HPE Community
Operating System - HP-UX
1833756 Members
2817 Online
110063 Solutions
New Discussion

Re: Installing SSH

 
SOLVED
Go to solution
Priss
Regular Advisor

‎06-05-2003 02:26 AM

‎06-05-2003 02:26 AM

Installing SSH

Hi,

I've been reading some posts of how to install SSH. I am new to this and I am still a bit confuse :(

I want to able to ssh into my hp-ux, also ssh out from it (server and agent). I belive I've got a choice of using HP SSH and OpenSSH (and others). Which one is easier to install since I am new to unix admin and don't want too much complications - not yet anyway :). I also need some advice on configuration. ie. IP restrction and change of default port 22.

Many thanks in advance.

Priss
Where does the extra points came from?
0 Kudos
Reply
8 REPLIES 8
Stefan Farrelly
Honored Contributor

‎06-05-2003 02:38 AM

‎06-05-2003 02:38 AM

Solution

Re: Installing SSH


1. install HP's bundled version of SSH. Its far simpler to install and you dont really need to configure anything. Install and go.

2. To restrict ip access use /var/adm/inetd.sec (see man inetd.sec) Its easy, define servies (ssh) and what to deny.

3. Changing the default port may not be easy, and it will cause problems with other people running SSH which still use the default port of 22, but you should be able to configure it in /opt/ssh/etc/sshd_config and ssh_config.
Im from Palmerston North, New Zealand, but somehow ended up in London...
Reply
Tore_1
Regular Advisor

‎06-05-2003 02:41 AM

‎06-05-2003 02:41 AM

Re: Installing SSH

works out of the box. Try installing both and choose whatever works...
0 Kudos
Reply
Bill Douglass
Esteemed Contributor

‎06-05-2003 04:05 AM

‎06-05-2003 04:05 AM

Re: Installing SSH

The HP version of ssh is much easier, as it includes the required libraries statically linked into it.

On the other hand, if you need to compile it yourself for specific options, then downloading the source from

http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/openssh-3.6.1p1/

is the way to go. However, you will need to install zlib, libiconv, tcpwrappers and openssl first.

Keep ssh on port 22. You'll have much less grief with ssh clients that way.
Reply
Priss
Regular Advisor

‎06-05-2003 10:41 AM

‎06-05-2003 10:41 AM

Re: Installing SSH

Thank you guys :)
Where does the extra points came from?
0 Kudos
Reply
Chris Vail
Honored Contributor

‎06-05-2003 10:44 AM

‎06-05-2003 10:44 AM

Re: Installing SSH

Once you get ssh installed, follow my instructions (attached) on how to configure it. Once you get it up and running, you'll never go back.



Chris
Reply
Donald A. Sime
Occasional Contributor

‎06-05-2003 11:03 AM

‎06-05-2003 11:03 AM

Re: Installing SSH


I see that you are using a key for which there is no passphrase.
Isn't that somewhat insecure?
Reply
Andrew Cowan
Honored Contributor

‎06-05-2003 10:34 PM

‎06-05-2003 10:34 PM

Re: Installing SSH

Using a key without a passphrase is always less secure, however, if you use a passphrase, you cannot issue automated/scripted commands as they will keep prompting you.

You can get over this by using the key management daemon and this will hold your key and passphrase in memory until you logout.

From a security point of view using passphrases is mixed blessing because:

1. There are no limits/restrictions on the phrase, ie you can use just and that is valid.
2. There is no way of enforcing ageing etc. as you can with passwords.

Another word of caution. Out of the box SSH does not record login/outs in the "wtmp" file, thus (b)last etc. won't show anything.
Reply
Bill Douglass
Esteemed Contributor

‎06-06-2003 04:39 AM

‎06-06-2003 04:39 AM

Re: Installing SSH

I've installed both the HP depot versio of OpenSSH and the pre-compiled version at

http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/openssh-3.6.1p1/

Both of these version use wtmp appropriately.

Now since they do not use login by default, you will not get a record of bad login attempts (as reported by lastb).
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.