# Gentoo SSH Guide

## nunogt

Hey guys,

Where can I find more information on conguring openssh (or a similar alternative) in Gentoo? 

I searched the FAQ and the docs, none of them seem to cover this subject.

Thanks in advance.

----------

## xces

 *nunogt wrote:*   

> Where can I find more information on conguring openssh (or a similar alternative) in Gentoo?

 

Ehm, man ssh, sshd, ssh_config, sshd_config.

What are you looking for specifically? I think OpenSSH is one of the easiest to configure network daemon, so what do you hope to find in such a howto/tutorial/whatever?

----------

## nunogt

Well, I had a quick look at the openssh official documentation, and there are a lot of variables you must configure, and they require some knowlegde to setup. I'd also like to know what are the available windows clients to connect to my linux sshd, and how to automatically start it during linux boot.

And there's probably lots of other good advices you could give me, too. For instance, will routers be a problem? What ports does shhd use, and where to configure them?

You see, it's no that simple. I think samba is a lot more easier to configure.

----------

## c4

I don't think setting up sshd should be a problem for you.

```
emerge -pv openssl openssh
```

The main config file in /etc/ssh/sshd_config, and you can set the port you like there. I'd also go for setting 

```
Protocol 2
```

 and 

```
PermitRootLogin no
```

 as for a bit more security.

Perhaps other users can provide further tips, but I run sshd pretty much with the default config. (on a private local network behind a firewall)

Once your done, 

```
/etc/init.d/sshd start
```

 to get sshd running, and 

```
rc-update add sshd default
```

 for adding sshd to your default runlevel. That's about all you need.

Putty is a nice sshd-client for windows, and it also supports using the alt-key. From what I understand, several other clients don't do that. Winscp is another useful tool for accessing your linux box from windows, its just like total commander, allowing you to transfer your files easily over ssh.

There shouldn't be any problems accessing your box through a router either, as long as it's configured properly. Just forward the traffic on the port you like to your linux box. I access several machines this way daily, over firewalls and routers.

----------

## nightblade

If you put your sshd daemon to listen on the Internet, be prepared to get a lot of scans from automated scripts that look for accounts with weak passwords. Be sure not to leave any easy-to-guess password around and consider using certificates. You can also set your server to listen on a non-standard port ("Port xxxx" in /etc/ssh/sshconfig), in order to fool those automated bots.

----------

## krinn

to setup my ssh i have search gentoo doc too, difference is that it seems i found it and you didn't....

http://www.gentoo.org/doc/en/gentoo-security.xml

----------

## hamaker

krinn, 

when I read that documentation some time ago, it scared the sh*t out of me. It sort of gave me the feeling that if I want to set up an sshd, I first need to board up my computer, place several shotguns within reach, and even whith some more precautions still I won't be able to sleep at night, as probably my computer will be hacked as I didn't prepare my defenses properly when I originally set up my Gentoo-box.   :Wink: 

So still I dare not set up sshd...

Could anybody explain to me what would be the security-risk when running sshd without  having followed the steps in the security-doc? And what steps should I take? It's just for a desktop on a little network I share with my housemates and I would like to ssh to my box from outside our network.

thanks.

----------

## krinn

lol@shotguns 

If i was you i will choose: ssh disable passwords, only grant access to ppl your server got the key... (this is the most secure for me)

As no passwords are involve, you don't need to care about weak passwords...

EDIT: before you ask

```

PermitRootLogin no

PubkeyAuthentication yes

AuthorizedKeysFile      .ssh/authorized_keys

RhostsAuthentication no

PasswordAuthentication no

PermitEmptyPasswords no

```

After that your sshd will be setup for no root login and no password login only by keys...

Every users you want grant access must create an ssh keys (created with ssh-keygen)

then you will just need to add the public key of that user to your computer with sshd running to .authorized_keys

ie: 

```

cat bobcomputer_rsakey.pub >> /home/john/.ssh/authorized_keys

```

Will allow user bob to access your computer as john user...

seems the safest, until someone stole bob's id_rsa & id_rsa.pub  :Razz: 

yeah EDIT again:

and to access it, bob will do...

bob> ssh john@computer.ip

----------

## hamaker

I've got it running! 

Thanks for the help. I think I'll be able to sleep tonight   :Very Happy: 

With an aditional AllowUsers I feel like nothing can happen to me...

----------

