[WBEL-users] Where to start with an SSH server ?

Benjamin J. Weiss Benjamin J. Weiss" <benjamin@birdvet.org
Tue, 2 Nov 2004 08:48:34 -0600 (CST) 

On Tue, 2 Nov 2004, Jean Lee wrote:

> Hello,
> 
> I want to implement a corporate ftp server using ssh.
> Is OpenSSH a good choice ?
> Do I have to use sshd or sshd_ftpserver ?
> Where can I find a good documentation and tutorial for it ? I'm new and 
> I would like to understand how it works and not only how to use it.
> 
> More genrally, I am quite new to the network, file sharing over internet 
> and security problems and I would like to understand the differences 
> between FTP, SSH, TLS secured FTP, Kerberos, S/Keys, VPN, (Why not FTP 
> over VPN if it exists) and all the others that I  don't know.... Is 
> there any existing documentation which explains the general usage of 
> these protocols and makes a comparison of usage, security and the 
> application (and why not make a comparison of avalaible binaries for each)?
> Yes I know : I ask a lot :) but I'm a bit lost with all these abreviations.
> 
> Thanks for any help,

Jean,

The ssh (Secure SHell) daemon that comes with Redhat and Whitebox linux 
also handles sftp (Secure File Transfer Protocol) and scp (Secure CoPy) 
protocol.  sftp is a good way to securely move or copy files back and 
forth across a network.

The major problem with ftp is that the user name and password are sent "in 
the clear", meaning non-encrypted.  This means that anybody running a 
sniffer on the network can get your user name and password, as well as 
whatever files you're transmitting or receiving. 

sftp encrypts the user name, password, and the file data, so you should be 
safe.  And the beauty of it is, you won't have to install any new software 
on your linux box, as it comes installed by default!

You *do* need to make two changes to the configuration file, to make sure 
that your ssh daemon is secure.  You'll need to open /etc/ssh/sshd_config 
and find the line that looks like:

# Protocol 2,1

and change it to look like

Protocol 2

This is because ssh protocol 1 has serious flaws and is insecure.

The other line that you should change is:

# PermitRootLogin yes

and change it to look like

PermitRootLogin no

This will keep out folks trying to hack your root login over the internet.

Once you've made these two changes and saved them, restart your ssh daemon 
with the command:

service sshd restart

And you should be set.

WinSCP is a very good Windows sftp/scp client that I use all the time to 
access my linux server.  It's great for copying files, and  can be found 
at:

http://winscp.sourceforge.net/eng/

About the best ssh client (basically a secure telnet replacement) is 
called PuTTY, and can be found at:

http://www.chiark.greenend.org.uk/~sgtatham/putty/

These are my favorite ways of accessing my server securely.

Hope this helps!

Ben