Installing SSH

Bill Douglass — Fri, 06 Jun 2003 11:39:45 GMT

I've installed both the HP depot versio of OpenSSH and the pre-compiled version at

http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/openssh-3.6.1p1/

Both of these version use wtmp appropriately.

Now since they do not use login by default, you will not get a record of bad login attempts (as reported by lastb).