Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sun 09 Dec 2018, 16:11
All times are UTC - 4
 Forum index » House Training » Beginners Help ( Start Here)
How to install OpenSSH server in Xenial 7.5?
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 2 [21 Posts]   Goto page: Previous 1, 2
Author Message
soniabu


Joined: 01 Feb 2018
Posts: 35

PostPosted: Tue 20 Nov 2018, 06:37    Post subject:  

All right, I'll try to understand. Confused
thanks to both of you
sonia
Back to top
View user's profile Send private message 
rockedge


Joined: 11 Apr 2012
Posts: 881
Location: Connecticut, United States

PostPosted: Tue 20 Nov 2018, 15:32    Post subject:  

all that must be in /etc/ssh/sshd_config for basic functions is :

Code:
X11Forwarding yes
XAuthLocation /usr/bin/xauth
# override default of no subsystems
Subsystem   sftp   /usr/libexec/sftp-server



one must open the Puppy Package Manager,l search for and install xauth if it is not present.

this set up will allow X11 being forwarded...sometimes I run rox-filer through ssh or use palemoon and tunnel the IP through the router....so if I am in Germany I can see US content through my machine in the basement in Connecticut which the world thinks my IP is..when in fact I am in Germany using a machine as a terminal.
Back to top
View user's profile Send private message Visit poster's website 
rufwoof

Joined: 24 Feb 2014
Posts: 2706

PostPosted: Tue 20 Nov 2018, 16:53    Post subject:  

Xforwarding and xauth through ssh are only moderately secure, incorrect setting/testing of DISPLAY for instance can leave you as good as wide open.

Reasonable practice is to ensure you set a password when you generate a ssh key, so if that device is stolen there's a barrier (password) involved to ssh into a host/server. Also on the server use both key and password authentication ... typically by including AuthenticationMethods publickey,password ... as that first authenticates using keys that as good as mitigates man in middle attacks, which having authenticated the key also requires you know the password - i.e. protection in the event of the private key having been compromised/stolen.

Leaving port 22 open/port forwarded as the ssh port is also a common attack vector. Even if they don't get in your system can become overloaded with a barrage of brute force attack attempts. Shifting the port up to a high port number, 2222 or whatever is less inclined to be found/attacked. Even then however ideally your firewall will be set to blacklist attacks. I use pf for my firewall and have a blacklist table along with a rule ...
Code:
pass inet proto tcp from any to any port ssh \
flags S/SA keep state \
(max-src-conn 5, max-src-conn-rate 5/30, \
overload <badhosts> flush global)

so that brute force attacks are quickly blacklisted.

Permitting root ssh access isn't a good choice as that requires cracking just a password alone to gain root access, better to restrict ssh to a specific userid, as they then have to 'guess' both the userid and password to get in, and then have to know the root password to su into root.

This is all secondary however to the OP's problem of getting sshd (server) working in the first place.

_________________
( ͡° ͜ʖ ͡°) :wq
Back to top
View user's profile Send private message 
don570


Joined: 10 Mar 2010
Posts: 5195
Location: Ontario

PostPosted: Tue 20 Nov 2018, 21:34    Post subject:  

I was able to get SSH to work in both directions i.e.

Raspberry pi3 to a PC with Xenial 7.5 and Xenial 7.5 to raspberry pi3

Here is how I did it...

1) Raspberry pi3 has dropbear (SSH clone) already installed
2) I installed dropbear in Xenial 7.5 with barry's pet package
http://distro.ibiblio.org/quirky/quirky6/x86/packages/pet_packages-common/dropbear-2016.74-static-br-x86.pet

3) open boot manager from start menu and go to service tab(see image)
Tick dropbear so that it will run automatically at boot time.

4) reboot . SSH will be running automatically

If you get warning that there is a wrong authorization number
when trying to get into a computer with SSH
then erase the corresponding line in file in /root/.ssh/
________________________________________________
capture3128.png
 Description   
 Filesize   18.96 KB
 Viewed   57 Time(s)

capture3128.png

Back to top
View user's profile Send private message 
soniabu


Joined: 01 Feb 2018
Posts: 35

PostPosted: Wed 21 Nov 2018, 08:42    Post subject:  

Sonia, are we clear?
Guys, I'm going through the drawers to find the revolver... Laughing
Back to top
View user's profile Send private message 
don570


Joined: 10 Mar 2010
Posts: 5195
Location: Ontario

PostPosted: Thu 22 Nov 2018, 19:24    Post subject:  

Are you having problems installing dropbear??
It should be a simple click. It's a great substitute for ssh package.
There is no need to worry about whether it is a client or server.

http://distro.ibiblio.org/quirky/quirky6/x86/packages/pet_packages-common/dropbear-2016.74-static-br-x86.pet
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 2 of 2 [21 Posts]   Goto page: Previous 1, 2
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » Beginners Help ( Start Here)
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.3507s ][ Queries: 13 (0.0259s) ][ GZIP on ]