About
History
Features
Performance
Team
Mascot
Images

Community
Download
Mirrors
Mailing Lists
Source
Commercial
Donations
Bugs

Docs
Documentation
Pkgsrc
DPorts
FAQ
OpenGrok
Handbook
Man pages
Presentations

Security
PGP Keys

Exports
Hammer

sshserver

SSH Server on DragonFly

This document is very detailed so that a new user can be familiar with the environment.

If you try to ssh to a newly installed dfly from another system you will get this error

$ ssh root@172.16.50.62
ssh: connect to host 172.16.50.62 port 22: Connection refused

This is because sshd is not up and running on dfly. At this point if you check /etc/ssh you will only have the following files

# ls /etc/ssh
blacklist.DSA-1024      blacklist.RSA-2048      ssh_config
blacklist.DSA-2048      blacklist.RSA-4096      sshd_config
blacklist.RSA-1024      moduli

You don't have any SSH host keys generated for the system yet!

When you start sshd for the first time it is best to start it through the "/etc/rc.d/sshd" script which will automatically generate the host keys. For this to work right you need to do the following steps (these steps are not essential for DragonFly 2.8.2 since sshd is already enabled in rc.conf)

1) Enable sshd in rc.conf

#echo "sshd_enable=yes" >> /etc/rc.conf

2) Start the sshd server using the rc script

# /etc/rc.d/sshd start
Generating public/private rsa1 key pair.
Your identification has been saved in /etc/ssh/ssh_host_key.
Your public key has been saved in /etc/ssh/ssh_host_key.pub.
The key fingerprint is:
........
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
........
Starting sshd.

Now if you go back and look in /etc/ssh you will find the SSH host key files too.

# ls /etc/ssh
blacklist.DSA-1024      moduli                  ssh_host_key.pub
blacklist.DSA-2048      ssh_config              ssh_host_rsa_key
blacklist.RSA-1024      ssh_host_dsa_key        ssh_host_rsa_key.pub
blacklist.RSA-2048      ssh_host_dsa_key.pub    sshd_config
blacklist.RSA-4096      ssh_host_key

At this point if you try to ssh to the dfly you will get the following error

$ ssh sgeorge@172.16.50.62
The authenticity of host '172.16.50.62 (172.16.50.62)' can't be established.
RSA key fingerprint is 46:77:28:c2:70:86:93:1a:23:32:5f:01:2c:80:de:de.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.50.62' (RSA) to the list of known hosts.
Permission denied (publickey).

This is because of the following configuration option in the default "/etc/ssh/sshd_config" file.

# To disable tunneled clear text passwords, change to no here!
# We disable cleartext passwords by default
PasswordAuthentication no

Change it to

PasswordAuthentication yes

and reload sshd configuration

# /etc/rc.d/sshd reload
Reloading sshd config files.

Nowyou can login to the dragonfly system as a normal user.

$ ssh sgeorge@172.16.50.62
sgeorge at 172.16.50.62's password:
Last login: Tue Oct 19 04:17:47 2010
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
        The Regents of the University of California.  All rights reserved.

DragonFly v2.7.3.1283.gfa568-DEVELOPMENT (GENERIC.MP) #3: Thu Oct 14 12:01:24 IST 2010

....

But if you try to login by SSH as root you will get the following error.

$ ssh root at 172.16.50.62
root at 172.16.50.62's password:
Permission denied, please try again.

If you investigate the log of the dragonfly system "/var/log/auth.log" you will find a line similar to

Oct 19 07:29:36 dfly-vmsrv sshd[17269]: Failed password for root from 172.16.2.0 port 56447 ssh2

even if you typed the right password for root.

It is because of the following configuration option in the default "/etc/ssh/sshd_config" file

# only allow root logins via public key pair
PermitRootLogin without-password

which allowes only SSH key based authentication as root.

If you change it to

PermitRootLogin yes

and reload sshd configuration

# /etc/rc.d/sshd reload
Reloading sshd config files.

you can login as root

$ ssh root@172.16.50.62
root at 172.16.50.62's password:
Last login: Fri Oct  8 12:22:40 2010
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
        The Regents of the University of California.  All rights reserved.

DragonFly v2.7.3.1283.gfa568-DEVELOPMENT (GENERIC.MP) #3: Thu Oct 14 12:01:24 IST 2010

Welcome to DragonFly!
......

Now in the *"/var/log/auth.log" * you will find a line similar to

Oct 19 07:30:32 dfly-vmsrv sshd[17894]: Accepted password for root from 172.16.2.0 port 56468 ssh2

WARNING :

* It is not advisable to allow Root Login with password especially if your System is connected to the Internet unless you use Very Strong Passwords. You could be a victim of ssh password based brute force attacks. If you are victim of one such attack you can find entries like the following in your* "/var/log/auth.log file".

Oct 18 18:54:54 cross sshd[9783]: Invalid user maryse from 218.248.26.6
Oct 18 18:54:54 cross sshd[9781]: input_userauth_request: invalid user maryse
Oct 18 18:54:54 cross sshd[9783]: Failed password for invalid user maryse from 218.248.26.6 port 34847 ssh2
Oct 18 18:54:54 cross sshd[9781]: Received disconnect from 218.248.26.6: 11: Bye Bye
Oct 18 18:54:55 cross sshd[27641]: Invalid user may from 218.248.26.6
Oct 18 18:54:55 cross sshd[3450]: input_userauth_request: invalid user may
Oct 18 18:54:55 cross sshd[27641]: Failed password for invalid user may from 218.248.26.6 port 34876 ssh2
Oct 18 18:54:55 cross sshd[3450]: Received disconnect from 218.248.26.6: 11: Bye Bye
Oct 18 18:54:56 cross sshd[8423]: Invalid user admin from 218.248.26.6
Oct 18 18:54:56 cross sshd[3131]: input_userauth_request: invalid user admin
Oct 18 18:54:56 cross sshd[8423]: Failed password for invalid user admin from 218.248.26.6 port 34905 ssh2
Oct 18 18:54:56 cross sshd[3131]: Received disconnect from 218.248.26.6: 11: Bye Bye
Oct 18 18:54:57 cross sshd[7373]: Invalid user admin from 218.248.26.6
Oct 18 18:54:57 cross sshd[28059]: input_userauth_request: invalid user admin
Oct 18 18:54:57 cross sshd[7373]: Failed password for invalid user admin from 218.248.26.6 port 34930 ssh2
Oct 18 18:54:57 cross sshd[28059]: Received disconnect from 218.248.26.6: 11: Bye Bye
Oct 18 18:54:58 cross sshd[12081]: Invalid user admin from 218.248.26.6
Oct 18 18:54:58 cross sshd[22416]: input_userauth_request: invalid user admin
Oct 18 18:54:58 cross sshd[12081]: Failed password for invalid user admin from 218.248.26.6 port 34958 ssh2
Oct 18 18:54:58 cross sshd[22416]: Received disconnect from 218.248.26.6: 11: Bye Bye

Site copyright © 2003-2012