How to: Ubuntu / Debian Linux Regenerate OpenSSH Host Keys

Posted on in Categories , , , , , , last updated February 16, 2017

How do I regenerate OpenSSH sshd server host keys stored in /etc/ssh/ssh_host_* files? Can I safely regenerate ssh host keys using remote ssh session as my existing ssh connections shouldn’t be interrupted on Debian or Ubuntu Linux? How do I regenerate new ssh server keys?

How to: Turning off SFTP server under Linux / UNIX cpanel server

Posted on in Categories , , , , , , , , , last updated October 10, 2007

Q. I’ve CentOS Linux cpanel server. I’d like to turn off SFTP server but only allow SSH for root user. How do I trun off sftp server?

A. OpenSSH / sshd reads configuration data from /etc/ssh/sshd_config. The file contains keyword-argument pairs, one per line. Lines starting with ‘#’ and empty lines are interpreted as comments. Configures an external subsystem such file transfer daemon (SFTP) done through this file only. Arguments should be a subsystem name and a command to execute upon subsystem request. The command sftp-server implements the “sftp” file transfer subsystem. sftp-server is a program that speaks the server side of SFTP protocol. sftp-server is not intended to be called
directly, but from sshd using the Subsystem option.

Disable / Turn off sftp server

Open /etc/ssh/sshd_config file:
# vi /etc/ssh/sshd_config
Find line that read as follows:
Subsystem sftp /usr/lib/openssh/sftp-server
Remove or comment out line by prefixing #:
# Subsystem sftp /usr/lib/openssh/sftp-server
Save and close the file. Restart sshd service:
# /etc/init.d/sshd restart

Linux: Openssh (ssh server) deny root user access

Posted on in Categories , , , , , , , , last updated August 2, 2007

Q. How do I block access to root user over ssh session?

A.. sshd (OpenSSH Daemon) is the daemon program for ssh. Server side ssh configuration is defined in /etc/ssh/sshd_config file.

You need to use DenyUsers option to block access to root user.

This option can be followed by a list of user name patterns, separated by spaces. Login is disallowed for user names that match one of the patterns. Only user names are valid; a numerical user ID is not recognized. By default, login is allowed for all users. If the pattern takes the form [email protected] then USER and HOST are separately checked, restricting logins to particular users from particular hosts.

Open /etc/ssh/sshd_config file

Use vi command:
# vi /etc/ssh/sshd_config

Deny root user access

Append or modify as follows to block root user:
DenyUsers root

If you want to block additional user just append names to DenyUsers
DenyUsers root, user2, user3

Save and close the file. Restart sshd service:
#/etc/init.d/sshd restart

HP-UX start or stop / restart OpenSSH SSHD service

Posted on in Categories , , last updated July 17, 2007

Q. I’ve HP-UX installed on my HP UX UNIX server. But I’m not able to start or restart the OpenSSH ssh server. How do I stop or restart sshd under HP-UX?
A. HP-UX Secure Shell uses Pluggable Authentication Module for password authentication. Server configuration file is located at /opt/ssh/etc/sshd_config.

HP-UX SSHD System Startup and Shutdown script:

/sbin/init.d/secsh {start|stop}

System startup configuration file

/etc/rc.config.d/sshd

Stop HP UX SSH Service

Type the command:
# /sbin/init.d/secsh stop

Start HP UX SSH Service

Type the command:
# /sbin/init.d/secsh start

Warning: Remote Host Identification Has Changed error and solution

Posted on in Categories , , , , , , , last updated November 22, 2016

When I run ssh command I get an error which read as follows:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
5c:9b:16:56:a6:cd:11:10:3a:cd:1b:a2:91:cd:e5:1c.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending key in /home/user/.ssh/known_hosts:1
RSA host key for ras.mydomain.com has changed and you have requested strict checking.
Host key verification failed.

How do I get rid of this message?