Results 1 to 7 of 7

Thread: sshd newb here

  1. #1
    Senior Member br_fusion's Avatar
    Join Date
    Apr 2002
    Posts
    167

    sshd newb here

    My goal is to X11 forward over ssh. However I can't even get sshd to work.

    One thing I noticed that ssh wasn't listed in /inetd.conf which I thought was odd. But i read that it is better to be run as a daemon.

    Well when I run "sshd" it can't find any host keys. So i run ssh-keygen and create a RSA1, which is placed in /root/.ssh/identify.pub. I then run "ssh-add ./identify.pub". SUCCESS. Then "ssh-agent". SUCCESS. Ok here goes nothing

    "sshd -h identify.pub"
    Could not load host key
    And it disables protocol ver1 and ver2.
    no hostkeys available.

    I might be doing all this completely wrong. I need some insight because the man pages arent cutting it.

    thanks

  2. #2
    Senior Member
    Join Date
    Jul 2002
    Posts
    339
    Hi there,

    Help Us Help You when you have a Problem

    - What is your OS (RH Linux, OpenBSD, etc) ?
    - What is your OS version (8.0, 9.0, etc) ?
    - What is your ssh (open-ssh, etc) ?
    - What is your ssh version (2.3, 3.5, etc) ?
    - How do you install it (binary package, make from source, etc) ?

    Well I guess that's enough for starter...

    Peace always,
    <jdenny>
    Always listen to experts. They\'ll tell you what can\'t be done and why. Then go and do it. -- Robert Heinlein
    I\'m basically a very lazy person who likes to get credit for things other people actually do. -- Linus Torvalds


  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    The major distros ship (yes, all of them. Even Slackware) with a script which will automatically create host keys when you start sshd for the first time.

    Therefore, I have no experience of doing so manually.

    Is there a reason why this script doesn't work for you?

    Slarty

  4. #4
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,021

    Re: sshd newb here

    Originally posted here by br_fusion
    My goal is to X11 forward over ssh.
    I can't help with getting SSHD working, but more info about the distro might help

    Try man sshd to see where the conf files live and check in the conf file the paths for the keys.

    Most distros forward X11 by default but otherwise in the ~/.ssh/config file add the line:

    ForwardX11 yes
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  5. #5
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    I am assuming you are using openssh, so I took a quick look at the Makefile:

    Code:
    host-key: ssh-keygen$(EXEEXT)
            @if [ -z "$(DESTDIR)" ] ; then \
                    if [ -f "$(DESTDIR)$(sysconfdir)/ssh_host_key" ] ; then \
                            echo "$(DESTDIR)$(sysconfdir)/ssh_host_key already exists, skipping." ; \
                    else \
                            ./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N "" ; \
                    fi ; \
                    if [ -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key ] ; then \
                            echo "$(DESTDIR)$(sysconfdir)/ssh_host_dsa_key already exists, skipping." ; \
                    else \
                            ./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N "" ; \
                    fi ; \
                    if [ -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key ] ; then \
                            echo "$(DESTDIR)$(sysconfdir)/ssh_host_rsa_key already exists, skipping." ; \
                    else \
                            ./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N "" ; \
                    fi ; \
            fi ;
    host-key-force: ssh-keygen$(EXEEXT)
            ./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N ""
            ./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N ""
            ./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N ""
    So...find where openssh is installed (DESTDIR) find your conf directory (probably $DESTDIR/etc).
    (hint): find / -name sshd_config -print

    Wherever, sshd_config lives, is probably your configuration directory for openssh. Note this directory and:


    ssh-keygen -t rsa1 -f <directory>/ssh_host_key -N "" ;
    ssh-keygen -t dsa -f <directory>/ssh_host_dsa_key -N "" ;
    ssh-keygen -t rsa -f <directory>/ssh_host_rsa_key -N "" ;

    While you are at it, note where your sshd_conf file is and have a run through it. X11 should be enabled by default. I recommend disabling protocol version 1 for security reasons.

    Change in sshd_config:

    Protocols 2,1
    to
    Protocols 2


    Makefiles are your friend

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  6. #6
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Makefiles are your friend
    That is the best single bit of linux advice I have seen in a while!
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  7. #7
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,021
    Originally posted here by RoadClosed


    That is the best single bit of linux advice I have seen in a while!
    The best I ever got was :

    locate is your friend

    They were right.
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •