May 14th, 2011, 01:15 AM
Since you are playing with this to learn it maybe I can clear up a few things, more down and dirty approach though because I have never used a GUI with sshd. Once you know how it works maybe you can streamline things. Start by just getting ssh to work. I am assuming you know how to get around *nix with a CLI ?
1) Forget anything about openssl ... different animal as SirDice said.
2) in your setup of SSH you have PasswordAuthentication enabled. As westin said, that is not the most secure. Disable it!
3) you'll want to set up a public/private key for the client, using the client
( puttygen.exe if the clients will be windows boxes. )
( note: you should always insist the users create a passphrase for the key, and make sure they NEVER forget it! Otherwise they will have to make a new key and you will have to revoke the old one from the server. )
you will then copy the client's public key to the server and put it in the user's home directory.
Example: once the public key is transferred over to the server, use something like
ssh-keygen -i -f ( file name of the key ) > /home/user/.ssh/authorized_keys
( if you are going to be importing more keys for that user, you will have to use >> instead of > for future keys so you append and do not overwrite the original file.)
Also, you should verify the permissions of the file ( should be 600 )
If you can use their GUI to import the public key into the ssh server instead of my way you might try that ( again I have never used FreeNAS ) but the important thing is the private key stays on the client, the public key gets imported to the server.
you should now be able to log into the server from the client ( using something like Putty )
If this is all working, now you can go ahead and check the Subsystem option in sshd_config as SirDice said. As I am unfamiliar with FreeNAS I do not know if it is enabled by default when you enabled the ssh daemon.
Since the server is going to be behind a firewall, and access will be from the Internet, you might set up the clients to connect to a high number port, then forward that port on the firewall to the ssh server port 22! ( you can change port 22 to whatever if the server is going to located in a congested local network too, using the sshd_config. ) Just take one step at a time, making sure each one is working before going to the next. Just remember, if you do forward the port on the firewall and then try to connect from inside the perimeter, you will need to connect to port 22 from inside ( or whatever port you chose ) and not the one clients from outside use.
Oh, and make sure you turn off that damn FTP service !!!!!
BTW, putty generated keys can be converted if you want to use them in a *nix ssh client, just see the documentation for puttygen. If you don't understand that, just ignore it, it might be more confusing, but useful if your client dual boots.
Maybe you could make that beginning to end tutorial??
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
By Irongeek in forum The Security Tutorials Forum
Last Post: September 19th, 2008, 04:14 PM
By gore in forum Operating Systems
Last Post: February 25th, 2005, 07:12 AM
By gore in forum Other Tutorials Forum
Last Post: October 5th, 2004, 08:26 AM
By jr05linux in forum Other Tutorials Forum
Last Post: July 28th, 2004, 12:07 PM
By gore in forum Newbie Security Questions
Last Post: December 29th, 2003, 07:01 AM
Tags for this Thread