Thanks, crazybill
Please note that the default configuration for SSH on the Obuntu Linux server does not permit logon with older versions of Putty or WinSCP. This may be a ssh1/ssh2 problem. The best solution is to upgrade the windows machines on your network with the latest versions of putty and winscp. If you are on a private network, you can change Password Authentication to text... but it is not recommended for public IP addresses. The setup testing and configuration of SSH is simple.
If you can not reach your Ubuntu server with putty or WinSCP, here is the testing procedure.
First, make sure you have the SSH service installed
# apt-get install ssh
After installing you should see SSHd as a running process with top or ps aux . If you have a lot of processes running, try
# ps aux | grep sshIf the process is running and you still can not connect, the configuration file has probably not been modified. You will need to do the following:
1. cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup (backup your sshd configuration file first)
2. vi /etc/ssh/sshd_config or gedit /etc/ssh/sshd_config from Gnome (edit your sshd_config file)
3. change PasswordAuthentication no to PasswordAuthentication yes if you want clear text passwords -- but only do this on private networks -- not on servers with public IPs.
4. Make sure your configuration does not allow root login
5. save
6. /etc/init.d/ssh restart (Restart your sshd daemon)
Now you will be able to log in to your server with putty and/or WinSCP ... or gftp from another Linux computer via port 22.
Make sure you have the latest versions of WinSCP and putty on your windows machines first. They do a better job of deciding between ssh1 and ssh2. You may not have to make any configuration changes on your Ubuntu Linux server if you do that.
I have over 400 computers on our network. Some of them were not able to log onto the server initally. This was a puzzle, at first, because some machine could log on fine and some could not. By changing the configuration to clear text passwords, some of the Windows 2K machines that could not log on with putty or WinSCP could do so.
However, when I installed the newest versions of these freeware programs, I had no problems even without clear text password authentication. Thus, I configed /etc/ssh/sshd_config back to
PasswordAuthentication no
All computers on the network (that I tested) were able to log on with both putty and WinSCP, including those that were not able to do so before.
------------------------
First, you need to install the latest versions of putty and WinSCP for your windows computer. You can download them from our FTP server ( ftp://ftp.cvc.org/putty and ftp://ftp.cvc.org/winscp.)
Putty opens up a terminal with which you can log onto your Ubuntu Linux computer.
The name comes from Put tty (tty is your terminal). When putty opens, you need to type in the IP address of your Ubuntu computer (Can I assume you know how to find this information? Type
ifconfig on your LX computer), click on SSH radio button, and make sure the port is port 22 (which is the default port for SSH). Next a terminal will open, just like the terminals on your Ubuntu computer. You use it the same. You will NOT see a Gnome desktop. You will, however, see the terminal that you would use on a Ubuntu Linux computer. A website that I made for my students (see above) gives you terminal commands and what they do.
WinSCP allows you to easliy move files between your Windows computer and your Linux computer. It produces a window on the left side which is your Windows computer (local machine) and you Ubuntu computer (remote machine) on the right side. It is easy to use and obvious. When you first open WinSCP, you type in the IP address of your Ubuntu computer, your ubuntu username, and your ubuntu password. After logging in, you navigate your Windows computer on the left and your Ubuntu computer on the right. Highlight the file you want to copy from one computer to the other and click on copy. Really easy to use.
Using SSH is a secure means to talk between computers.
If you are talking about logging onto your Ubuntu computer at home from your Windows computer at work... more information is needed. If you have a broadband connection (cable, DSL, Satellite,etc) and have a router between your home computer and your ISP connection, you will need to open a port 22 hole in your router so that you can use the router's public IP address, yet communicate with your computer. You would use the router's public IP address, not your computer's private IP address. However, if you are not using a router, type "ifconfig" in a terminal window on your Ubuntu computer. You can also type ctl-alt-F2 to get to a terminal and the ctrl-alt-F7 to return to Gnome -- or simply open a terminal window in Gnome to discover your home Ubuntu computer's IP address. Write down that IP address and that is what you would use from your work computer.
----------------------------------
vi /etc/ssh/sshd_config
or
gedit /etc/ssh/sshd_config
from Gnome (edit your sshd_config file)
Change PasswordAuthentication no to PasswordAuthentication yes if you want clear text passwords -- but only do this on private networks -- not on servers with public IPs.
If other authentication methods fail, ssh prompts the user for a password. The password is sent to the remote host for checking; however, since all communications are encrypted, the password cannot be seen by someone listening on the network.
I'm pretty sure that enabling password authentication doesn't send the password in clear text. I believe it's been disabled because of security flaws in SSH1.
One still has keyboard-interactive in SSH2, which is more or less equivalent to password authentication.
I think some ssh-clients broke because of the PasswordAuthentication no default setting because they didn't try or implement keyboard interactive.
----------------
You will want to use the TCP destination port of 22 to classify the traffic (with optionally the destination IP of the server). The source port will change and not always be the same. Ports are part of the TCP header and destination IP is of course part of the IP header.
The port SSH is listening on the server doesn't have to be 22, but that is the default pot for the SSH protocol (including sftp). It wouldn't be different from the default if you didn't have to change the port in winscp when setting up the connection.
----------------
You will want to use the TCP destination port of 22 to classify the traffic (with optionally the destination IP of the server). The source port will change and not always be the same. Ports are part of the TCP header and destination IP is of course part of the IP header.
The port SSH is listening on the server doesn't have to be 22, but that is the default pot for the SSH protocol (including sftp). It wouldn't be different from the default if you didn't have to change the port in winscp when setting up the connection.
No comments:
Post a Comment