# Setting up SSH

## /\/\adco\/\/

How do I set up SSH?

I have read a few post about it, but nothing seems to have every thing I need...

I have emerged openssh, and keychain...

and I know to start ssh server its SSHD... 

But when I run it it says it has no keys... so I do the keygen but even after I do that and run SSHD, it still can't see the keys.

Any one know a good post/site that will walk me threw setting up SSH...

Thanks

----------

## Caffeine

To start the ssh server :

```
# /etc/init.d/sshd start
```

What does that say?

----------

## baboon

Try creating keys with no passphase (not ideal from a security standpoint but helpful when troubleshooting)

Be sure that the keys listed in sshd.conf have the same path and name as the keys generated by keygen.

----------

## /\/\adco\/\/

This is what I get....

madness root # sshd start

Extra argument start.

madness root # sshd

Could not load host key: /etc/ssh/ssh_host_key

Could not load host key: /etc/ssh/ssh_host_rsa_key

Could not load host key: /etc/ssh/ssh_host_dsa_key

Disabling protocol version 1. Could not load host key

Disabling protocol version 2. Could not load host key

sshd: no hostkeys available -- exiting.

----------

## baboon

How do those keys compare to the ones listed in your sshd_conf file?

You should have entries such as:

# HostKey for protocol version 1

HostKey /etc/ssh/ssh_host_key

# HostKeys for protocol version 2

HostKey /etc/ssh/ssh_host_rsa_key

HostKey /etc/ssh/ssh_host_dsa_key

----------

## /\/\adco\/\/

I do but there commented out.....

# HostKey for protocol version 1

#HostKey /etc/ssh/ssh_host_key

# HostKeys for protocol version 2

#HostKey /etc/ssh/ssh_host_rsa_key

#HostKey /etc/ssh/ssh_host_dsa_key

~~~~

I found this link... It looks good...

http://www-106.ibm.com/developerworks/library/l-keyc.html

Should this be all I need to set up SSH?

----------

## baboon

I think all you should need to do is uncomment the keys in the config file.

----------

## quantus

Ah, it looks like your running the sshd daemon directly rather then throught the init script. try:

```
/etc/init.s/sshd start
```

The init script will check for these keys and create them if necessary.

as a suggestion, lock down your sshd with the following directives:

```
# no ssh v1

Protocol 2

                                                                                

# disallows interactive logins to the root account, only

# public ssh keys in ~root/.ssh/authorized_keys are allowed.

PermitRootLogin without-password

                                                                                

# damn 3.7.1x has pam issues...  this prevents above directive

# from being overidden

UsePAM no

                                                                                

# dissallows interactive logins for everyone!  Authentication

# based solely on ~/.ssh/authorized_keys

PasswordAuthentication no

                                         

# limit which local accounts can remotely access das box to those

# belonging to these groups

AllowGroups sshers

                                                                                

# default security disclaimer message

Banner /etc/issue

```

----------

## /\/\adco\/\/

... no I just tried running it #sshd.... 

I re-emerged openssh and then it said that I should merge the config files in /etc/ssh....

What does that mean???

Ok so that script worked  :Very Happy:  thanks alot  :Very Happy: 

And I can connect to my self  :Wink: 

~~~

but I get this msg 

 * Can't find /root/.ssh/id_rsa; skipping...

 * Can't find /root/.ssh/id_dsa; skipping...

Should I be worryed about that? Should I make them?

~~~

Those errors were made by keychain....Last edited by /\/\adco\/\/ on Fri Nov 07, 2003 4:19 am; edited 1 time in total

----------

## /\/\adco\/\/

oh, is there any way to make it so that only some users can log into my system?

----------

## baboon

You should be able to do this by setting AllowUsers in the config file.

There's also a way you can create key pairs for the client machine and then place the public key for each client on the server.  I think it has to do with the AuthorizedKeysFile setting.

I haven't played with these completely yet.  

It's also a good idea to set PermitRootLogin to "no" and force users to su to root if needed.

----------

## somware

[quote="/\/\adco\/\/"]I do but there commented out.....

#HostKey /etc/ssh/ssh_host_key

#HostKey /etc/ssh/ssh_host_rsa_key

#HostKey /etc/ssh/ssh_host_dsa_key

Uncommenting this files helped me.

----------

## kashani

Adco, sshd start is not the same as /etc/init.d/sshd start. Please run the latter in its entirety and your problems will go away. What you're actually doing in the former is /usr/sbin/sshd start which is the daemon itself not the startup script, which will autocreate the keys that uniquely identify your system to clients. You may also want to do 

```

rc-update add sshd default

```

so that sshd will startup automatically when you reboot. 

kashani

----------

