HPE Community
Operating System - HP-UX
1836626 Members
1725 Online
110102 Solutions
New Discussion

ssh question

 
SOLVED
Go to solution
John McDen
Regular Advisor

‎04-11-2002 04:52 AM

‎04-11-2002 04:52 AM

ssh question

Hello Gurus,

I installed ssh 3.1p1 on ver 11.0 but how do I replace telnet with ssh?

What do I need to do ?

How do I make my users use ssh and sft instead of telnet and ftp?

Thanks in advance, and points will be assigned to every answer.

New to HP
0 Kudos
Reply
6 REPLIES 6
Emiel van Grinsven
Valued Contributor

‎04-11-2002 05:08 AM

‎04-11-2002 05:08 AM

Re: ssh question

Hi,

A few things to note for compiling SSH on HP-UX 11.00. To ensure that the make compilation works, you have to add a parameter to ./configure as follows:

# ./configure --host=hppa2.0-hp-hpux11.00

For running sftp on Unix, also make sure that /usr/local/bin is in your PATH variable so that it knows where to search for the other required SSH binaries.

It doesn't answer all your questions but it can help.

grt, Emiel
0 Kudos
Reply
Clemens van Everdingen
Honored Contributor

‎04-11-2002 05:09 AM

‎04-11-2002 05:09 AM

Re: ssh question

Hi,

Find some links here :

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x8464c5ea0230d411ade80090279cd0f9,00.html

Clemens
The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !
0 Kudos
Reply
Kurt Beyers.
Honored Contributor

‎04-11-2002 05:13 AM

‎04-11-2002 05:13 AM

Solution

Re: ssh question

If you have ssh on your HP-UX box, you must make sure you have a ssh client on the workstations as well.

You can disable access bu telnet and ftp by editing /etc/inetd.conf and put the entries for telnet and ftp in comment:

ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l
telnet stream tcp nowait root /usr/lbin/telnetd telnetd

Now restart the inetdaemon:

/sbin/init.d/inetd stop
/sbin/init.d/inetd start

The users are now forced to use the ssh connection instead of telnet.

Kurt
Reply
Darrell Allen
Honored Contributor

‎04-11-2002 05:31 AM

‎04-11-2002 05:31 AM

Re: ssh question

Hi John,

First verify ssh, sftp, and scp work for you then your users. Note that the client machines will have to have an ssh package.

Once your users have ssh working, disable telnet and ftp in /etc/inetd.conf and tell inetd to re-read it's configuration with "inetd -c".

Also, if you are "replacing" telnet for security reasons, you should also replace rlogin. It too is disabled in /etc/inetd.conf.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
Reply
Dylan Fahey
Frequent Advisor

‎04-11-2002 05:31 AM

‎04-11-2002 05:31 AM

Re: ssh question

Hi,
Although some people will be able to answer your question specifically, you might try http://www.onsight.com/faq/ssh/ssh-faq.html , http://www.openssh.com/ for the FAQ and http://www.snailbook.com/ for "SSH: The Secure Shell The Definitive Guide", http://wks.uts.ohio-state.edu/sysadm_course/html/sysadm-558.html ,
http://wks.uts.ohio-state.edu/sysadm_course/html/sysadm-1.html#HEADING1-37 .
I'd rather do it with the Penguin!
Reply
Sridhar Bhaskarla
Honored Contributor

‎04-11-2002 05:49 AM

‎04-11-2002 05:49 AM

Re: ssh question

Hi John,

1. Broadcast to your users that telnet/rlogin will be disabled by keeping a message in motd or /etc/issue. Give them sufficient time.

2. Do not disable telnet at once. Instead use /var/adm/inetd.sec file to restrict telnet/login/shell and rexec to only few systems preferably to your system from where you should be able to login. This will not allow users to telnet. You can use "telnet deny all" followed by few clients.

3. Let users start using ssh and be comfortable with key management etc., If you get into any problems with ssh, you can always telnet to the box from your system.

4. Keep startup/shutdown scripts so that sshd will comeup automatically when you reboot the system.

5. Disable the abovesaid services from inetd.conf once you feel comfortable with it.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.