≡ Menu

openssh

How can I run ssh (or gui over ssh) in the background after running a Linux or Unix GUI application? How do I run any UNIX x11 application in background with SSH Linux client?
[click to continue…]

Q. I've CentOS Linux cpanel server. I'd like to turn off SFTP server but only allow SSH for root user. How do I trun off sftp server?

A. OpenSSH / sshd reads configuration data from /etc/ssh/sshd_config. The file contains keyword-argument pairs, one per line. Lines starting with ‘#’ and empty lines are interpreted as comments. Configures an external subsystem such file transfer daemon (SFTP) done through this file only. Arguments should be a subsystem name and a command to execute upon subsystem request. The command sftp-server implements the “sftp” file transfer subsystem. sftp-server is a program that speaks the server side of SFTP protocol. sftp-server is not intended to be called
directly, but from sshd using the Subsystem option.

Disable / Turn off sftp server

Open /etc/ssh/sshd_config file:
# vi /etc/ssh/sshd_config
Find line that read as follows:
Subsystem sftp /usr/lib/openssh/sftp-server
Remove or comment out line by prefixing #:
# Subsystem sftp /usr/lib/openssh/sftp-server
Save and close the file. Restart sshd service:
# /etc/init.d/sshd restart

I need to provide a remote access to my Ubuntu Linux based server. How do I start / stop OR restart the ssh server under Ubuntu Linux operating system using command line options?
[click to continue…]

Q. How do I block access to root user over ssh session?

A.. sshd (OpenSSH Daemon) is the daemon program for ssh. Server side ssh configuration is defined in /etc/ssh/sshd_config file.

You need to use DenyUsers option to block access to root user.

This option can be followed by a list of user name patterns, separated by spaces. Login is disallowed for user names that match one of the patterns. Only user names are valid; a numerical user ID is not recognized. By default, login is allowed for all users. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts.

Open /etc/ssh/sshd_config file

Use vi command:
# vi /etc/ssh/sshd_config

Deny root user access

Append or modify as follows to block root user:
DenyUsers root

If you want to block additional user just append names to DenyUsers
DenyUsers root, user2, user3

Save and close the file. Restart sshd service:
#/etc/init.d/sshd restart

Q. I’ve HP-UX installed on my HP UX UNIX server. But I’m not able to start or restart the OpenSSH ssh server. How do I stop or restart sshd under HP-UX?
A. HP-UX Secure Shell uses Pluggable Authentication Module for password authentication. Server configuration file is located at /opt/ssh/etc/sshd_config.

HP-UX SSHD System Startup and Shutdown script:

/sbin/init.d/secsh {start|stop}

System startup configuration file

/etc/rc.config.d/sshd

Stop HP UX SSH Service

Type the command:
# /sbin/init.d/secsh stop

Start HP UX SSH Service

Type the command:
# /sbin/init.d/secsh start

When I run ssh command I get an error which read as follows:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
5c:9b:16:56:a6:cd:11:10:3a:cd:1b:a2:91:cd:e5:1c.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending key in /home/user/.ssh/known_hosts:1
RSA host key for ras.mydomain.com has changed and you have requested strict checking.
Host key verification failed.

How do I get rid of this message?
[click to continue…]

Q. FTP is insecure, how do I securely copy files across a network computer? My network has Windows and Linux systems.

A. You need to use Openssh client and server technology to copy between two more network computers. You can also find free ssh client tools. scp copies files between hosts on a network. It uses ssh for data transfer, and uses the same authentication and provides the same security as ssh.

Copy from Linux to Linux/UNIX system

Copy file called data.txt to ras.nixcraft.in Linux system (vivek is username):
$ scp data.txt vivek@ras.nixcraft.in:/home/vivek

Copy more than two files:
$ scp data.txt pic.jpg vivek@ras.nixcraft.in:/home/vivek
Copy /data directory and all files inside /data i.e. recursively copy entire directories:
$ scp -r /data vivek@ras.nixcraft.in:/home/vivek

Copy from Windows to Linux/UNIX system

You can download any one of the following free Windows SCP client

Just install above client and follow on screen instructions.