Setting up a SSH server: Difference between revisions

From Alpine Linux
m (Updated for post-Alpine 1.8 and formatting)
Line 2: Line 2:
If you need to administer a Alpine Linux box, you can install and use openssh.<BR>
If you need to administer a Alpine Linux box, you can install and use openssh.<BR>
Openssh is used to provide a secure encrypted communications between you and the host where openssh is running (the ssh-server is called ''sshd'' and the ssh-client is called ''ssh'').
Openssh is used to provide a secure encrypted communications between you and the host where openssh is running (the ssh-server is called ''sshd'' and the ssh-client is called ''ssh'').
== Initial Setup ==
We assume you are running a ''alpine-1.8.x''. If not, please follow [http://wiki.alpinelinux.org/w/index.php?title=Installing_Alpine Installing_Alpine] on how to setup Alpine.


== Install programs ==
== Install programs ==
Installing programs in Alpine Linux is easy.<BR>
Install package:<BR>
In this case we only need to install one program:
  apk add openssh
  apk_add openssh


'''''Note:''' If you want the ACF-frontend for openssh, you should install 'acf-openssh' instead (assuming that you have setup-webconf)''
'''''Note:''' If you want the ACF-frontend for openssh, you should install 'acf-openssh' instead (assuming that you have setup-webconf)''
Line 17: Line 13:
  rc-update add sshd
  rc-update add sshd


You can check your boot sequence:
You can check your boot services:
  rc_status
  rc_status


== Start it up now ==
== Start it up now ==
The reason we want to manually start ''sshd'' at this moment is...<BR>
The reason we want to manually start ''sshd'' at this moment is that we want ''sshd'' to create some initial files that he needs. After they are created, we can permanently save them.<BR>
We want ''sshd'' to create some initial files that he needs. After they are created, we can permanently save them.<BR>
Next reason is... we don't have time to wait for the box to reboot ;-)
Next reason is... we don't have time to wait for the box to reboot ;-)
  /etc/init.d/sshd start
  /etc/init.d/sshd start

Revision as of 23:12, 12 August 2010

General

If you need to administer a Alpine Linux box, you can install and use openssh.
Openssh is used to provide a secure encrypted communications between you and the host where openssh is running (the ssh-server is called sshd and the ssh-client is called ssh).

Install programs

Install package:

apk add openssh

Note: If you want the ACF-frontend for openssh, you should install 'acf-openssh' instead (assuming that you have setup-webconf)

Make it autostart

Next time you reboot your Linux box, you would probably want your sshd to automatically start.

rc-update add sshd

You can check your boot services:

rc_status

Start it up now

The reason we want to manually start sshd at this moment is that we want sshd to create some initial files that he needs. After they are created, we can permanently save them.
Next reason is... we don't have time to wait for the box to reboot ;-)

/etc/init.d/sshd start

Note: Don't forget to permanently save your settings by using the 'lbu ci' command when you are done.

Fine tuning

The default config that comes with openssh has pretty good default values.
But sometimes you would like to fine-tune things. We show some examples below on what you might want to do.
Note: You are _not_ required to follow this #Fine_tuning section. You can skip it if you want to make things easy!

The fine-tuning is done by editing /etc/ssh/sshd_config
"#" marks that the rest of the line should be ignored by sshd. Everything right to the "#" is treated as comments.

UseDNS no   # By setting this to no, you could increase speed when the client starts to connect to this ssh-server
PasswordAuthentication no   # Instead you could use private/public keys to authenticate to this box (this increases security for the box)

Many other options are found in /etc/ssh/sshd_config. The describing text that comes in the same file will guide you in your fine-tuning.

Firewalling

As default, sshd will communicate on port '22' using protocol 'TCP'.
You would need to make sure that the box where sshd is running, doesn't block your connection attempts on 22TCP.
If you still have trouble accessing your box, make sure that there is no other firewall blocking your connection.

Sometimes 22TCP is blocked by some firewall that you can not control. In those cases you might want to configure sshd to communicate on some other port.
In that case you change /etc/ssh/sshd_config to reflect your needs.
But before you do so, you need to check so you don't use a port that already is in use. (You can check this by using the command 'netstat -ln' on the box where you plan to run sshd)

Port 443   # Use whatever port number that fits your needs

You need to restart sshd after you done you modifications.

/etc/init.d/sshd restart

Save settings

If you already haven't done so, save all your settings

lbu ci