Home
Calendar
Map
 Home
 Computing
Library
Search
Office of Information Technology
OIT Home About OIT
Helpdesk: ECS 020 / 410-455-3838 / Email: helpdesk@umbc.edu

Configuring a Secure Shell Server

Secure Shell is a way to access your machine using encryption to protect the content of your connection to your machine. All authentication is encrypted which prevents eavesdroppers from getting your password. For further information on the benefits of Secure Shell, see this UMBC web page.

For the UMBC RedHat Distribution, several steps need to be followed to get the Secure Shell Server working. You will need to be logged in as root and perform the following steps:

  1. Install the openssh-server

    Issue the following command as root on your machine, up2date openssh-server. This command will install the latest version of openssh-server on your machine.

  2. Check for Updates

    After you have installed the openssh-server, run up2date to check for updates. openssh-server relies on several other packages, and it is estential that these packages are updated to their latest version. Remember that this is a network service, and it is important to have the latest updates installed on your machine. The safety of your machine will depend on you keeping your machine updated with the latest patches.

  3. Modify the Firewall Configuration

    The firewall configuration needs to be modified to allow access to the Secure Shell Server. Change your /etc/sysconfig/iptables to the following (the bold line needs to be added to the file). Note that ORDER IS EXTREMELY IMPORTANT, the line in bold must be added in the exact location displayed below: 

    # Firewall configuration written by redhat-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT --protocol tcp --destination-port 22 -j ACCEPT
-A RH-Firewall-1-INPUT --protocol tcp --destination-port 1024: -j ACCEPT
-A RH-Firewall-1-INPUT --protocol udp --destination-port 1024: -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
  4. Reboot the Machine

    The machine needs to be rebooted for the Firewall changes to take effect.

This will allow you to access this machine using the ssh protocol.

Further Information about Secure Shell

To learn more about Secure Shell, please consult the man pages that are installed with the openssh and openssh-server packages. Look at the man pages for ssh, and scp. Further information can be obtained at the Openssh Website.

Previous
  1. Introduction
  2. Recommended Hardware
  3. Installing UMBC RedHat
  4. Updating RedHat
  5. Post Install Configuration
    1. Printing Configuration
    2. Sound Configuration
    3. Network Configuration
    4. PPP Configuration
    5. Installing a Secure Shell Server
  6. UMBC RedHat Errata
 Next
UMBC RedHat Maintainer
Last modified: Mon Sep 13 17:40:35 EDT 2004