HostedDB - Dedicated UNIX Servers
Securing-Optimizing-RH-Linux-1_2_171
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 171 Linux SSH1 Client/Server Overview As illustrated in chapter 2 “Installation of your Linux Server” many network services including but not limited to “telnet”, “rsh”, “rlogin”, and “rexec” are vulnerable to electronic eavesdropping. Telnet is indispensable for daily administration task but are insecure, so we  must find another way or program to replace it. Fortunately SSH is a truly seamless and secure replacement of old, insecure remote login programs such as telnet, rlogin, rsh, rdist, or rcp. According to the official SSH (Secure Shell) site: SSH is the secure login program that revolutionized remote management of networks hosts over the Internet. It is a powerful, very easy-to-use program that uses strong cryptography for protecting all transmitted confidential data, including passwords, binary files, and administrative commands. The major benefit of SSH1 is that it is completely free for both end users and commercial companies. In our configuration we are configured sshd1 to support tcp-wrappers (the inetd super server) for more security. SSH2 was originally free but is now under a commercial license, it is recommended to use SSH1 (free) instead of SSH2 (commercial). We provide in our book the both versions. These installation instructions assume  Commands are Unix-compatible. The source path is “/var/tmp” (other paths are possible). Installations were tested on RedHat Linux 6.1. All steps in the installation will happen in superuser account “root”. Ssh1 version number is 1.2.27 Packages SSH1 Homepage: http://www.ssh.fi/ You must be sure to download: ssh-1.2.27.tar.gz Tarballs It is a good idea to make a list of files on the system before you install ssh1, and one afterwards, and then compare them using ‘diff’ to find out what file it placed where. Simply run ‘find /* > ssh1’ before and ‘find /* > ssh2’ after you install the software, and use ‘diff ssh1 ssh2 > ssh’ to get a list of what changed. Compilation Decompress the tarball (tar.gz). [root@deep /]# cp ssh-version.tar.gz /var/tmp [root@deep /]# cd /var/tmp [root@deep tmp]#  tar xzpf ssh-version.tar.gz Compile and Optimize Cd into the new Ssh1 directory and type the following commands on your terminal: CC="egcs" \