1834207 Members
2792 Online
110066 Solutions
New Discussion

ssh question

 
SOLVED
Go to solution
John McDen
Regular Advisor

ssh question

Hello Gurus,

I installed ssh 3.1p1 on ver 11.0 but how do I replace telnet with ssh?

What do I need to do ?

How do I make my users use ssh and sft instead of telnet and ftp?

Thanks in advance, and points will be assigned to every answer.

New to HP
6 REPLIES 6
Emiel van Grinsven
Valued Contributor

Re: ssh question

Hi,

A few things to note for compiling SSH on HP-UX 11.00. To ensure that the make compilation works, you have to add a parameter to ./configure as follows:

# ./configure --host=hppa2.0-hp-hpux11.00

For running sftp on Unix, also make sure that /usr/local/bin is in your PATH variable so that it knows where to search for the other required SSH binaries.

It doesn't answer all your questions but it can help.

grt, Emiel
Clemens van Everdingen
Honored Contributor

Re: ssh question

Hi,

Find some links here :

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x8464c5ea0230d411ade80090279cd0f9,00.html

Clemens
The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !
Kurt Beyers.
Honored Contributor
Solution

Re: ssh question

If you have ssh on your HP-UX box, you must make sure you have a ssh client on the workstations as well.

You can disable access bu telnet and ftp by editing /etc/inetd.conf and put the entries for telnet and ftp in comment:

ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l
telnet stream tcp nowait root /usr/lbin/telnetd telnetd

Now restart the inetdaemon:

/sbin/init.d/inetd stop
/sbin/init.d/inetd start

The users are now forced to use the ssh connection instead of telnet.

Kurt
Darrell Allen
Honored Contributor

Re: ssh question

Hi John,

First verify ssh, sftp, and scp work for you then your users. Note that the client machines will have to have an ssh package.

Once your users have ssh working, disable telnet and ftp in /etc/inetd.conf and tell inetd to re-read it's configuration with "inetd -c".

Also, if you are "replacing" telnet for security reasons, you should also replace rlogin. It too is disabled in /etc/inetd.conf.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
Dylan Fahey
Frequent Advisor

Re: ssh question

Hi,
Although some people will be able to answer your question specifically, you might try http://www.onsight.com/faq/ssh/ssh-faq.html , http://www.openssh.com/ for the FAQ and http://www.snailbook.com/ for "SSH: The Secure Shell The Definitive Guide", http://wks.uts.ohio-state.edu/sysadm_course/html/sysadm-558.html ,
http://wks.uts.ohio-state.edu/sysadm_course/html/sysadm-1.html#HEADING1-37 .
I'd rather do it with the Penguin!
Sridhar Bhaskarla
Honored Contributor

Re: ssh question

Hi John,

1. Broadcast to your users that telnet/rlogin will be disabled by keeping a message in motd or /etc/issue. Give them sufficient time.

2. Do not disable telnet at once. Instead use /var/adm/inetd.sec file to restrict telnet/login/shell and rexec to only few systems preferably to your system from where you should be able to login. This will not allow users to telnet. You can use "telnet deny all" followed by few clients.

3. Let users start using ssh and be comfortable with key management etc., If you get into any problems with ssh, you can always telnet to the box from your system.

4. Keep startup/shutdown scripts so that sshd will comeup automatically when you reboot the system.

5. Disable the abovesaid services from inetd.conf once you feel comfortable with it.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try