# SSH, or telnet? What do I need?

## TheWart

Okay, I just installed Gentoo on my old p200, (about 17 hours IIRC), this is for a gameserver for a ~10-12 person Lan party I am going to when school is done.  However, I also did it just for my home network, which consists of this box and two other comps.   However, since I only have two keyboards and mice and monitors, it is going to be a pain for me to hook in a monitor and stuff every time i want to change a mpa or something.  So I was like, well can't I just telnet into the box and run commands from windows?  However, to be honest, I have no idea how to do this.  Would I use telnet or ssh?  

I would appreciate any and all guidance, and links to what I need to do/get would be GREATLY appreciated.  Thanks in advance!

----------

## filter69

SSH Man........

----------

## Guest

ssh is the choice nowadays, its more secure and has more features than telnet.  To intall on your gentoo box just type

emerge openssh

and then

rc-update add sshd default

then

/etc/init.d/sshd start

you can use putty availiable at

http://www.chiark.greenend.org.uk/~sgtatham/putty/

it is an excellent free ssh client for windows

----------

## TheWart

Thanks a lot for the links, looks like I should be in business soon!

----------

## dArkMaGE

one thing to beware of is that base windoze systems only include a telnet client and so cannot use an ssh server.  so if you do go with the ssh server (which you should) make sure to grab a prog like putty which is able to handle ssh connections.

----------

## Guest

When you set up sshd for the first time it will you ask for generating a keypair. Type the following:

```

ssh_keygen -t rsa -f /etc/ssh/ssh_host_rsa_key

ssh_keygen -t dsa -f /etc/ssh/ssh_host_dsa_key

```

And becaause there was recently a security exploit, open the file sshd_config and change the "protocol 1 2" to "protocol 2" to disable the weaker protocol.

If you want to use ssh as user and not root, be sure that a shell is assigned to that user. Sould work with, for example:

```

usermod -s /bin/bash username

```

----------

## jay

aargh... what session time out is here? fyi: i typed the above article...

----------

## RickN

 *Anonymous wrote:*   

> When you set up sshd for the first time it will you ask for generating a keypair. Type the following:
> 
> ```
> 
> ssh_keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
> ...

 

I read the above in an OpenSSH document, but they also had the following key in there:

ssh_keygen -t rsa1 -f /etc/ssh/ssh_host_key

Do you know what this one is used for, is it for the unsafe version 1 protocol you mentioned?

Also, in the document all the ssh_keygen commands had a "-N """ option appended to them, what is this for?

----------

## klieber

 *RickN wrote:*   

> Also, in the document all the ssh_keygen commands had a "-N """ option appended to them, what is this for?

 

man ssh-keygen

To quote:

 *The manpage for ssh-keygen wrote:*   

> -N new_passphrase
> 
> Provides the new passphrase

 

--kurt

----------

## RickN

 *klieber wrote:*   

> man ssh-keygen
> 
> 

 

Ah yes   :Embarassed: 

----------

## TheWart

Thanks for all the info guys.  I will be using PuTTY to connect from windows.

----------

## keschrich

unless recently changed, there is no need to manually run the commands to generate keypairs.  once ssh is emerged (actually its emerged on install isn't it?) , just do as root

```
rc-update add default sshd
```

and gentoo will start sshd automatically each time the system is restarted.  the first time it does this it will automatically generate the keypairs for you.  if you don't want to reboot the system, just do again as root:

```
/etc/init.d/sshd start
```

I loved telneter's at colllege, it was so fun to sit on my computer with a packet sniffer and see all the interesting emails going through the dorm  :Smile: 

----------

## alec

As someone above posted, PuTTY is a great client to connect with just about any protocol (ssh, telnet, raw, scp, ...), and fits nicely on a floppy disk.

http://www.chiark.greenend.org.uk/~sgtatham/putty/

SSH is definitly the way to go.

----------

## TheWart

Thanks guys, it worked!!!!

I did not have to emerge it, as it already was, but I DID have to create the keys.  I also had to change the port as I had to work around my router/firewall.  Other than that, it is pretty nifty, I must say.  I need to take Putty to school and control my comp from home, it would impress the gals   :Very Happy: 

----------

## Nitro

Just a side not, the sshd init script (/etc/init.d/sshd) will automatically generate your ssh keys upon first run.  Note the gen_keys function:

```
gen_keys() {

    if [ ! -e /etc/ssh/ssh_host_key ] ; then

        einfo "Generating Hostkey..."

        /usr/bin/ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N ''

    fi 

    if [ ! -e /etc/ssh/ssh_host_dsa_key ] ; then

        einfo "Generating DSA-Hostkey..."

        /usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N ''

    fi 

    if [ ! -e /etc/ssh/ssh_host_rsa_key ] ; then

        einfo "Generating RSA-Hostkey..."

        /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''

    fi

}
```

Will save ya a second or two down the road when you have to do it again.   :Smile: 

----------

## TheWart

Doh! O well, it didnt take but a few seconds to do the keys anyway.  Overall, it was a lot easier than I had expected after so many people said they couldnt get ssh working.

----------

## JohnnyGTO

I think that should be:

rc-update add sshd default

----------

## faithfull

Sorry guys but, if i undrestand, the forum initator needs only conect from his LAN to his "server", so isn't necessary use a cryptographic connection because the channel is secure.

Otherwise if he needs to connect from outside his LAN then is necessary a ssh connection.

----------

## metalhedd

while that is True, I wouldn't want to run a Telnet server on the system, its just another hole for potential attacks.  your network is only as secure as its weakest opening, and theres no need to run a telnet server when SSH is 1000% more secure.

----------

## id10t

Yes you need ssh instead.  No excuse to run telnet for any reason on any server.  Port scanning at LAN parties can be fun, as can packetsniffing if you can get on a hub between a few computers.

At the same time, a firewall is a Good Thing too - yes, even at a LAN party.

One other thing you will definately want is screen - lets you reconnect, etc. to the  server process running.  Its a Quake* admin's little helper.

----------

## dju

for the guy which has gloves with scp   :Very Happy: 

 winscp : http://winscp.vse.cz/eng/

----------

## meekrob

It's a command line ssh / sftp / scp client for windows.  It's nice because it's the exact same tool you use under gentoo ported to windows.  Plus you can run an SSH server.  Nice.  I use this tool a lot.

http://www.networksimplicity.com/openssh/

----------

## n0ir

Not sure if this has been covered as of yet but I think changing sshd_config to dissalow root logins is a good idea..

----------

## jtmace

you can use telnet if your crazy and in a secured, isolated enviroment, but even in such i am paranoid enough to still use ssh

----------

## abhishek

I know i probablyy shouldnt run telnet on my comp over then net, but i want to cinnect to it from a school lab, and dont want to run other softwar there, and win2k comes with a telnet client, so what would i need to set up a telnet server?

----------

## klieber

man telnetd, search google, etc.

--kurt

----------

## metalhedd

Putty is a great windows SSH Client that doesn't Install anything anywhere. its just once EXE. Download it to your desktop and delete it after, won't leave a trace. I used to use it from school labs all the time.

----------

