Difference between pages "Package:OpenSSH" and "Package:Mosh"

(Difference between pages)
m
 
 
Line 1: Line 1:
 
{{Ebuild
 
{{Ebuild
|Summary=Port of OpenBSD's free SSH release
+
|Summary=A replacement for SSH that is resilient to intermittent network connections, and supports roaming (changing) network connections.
|CatPkg=net-misc/openssh
+
|CatPkg=net-misc/mosh
|Homepage=http://www.openssh.com/
+
|Homepage=https://mosh.mit.edu/
 
}}
 
}}
 +
'''Mosh''' is a replacement for SSH is resilient to intermittent network connections, and supports roaming (changing) network connections.  Mosh can maintain a remote connection while network connections intermittently go up and down, and routes to the Internet change.  Mosh depends upon {{package|net-misc/openssh}}.  Mosh uses udp ports 60000-61000 sequentially.
  
= Introduction =
+
== Installation ==
SSH is a cryptographically confidential network protocol for data transmission between 2 networked computers. There are 2 protocol versions; SSH-1 and SSH-2.
+
=== Merge ===
 +
Install {{Package|net-misc/mosh}}:
  
= Default Installation =
+
<console>###i## emerge net-misc/mosh</console>
Funtoo uses the OpenSSH daemon (sshd) to provide the SSH service by default. sshd is a member of [[OpenRC_(Funtoo)|OpenRC]]'s default runlevel.
+
  
By default login is allowed for all users via the ssh daemon on port 22 with any valid username and password combination.
+
== Usage ==
  
= Service configuration =
+
Mosh requires UTF-8 locales set to run. This is the default for Funtoo Linux if you have not set any specific locales.
There are 2 means of configuring <code>sshd</code>. The first is required, the second is optional.
+
  
# <code>sshd</code> reads its configuration data from <code>/etc/ssh/sshd_config</code> by '''''default'''''.
+
=== Connecting ===
# <code>sshd</code> may be configured to use PAM.<br/>Permission may be granted or denied via PAM, allowing you to store usernames etc. using text files.
+
  
= Protocol version selection =
+
Remote host only needs running ssh, mosh package installed, and utf8 locale set.
The '''''default''''' protocol version is SSH-2. SSH-1 requires explicit activation. To select a protocol version, use the <code>Protocol</code> directive.
+
 
+
e.g. <code>Protocol 2</code>
+
 
+
= Cipher selection =
+
The <code>Ciphers</code> directive specifies the ciphers allowed for protocol version 2.
+
 
+
= User Authentication =
+
== Single authentication method ==
+
# Password authentication<br/>This is enabled by '''''default''''', it is configured using the <code>PasswordAuthentication</code> directive. Valid parameters are <code>yes</code> or <code>no</code>.<br/>When <code>PasswordAuthentication yes</code> is configured, the state of the <code>PermitEmptyPasswords</code> directive is evaluated.
+
# Public key authentication
+
This is enabled with combinations of <code>AuthorizedKeysFile</code>, <code>AuthorizedKeysCommand</code> and <code>AuthorizedKeysCommandUser</code>.
+
 
+
=== Passwordless Authentication ===
+
==== Client ====
+
on your client run
+
<console>###i## ssh-keygen -t rsa</console>
+
Dialogs will be presented, you can press enter several times to accept defaults.
+
 
+
<code>~/.ssh/id_rsa.pub</code> will be generated.  Copy or append the contents of this file to the servers <code>~/.ssh/authorized_keys</code>
+
 
+
==== Server ====
+
Create a user, or select which user the client will be accessing the server as,  then place clients id_rsa.pub file into the users <code>~/.ssh/authorized_keys</code>
+
 
+
==== Single Machine Testing ====
+
<console>###i## ssh-keygen -t rsa</console>
+
Press enter several times to accept default settings.
+
<console>###i## cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys</console>
+
<console>###i## ssh localhost</console>
+
 
+
# Host-based authentication
+
== Requiring multiple authentication factors ==
+
These options are only available for SSH-2. The '''''default''''' is not to require multiple authentication. To identify to the daemon that you wish to require more than one authentication, you must use the <code>AuthenticationMethods</code> directive. This directive is followed by one or more comma separated lists of authentication method names. Lists are separated with a space. Successful authentication requires completion of every method in at least one of these lists.
+
 
+
# password
+
# publickey
+
# keyboard-interactive
+
 
+
e.g. <code>AuthenticationMethods "password,publickey password,keyboard-interactive"</code>
+
== Password authentication using <code>sshd_config</code> ==
+
The following 4 directives are listed in order of evaluation by OpenSSH. They are configured directly; within <code>sshd_config</code>. Only user or group _names_ are valid, numerical IDs are not recognized. If the pattern takes the form <code>USER@HOST</code> then access is restricted to the <code>USER</code> when originating from the <code>HOST</code>.
+
 
+
;<code>DenyUsers PATTERN PATTERN ...</code>
+
:Login is forbidden for users whose username matches one of the patterns
+
 
+
;<code>AllowUsers PATTERN PATTERN ...</code>
+
:Login is permitted to users whose username matches one of the patterns
+
 
+
;<code>DenyGroups PATTERN PATTERN ...</code>
+
:Login is forbidden for users whose primary group or supplementary group list matches one of the patterns
+
 
+
;<code>AllowGroups PATTERN PATTERN ...</code>
+
:Login is permitted to users whose primary group or supplementary group list matches one of the patterns
+
 
+
== Public key authentication ==
+
<code>AuthorizedKeysFile</code>
+
<code>AuthorizedKeysCommand</code>
+
<code>AuthorizedKeysCommandUser</code>
+
 
+
 
+
== Host based authentication ==
+
 
+
= Access control =
+
== Controlling root access ==
+
Access by the root user can be controlled using the <code>PermitRootLogin</code> directive.
+
=== Permit empty passwords ===
+
Access to accounts with empty (i.e. blank) passwords can be controlled using the <code>PermitEmptyPasswords</code> directive.
+
 
+
 
+
ChallengeResponseAuthentication
+
Ciphers
+
 
+
GSSAPIAuthenticaion
+
GSSAPICleanupCredentials
+
GSSAPIStrictAcceptorCheck
+
HostBasedAuthentication
+
HostBasedUsesNameFromPacketOnly
+
HostCertificate
+
HostKey
+
HostKeyAgent
+
LoginGraceTime
+
MAC
+
MaxAuthTries
+
MaxSessions
+
MaxStartups
+
PasswordAuthentication
+
PermitEmptyPasswords
+
PubkeyAuthentication
+
RevokedKeys
+
RhostsRSAAuthentication
+
RSAAuthentication
+
TrustedUserCAKeys
+
UseLogin
+
UsePAM
+
 
+
= X11 Forwarding =
+
 
+
By default X11 forwarding is disabled in OpenSSHd,
+
 
+
If you would like to forward X11 from your Funtoo box to a remote system you must first edit your /etc/ssh/sshd_config file
+
 
+
change
+
<pre>
+
#X11Forwarding no
+
#X11DisplayOffset 10
+
#X11UseLocalhost yes
+
</pre>
+
to<br />
+
<pre>
+
X11Forwarding yes
+
X11DisplayOffset 10
+
X11UseLocalhost yes
+
</pre>
+
 
+
 
+
X forwarding will now be enabled from that machine, so if you connect from your remote with 'ssh -X <user>@<ipaddress>' X sessions will be forwarded
+
 
+
== Intrusion Prevention ==
+
ssh is a commonly attacked service. {{package|app-admin/sshguard}} monitors logs, and black list remote users who have repeatedly failed to login.
+
 
+
[[Category:Networking]]
+
  
 +
<console>$##i## mosh user@remote-host.com</console>
 
{{EbuildFooter}}
 
{{EbuildFooter}}

Revision as of 02:44, December 28, 2014

net-misc/mosh


Source Repository:Repository:Gentoo Portage Tree

https://mosh.mit.edu/

Summary: A replacement for SSH that is resilient to intermittent network connections, and supports roaming (changing) network connections.

Use Flags

client
Build network client
examples
Include example scripts
mosh-hardening
Enable compiler and linker options to frustrate memory corruption exploits
server
Build network server
ufw
Install net-firewall/ufw rule set
utempter
Include libutempter support

News

Drobbins

ARM Rebuild

ARM systems will use new stage3's that are not compatible with earlier versions.
2015-06-27 by Drobbins
Drobbins

ABI X86 64 and 32

Funtoo Linux has new 32-bit compatibility libraries inherited from Gentoo. Learn about them here.
2015-06-18 by Drobbins
Drobbins

Pre-built kernels!

Funtoo stage3's are now starting to offer pre-built kernels for ease of install. read more....
2015-05-12 by Drobbins
More...

Mosh

Tip

We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.

Mosh is a replacement for SSH is resilient to intermittent network connections, and supports roaming (changing) network connections. Mosh can maintain a remote connection while network connections intermittently go up and down, and routes to the Internet change. Mosh depends upon Package:OpenSSH. Mosh uses udp ports 60000-61000 sequentially.

Installation

Merge

Install Package:Mosh:

# emerge net-misc/mosh

Usage

Mosh requires UTF-8 locales set to run. This is the default for Funtoo Linux if you have not set any specific locales.

Connecting

Remote host only needs running ssh, mosh package installed, and utf8 locale set.

$ mosh user@remote-host.com