Difference between pages "Package:OpenSSH" and "Package:Mosh"

From Funtoo
(Difference between pages)
Jump to navigation Jump to search
m
 
m
 
Line 1: Line 1:
{{Ebuild
{{Ebuild
|Summary=Port of OpenBSD's free SSH release
|Summary=Mobile shell that supports roaming and intelligent local echo
|CatPkg=net-misc/openssh
|CatPkg=net-misc/mosh
|Homepage=http://www.openssh.com/
|Maintainer=
}}
}}
'''Mosh''' is a ssh client server that is aware of connectivity problems of the original ssh implementation.  Mosh can migrate physical connections and ip addresses while staying connected.  Mosh depends upon {{package|net-misc/openssh}}.  Mosh uses udp ports 60000-61000 sequentially.


= Introduction =
== Installation ==
SSH is a cryptographically confidential network protocol for data transmission between 2 networked computers. There are 2 protocol versions; SSH-1 and SSH-2.
=== Merge ===
Install {{Package|net-misc/mosh}}:


= Default Installation =
<console>###i## emerge net-misc/mosh</console>
Funtoo uses the OpenSSH daemon (sshd) to provide the SSH service by default. sshd is a member of [[OpenRC_(Funtoo)|OpenRC]]'s default runlevel.


By default login is allowed for all users via the ssh daemon on port 22 with any valid username and password combination.
== Usage ==


= Service configuration =
Mosh requires utf8 locales set to run. This is the default for Funtoo Linux if you have not set any specific locales.
There are 2 means of configuring <code>sshd</code>. The first is required, the second is optional.


# <code>sshd</code> reads its configuration data from <code>/etc/ssh/sshd_config</code> by '''''default'''''.
<console>###i## echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen</console>
# <code>sshd</code> may be configured to use PAM.<br/>Permission may be granted or denied via PAM, allowing you to store usernames etc. using text files.
<console>###i## locale-gen</console>
<console>###i## eselect locale set en_US.utf8</console>


= Protocol version selection =
=== Connecting ===
The '''''default''''' protocol version is SSH-2. SSH-1 requires explicit activation. To select a protocol version, use the <code>Protocol</code> directive.


e.g. <code>Protocol 2</code>
remote host only needs running ssh, mosh package installed, and utf8 locale set.


= Cipher selection =
<console>$##i## mosh user@remote-host.com</console>
The <code>Ciphers</code> directive specifies the ciphers allowed for protocol version 2.
 
= User Authentication =
== Single authentication method ==
# Password authentication<br/>This is enabled by '''''default''''', it is configured using the <code>PasswordAuthentication</code> directive. Valid parameters are <code>yes</code> or <code>no</code>.<br/>When <code>PasswordAuthentication yes</code> is configured, the state of the <code>PermitEmptyPasswords</code> directive is evaluated.
# Public key authentication
This is enabled with combinations of <code>AuthorizedKeysFile</code>, <code>AuthorizedKeysCommand</code> and <code>AuthorizedKeysCommandUser</code>.
 
 
# Host-based authentication
== Requiring multiple authentication factors ==
These options are only available for SSH-2. The '''''default''''' is not to require multiple authentication. To identify to the daemon that you wish to require more than one authentication, you must use the <code>AuthenticationMethods</code> directive. This directive is followed by one or more comma separated lists of authentication method names. Lists are separated with a space. Successful authentication requires completion of every method in at least one of these lists.
 
# password
# publickey
# keyboard-interactive
 
e.g. <code>AuthenticationMethods "password,publickey password,keyboard-interactive"</code>
== Password authentication using <code>sshd_config</code> ==
The following 4 directives are listed in order of evaluation by OpenSSH. They are configured directly; within <code>sshd_config</code>. Only user or group _names_ are valid, numerical IDs are not recognized. If the pattern takes the form <code>USER@HOST</code> then access is restricted to the <code>USER</code> when originating from the <code>HOST</code>.
 
;<code>DenyUsers PATTERN PATTERN ...</code>
:Login is forbidden for users whose username matches one of the patterns
 
;<code>AllowUsers PATTERN PATTERN ...</code>
:Login is permitted to users whose username matches one of the patterns
 
;<code>DenyGroups PATTERN PATTERN ...</code>
:Login is forbidden for users whose primary group or supplementary group list matches one of the patterns
 
;<code>AllowGroups PATTERN PATTERN ...</code>
:Login is permitted to users whose primary group or supplementary group list matches one of the patterns
 
== Public key authentication ==
<code>AuthorizedKeysFile</code>
<code>AuthorizedKeysCommand</code>
<code>AuthorizedKeysCommandUser</code>
 
 
== Host based authentication ==
 
= Access control =
== Controlling root access ==
Access by the root user can be controlled using the <code>PermitRootLogin</code> directive.
=== Permit empty passwords ===
Access to accounts with empty (i.e. blank) passwords can be controlled using the <code>PermitEmptyPasswords</code> directive.
 
 
ChallengeResponseAuthentication
Ciphers
 
GSSAPIAuthenticaion
GSSAPICleanupCredentials
GSSAPIStrictAcceptorCheck
HostBasedAuthentication
HostBasedUsesNameFromPacketOnly
HostCertificate
HostKey
HostKeyAgent
LoginGraceTime
MAC
MaxAuthTries
MaxSessions
MaxStartups
PasswordAuthentication
PermitEmptyPasswords
PubkeyAuthentication
RevokedKeys
RhostsRSAAuthentication
RSAAuthentication
TrustedUserCAKeys
UseLogin
UsePAM
 
= X11 Forwarding =
 
By default X11 forwarding is disabled in OpenSSHd,
 
If you would like to forward X11 from your Funtoo box to a remote system you must first edit your /etc/ssh/sshd_config file
 
change
<pre>
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
</pre>
to<br />
<pre>
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
</pre>
 
 
X forwarding will now be enabled from that machine, so if you connect from your remote with 'ssh -X <user>@<ipaddress>' X sessions will be forwarded
 
[[Category:Networking]]


{{EbuildFooter}}
{{EbuildFooter}}

Revision as of 00:28, December 28, 2014

Mosh

   Tip

We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.

Mosh is a ssh client server that is aware of connectivity problems of the original ssh implementation. Mosh can migrate physical connections and ip addresses while staying connected. Mosh depends upon net-misc/openssh. Mosh uses udp ports 60000-61000 sequentially.

Installation

Merge

Install net-misc/mosh:

root # emerge net-misc/mosh

Usage

Mosh requires utf8 locales set to run. This is the default for Funtoo Linux if you have not set any specific locales.

root # echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
root # locale-gen
root # eselect locale set en_US.utf8

Connecting

remote host only needs running ssh, mosh package installed, and utf8 locale set.

user $ mosh user@remote-host.com