Home
Calendar
Map
 Home
 Computing
Library
Search
Office of Information Technology
OIT Home About OIT
Helpdesk: ECS 020 / 410-455-3838 / Email: helpdesk@umbc.edu

Configuring a Secure Shell Server

Secure Shell is a way to access your machine using encryption to protect the content of your connection to your machine. All authentication is encrypted which prevents eavesdroppers from getting your password. For further information on the benefits of Secure Shell, see this UMBC web page.

For the UMBC RedHat Distribution, several steps need to be followed to get the Secure Shell Server working. You will need to be logged in as root and perform the following steps:

  1. Retrieve the openssh-server RPM

    The openssh-server RPM can be downloaded from mirrors.umbc.edu. The RPM is located in /pub/linux/7.3/en/os/i386/RedHat/RPMS/openssh-server-3.1p1-3.i386.rpm. If you do not have access to mirrors.umbc.edu, you may use any of the RedHat mirrors to retrieve the above RPM.

  2. Install the openssh-server

    Once you have downloaded the openssh-server RPM, you can install openssh-server with rpm -i <filename> where <filename> is the RPM file.

  3. Check for Updates

    After you have installed the openssh-server RPM, run up2date to check for updates to the openssh-server package. This is a network service that will be accessible to many users on the Internet, and it is very important that you keep this package updated with all the latest security fixes.

  4. Modify the Firewall Configuration

    The firewall configuration needs to be modified to allow access to the Secure Shell Server. Change your /etc/sysconfig/ipchains to the following (the bold line needs to be added to the file). Note that ORDER IS EXTREMELY IMPORTANT, the line in bold must be added in the exact location displayed below: 

    # Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
:input ACCEPT
:forward ACCEPT
:output ACCEPT
-A input -s 0/0 -d 0/0 123 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 123 -p udp   -j ACCEPT
-A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth0 -j ACCEPT
-A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth1 -j ACCEPT
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -p tcp -s 0/0 -d 0/0 22 -y -j ACCEPT
-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT
-A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT
-A input -p udp -s 0/0 -d 0/0 2049 -j REJECT
-A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 7100 -y -j REJECT
  5. Reboot the Machine

    The machine needs to be rebooted for the Firewall changes to take effect.

This will allow you to access this machine using the ssh protocol.

Further Information about Secure Shell

To learn more about Secure Shell, please consult the man pages that are installed with the openssh and openssh-server packages. Look at the man pages for ssh, and scp. Further information can be obtained at the Openssh Website.

Previous
  1. Introduction
  2. Recommended Hardware
    1. Modem Configuration
  3. Installing UMBC RedHat
  4. Updating RedHat
  5. Post Install Configuration
    1. Printing Configuration
    2. Sound Configuration
    3. Network Configuration
    4. PPP Configuration
    5. Installing a Secure Shell Server
UMBC RedHat Maintainer
Last modified: Fri Feb 4 16:50:19 EST 2005