OpenBSD Journal

Onlamp: Cryptosystems: Configuring SSH

Contributed by jose on from the more-from-dru dept.

Dru continues to write in the FreeBSD Basics column on Onlamp. This time around it's Configuring OpenSSH . While many experienced people may not find this useful, new admins may wish to have a peek and see if it can't help them.

(Comments are closed)


Comments
  1. By Anonymous Coward () on

    Really?

    Comments
    1. By Anonymous Coward () on

      yes.

  2. By Xenotrope () on

    This doesn't tie in directly to Dru's article, but it is about OpenSSH configuration. I'm looking to run sshd as different user. Has anyone had any success finding a completely non-root config for sshd?

    Comments
    1. By Anonymous Coward () on

      the regression tests for sshd run non-root on openbsd.

    2. By Jeffrey () on

      Yes, IIRC you can in fact do this with little difficulty.

      Primarily, refer to sshd(8) and sshd_config(5),
      but in short something the following should get you started...
      1) generate a host key and put it somewhere.
      2) copy /etc/ssh/sshd_config somewhere and change (pick values that work for you):
      # example
      Port 2022
      ListenAddress 192.168.0.1
      HostKey /path/to/key/you/generated
      # maybe add..?
      AllowUsers
      # remainder of defaults and other sensible options
      ...
      3) invoke as: sshd -f

      Note: privsep? i think you would have to disable it. who can connect? only the user who you run it as..? i think that's right. easy to test. try it and see. run it as you. see if anyone else can connect.

      Comments
      1. By Jeffrey () on

        oops, submit stripped out angle brackets...

        That should be:
        AllowUsers user_running_sshd

        and:
        sshd -f your_config_file

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]