Installing OpenSSH – less restrictive than sshOpenSSH is now part of the base system of FreeBSD. Don’t bother with this article unless you really want to install the port. In which case, you’ll want to add the following line to
This article talks about how I installed OpenSSH. SSH is a secure shell.
The home page for OpenSSH is http://www.OpenSSH.com/.
OpenSSH is an implementation of the ssh protocol with a less restrictive license. Read the full details at http://www.OpenSSH.com/features.html but in short, OpenSSH "can be used for any and all purposes, and that explicitly includes commercial use". So, if you want secure communcations, I recommend OpenSSH.
OpenSSH uses the SSH protocol. SSH is more secure than telnet, which uses clear text (even for your password!).
To see more about ssh, please read http://securityportal.com/direct.cgi?/research/ssh-part1.html.
Why OpenSSH?The main reason is the license. I wanted the freedom to use SSH for commercial purposes. I had previously installed ssh as my secure shell. So I removed ssh and installed.
The removalTo remove ssh, I did the following:
cd /usr/ports/security/ssh make deinstall
The installRemember, I have the entire ports tree installed. So it was easy:
cd /usr/ports/security/openssh make make install
Running OpenSSHThis was very hard!
# ssh ducky The authenticity of host 'ducky.yourdomain.org' can't be established. Key fingerprint is 1024 be:2f:f5:17:b5:aa:c8:73:7d:18:10:d0:14:2e:3d:64. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ducky.yourdomain.org,10.0.0.1' to the list of known hosts. firstname.lastname@example.org's password: Last login: Sat Dec 4 13:45:19 1999 from synergy.yourdomain.org Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 3.1-STABLE (IPFILTER3) #1: Tue Nov 16 00:49:44 NZDT 1999 Welcome to FreeBSD! If the doc distribution has been loaded on this machine, the FreeBSD Handbook will be in file:/usr/share/doc/handbook and the FAQ in file:/usr/share/doc/FAQ Type /stand/sysinstall to re-enter the installation and configuration utility. [root@ducky:~] #
OK. That works for outgoing connections. Now what about incoming connections?
# ssh synergy Secure connection to synergy refused; reverting to insecure method. Using rsh. WARNING: Connection will not be encrypted. synergy.yourdomain.org: Connection refused
Well, that’s probably because sshd is not running on synergy. So let’s check and see if it is running:
# ps -auwx | grep sshd root 20717 0.0 5.7 948 492 p0 S+ 12:50PM 0:00.10 grep sshd
No, it’s not running. So let’s start sshd.
[root@synergy:/usr/ports/security/openssh] # cd /usr/local/etc/rc.d [root@synergy:/usr/local/etc/rc.d] # ls 00ipf.sh innd.sh proftpd.sh.sample apache.sh proftpd.sh sshd.sh
Above you can see the scripts in the local startup directory. So let’s use the one for sshd.
[root@synergy:/usr/local/etc/rc.d] # ./sshd.sh
We check again to see if sshd is now running..
[root@synergy:/usr/local/etc/rc.d] # ps -auwx | grep sshd root 20724 88.4 12.2 1624 1060 ?? Rs 12:51PM 0:08.08 /usr/local/sbin/sshd root 20728 0.0 5.7 948 492 p0 S+ 12:51PM 0:00.07 grep sshd
Trying connection again:
# ssh synergy -l dan Host key not found from the list of known hosts. Are you sure you want to continue connecting (yes/no)? yes Host 'synergy' added to the list of known hosts. dan@synergy's password: Last login: Sun Dec 5 11:44:48 1999 from ducky Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 3.3-RELEASE (SYNERGY) #0: Sat Dec 4 17:43:41 NZDT 1999
OK! There we go. Up and running just fine.
ConfigurationI’ve not done any configuration of OpenSSH, but I did notice the following two files during the install:
My uneducated guess is these are for the ssh and sshd programs respectively.
Klaus A. Brunner wrote to tell me about the blowfish option on OpenSSH. Klause wrote:
I change the preferred ssh cipher to blowfish. By default, ssh uses 3DES, which is MUCH slower and probably not safer anyway. If you’re doing lots of large scp transfers over moderately fast networks, you’ll definitely notice a difference./usr/local/etc/ssh_config: ... Cipher blowfish ...
ssh clientsI’ve seen several Windows clients which do ssh.
SecureCRT: http://www.vandyke.com/ TTSSH: http://www.zip.com.au/~roca/ttssh.html PuTTY: http://www.chiark.greenend.org.uk/~sgtatham/putty.html SecureShell: http://public.srce.hr/~cigaly/ssh/