Subtitles of the Movie

Let's take a look at configuring Secure Shell on our Linux clients. Now, SSH as it's installed, will meet most of your needs because it's configured to standards. However, you can also configure to suite the particular needs you have on your network, such as changing the port that the network protocol uses and so forth. And also changing authentication and user options. Now, SSH is configured in Linux like most other services are; through text-based configuration files. Now, these can be a little hairy to get to and to configure if you don't now what you're doing but they're easy to look at and easy actually to edit with any text editor. Now, to start the SSH service, if it's not started automatically when the computer boots up, you just go to your prompt and in this case I have the prompt for Computer A listed and just type in Service SSHD Start. That's starts the SSH service. Now, if you want to configure the service itself, there's a file you need to edit and again, any text editor will do and that's in /etc.,/ SSH, /SSHD underscore config. That file will edit the service itself. Now, there's a client configuration also and it looks similar to the other configuration file for the service but notice the absence of the D. To configure the client, you simply edit the /etc. /SSH /SSH underscore config file. Again, notice the difference between those two files. There's no D in the client configuration file. Now, of course if you're not the Command Line junkie that a lot of us are, there are GUI applications and front ends that are also available that you can use instead of the Command Line. So you don't really have to learn those Command Line things and how to edit those files. There are some GUIs out there and I'm going to demonstrate one to you shortly as well. For now let's go ahead and do a demonstration on viewing the SSH configuration files, just so you can kind of see what they look like. We're not going to actually edit them. We're just going to give you an idea of what they look like and what they have in them. OK, we're in our Open SUSE 11 box. We're in ComputerA, as a matter of fact. Let's go ahead and open up a terminal and we're going to look at a couple of these configuration files that we have. Let's just go ahead and cat these files and basically using cat we can look at them. We're going to look at /etc., /SSH, /SSHD underscore config first and if you remember correctly, that is the configuration file for the service itself. So we're going to go ahead and look at that file and there's a lot of thing in there, but actually it's not too hard to read it. There's some preliminary information up front and notice that it's a text file and everything is based, just text. That's all you do is edit particular values in some of these headings and so forth. Now, if it's a comment or if it's not used, it's proceeded by a hash mark, as you can see right there. So a lot of this information right here is proceeded by hash marks and you've got some information down here that's not active because it's proceeded by the hash mark so it's actually not in use. If you actually go down a little bit, the first thing that you see that's actually active is Protocol 2 and what that does is make sure that you have the Protocol 2 version of SSH running versus the unsecure Protocol version 1. There are some other interesting things down through here that you can edit as well; logging, authentication, information, so forth. There's a lot of different things. My recommendation is that unless you know what you're doing and unless you have a particular need to edit this file, I wouldn't because like I said, by and large SSH is configured to be what you want right out of the box. Unless you've got some strange and interesting configuration options on your network that you want such as a different port number and so forth, you probably don't ever need to edit this. But just in case you do, I'm just giving you an idea of what different options you can have. There's a lot of security options in here. There's a lot of networking options in here as well. Most of the options for the client settings, however, are in a different configuration file. They are actually in the client configuration file /etc. /SSH /SSH underscore conf. Again, notice that there's no D in there with the SSH there. That will give you the client configuration file itself and there's a lot in there. And what we want to look at specifically is that there's some preliminary information that explains how everything works and it tells you how the data is parsed, of course. The first thing we see is the host. That's not commented out. And that's because you can use SSH client from any host by default. You can put particular hosts in there if you like to limit that. There's different settings in here. Again, most of the security and networking options, a lot of those are commented out. Notice that Protocol 2 is not so we're using Protocol 2. The different encryption methods you can use are in there. The different authentication methods that you can use. So there's a lot to this file as well and again, I would caution you that unless you really need to play with it, I wouldn't bother with it. Now, for all of you folks out there who don't like Command Line stuff, we've got some SSH GUI configuration tools. If you remember earlier during this course, I downloaded and installed a SSHD configuration tool to configure the SSH service. And we didn't start that up but I'm going to go ahead and show that to you now and you can see that it's a very nice GUI tool that you can use. In this case, an Open SUSE under YaST. So we've got some generic settings that we can use here. We can change the port, of course. We can change some of the server features such as Allow TCP Forwarding, X11 Forwarding so we can forward our X11 displays across SSH and we'll cover that a little bit more later, Compression and so forth. We can also look at the login settings. Permit message of the day after login, permit root login and that's a setting that we'll look at very closely when we talk about securing SSH. We can also change our authentication settings, such as password authentication, (unintelligible) authentication and public key and we can change the number of times that a person can try to login with SSH before it fails, such as that they put in the wrong password. We can also look at protocols in ciphers and talk about which versions of the SSH protocol we should be using; 2 only, 2 and 1 or 1 only. We can also look at the supported ciphers that's used or authentication encryption methods rather that's used in SSH. So actually this way is a little bit easier to manager and it's probably what a lot of you will do if you're not comfortable with the Command Line. So that's essentially all there is to configuring SSH on a Linux box. There's not much too it and again, let me emphasize, by and large a lot of these settings you don't ever need to play with because SSH works for you with other SSH implementations right out of the box.