Difference between pages "Package:OpenSSH" and "User:Lo0na"

(Difference between pages)
m
 
(Added Jabber Info)
 
Line 1: Line 1:
{{Ebuild
+
{{Person
|Summary=Port of OpenBSD's free SSH release
+
|Geoloc=48.1852, 11.38947
|CatPkg=net-misc/openssh
+
|Blogs=
|Homepage=http://www.openssh.com/
+
 
}}
 
}}
 
+
XMPP/Jabber: loona@fu411.com
= Introduction =
+
SSH is a cryptographically confidential network protocol for data transmission between 2 networked computers. There are 2 protocol versions; SSH-1 and SSH-2.
+
 
+
= Default Installation =
+
Funtoo uses the OpenSSH daemon (sshd) to provide the SSH service by default. sshd is a member of [[OpenRC_(Funtoo)|OpenRC]]'s default runlevel.
+
 
+
By default login is allowed for all users via the ssh daemon on port 22 with any valid username and password combination.
+
 
+
= Service configuration =
+
There are 2 means of configuring <code>sshd</code>. The first is required, the second is optional.
+
 
+
# <code>sshd</code> reads its configuration data from <code>/etc/ssh/sshd_config</code> by '''''default'''''.
+
# <code>sshd</code> may be configured to use PAM.<br/>Permission may be granted or denied via PAM, allowing you to store usernames etc. using text files.
+
 
+
= Protocol version selection =
+
The '''''default''''' protocol version is SSH-2. SSH-1 requires explicit activation. To select a protocol version, use the <code>Protocol</code> directive.
+
 
+
e.g. <code>Protocol 2</code>
+
 
+
= Cipher selection =
+
The <code>Ciphers</code> directive specifies the ciphers allowed for protocol version 2.
+
 
+
= User Authentication =
+
== Single authentication method ==
+
# Password authentication<br/>This is enabled by '''''default''''', it is configured using the <code>PasswordAuthentication</code> directive. Valid parameters are <code>yes</code> or <code>no</code>.<br/>When <code>PasswordAuthentication yes</code> is configured, the state of the <code>PermitEmptyPasswords</code> directive is evaluated.
+
# Public key authentication
+
This is enabled with combinations of <code>AuthorizedKeysFile</code>, <code>AuthorizedKeysCommand</code> and <code>AuthorizedKeysCommandUser</code>.
+
 
+
 
+
# Host-based authentication
+
== Requiring multiple authentication factors ==
+
These options are only available for SSH-2. The '''''default''''' is not to require multiple authentication. To identify to the daemon that you wish to require more than one authentication, you must use the <code>AuthenticationMethods</code> directive. This directive is followed by one or more comma separated lists of authentication method names. Lists are separated with a space. Successful authentication requires completion of every method in at least one of these lists.
+
 
+
# password
+
# publickey
+
# keyboard-interactive
+
 
+
e.g. <code>AuthenticationMethods "password,publickey password,keyboard-interactive"</code>
+
== Password authentication using <code>sshd_config</code> ==
+
The following 4 directives are listed in order of evaluation by OpenSSH. They are configured directly; within <code>sshd_config</code>. Only user or group _names_ are valid, numerical IDs are not recognized. If the pattern takes the form <code>USER@HOST</code> then access is restricted to the <code>USER</code> when originating from the <code>HOST</code>.
+
 
+
;<code>DenyUsers PATTERN PATTERN ...</code>
+
:Login is forbidden for users whose username matches one of the patterns
+
 
+
;<code>AllowUsers PATTERN PATTERN ...</code>
+
:Login is permitted to users whose username matches one of the patterns
+
 
+
;<code>DenyGroups PATTERN PATTERN ...</code>
+
:Login is forbidden for users whose primary group or supplementary group list matches one of the patterns
+
 
+
;<code>AllowGroups PATTERN PATTERN ...</code>
+
:Login is permitted to users whose primary group or supplementary group list matches one of the patterns
+
 
+
== Public key authentication ==
+
<code>AuthorizedKeysFile</code>
+
<code>AuthorizedKeysCommand</code>
+
<code>AuthorizedKeysCommandUser</code>
+
 
+
 
+
== Host based authentication ==
+
 
+
= Access control =
+
== Controlling root access ==
+
Access by the root user can be controlled using the <code>PermitRootLogin</code> directive.
+
=== Permit empty passwords ===
+
Access to accounts with empty (i.e. blank) passwords can be controlled using the <code>PermitEmptyPasswords</code> directive.
+
 
+
 
+
ChallengeResponseAuthentication
+
Ciphers
+
 
+
GSSAPIAuthenticaion
+
GSSAPICleanupCredentials
+
GSSAPIStrictAcceptorCheck
+
HostBasedAuthentication
+
HostBasedUsesNameFromPacketOnly
+
HostCertificate
+
HostKey
+
HostKeyAgent
+
LoginGraceTime
+
MAC
+
MaxAuthTries
+
MaxSessions
+
MaxStartups
+
PasswordAuthentication
+
PermitEmptyPasswords
+
PubkeyAuthentication
+
RevokedKeys
+
RhostsRSAAuthentication
+
RSAAuthentication
+
TrustedUserCAKeys
+
UseLogin
+
UsePAM
+
 
+
= X11 Forwarding =
+
 
+
By default X11 forwarding is disabled in OpenSSHd,
+
 
+
If you would like to forward X11 from your Funtoo box to a remote system you must first edit your /etc/ssh/sshd_config file
+
 
+
change
+
<pre>
+
#X11Forwarding no
+
#X11DisplayOffset 10
+
#X11UseLocalhost yes
+
</pre>
+
to<br />
+
<pre>
+
X11Forwarding yes
+
X11DisplayOffset 10
+
X11UseLocalhost yes
+
</pre>
+
 
+
 
+
X forwarding will now be enabled from that machine, so if you connect from your remote with 'ssh -X <user>@<ipaddress>' X sessions will be forwarded
+
 
+
[[Category:Networking]]
+
 
+
{{EbuildFooter}}
+

Latest revision as of 04:03, January 27, 2015

Lunar Z. Lila

Contact

freenode: lo0na

Location

Loading map...
(48° 11' 7", 11° 23' 22")



XMPP/Jabber: loona@fu411.com