Library/Technical Support/Janova 101

How to add a Secure Access (SSH) environment

Jackson Ridenour
posted this on January 10, 2011 09:03

Synopsis:

This guide explains how to setup an SSH environment in Janova.

Applicable to:

Setting up a Linux-Based SSH Server to allow Janova to work behind a firewall.

Prerequisite:

These instructions are geared towards the Linux distribution of Ubuntu Server 10.4.  You can obtain this distribution from the following URL: http://www.ubuntu.com/server/get-ubuntu/download

How to:

  1. Make a bootable CD from the downloaded disc image or mount the image if you're going to create a Virtual Machine.
  2. Boot from the disc or image.
  3. Select "Install ubuntu server".
  4. Follow the prompts, selecting sensible options for your network environment.
  5. We suggest going with the default partition settings.
  6. Don't select any packages, just use the default settings.
  7. When the system reboots, log in using the username/password you created during the installation.

Once your Ubuntu Server has been rebooted and you’re at a shell prompt, do the following:

  1. sudo apt-get update
  2. sudo apt-get install openssh-server

Next, we will need to edit SSH configuration file.  Type the following at a shell prompt (ex. “$”):

NOTE: We are NOT security experts. These settings are only our recommendations and we don't guarantee that this will make your system secure.

  1. $ sudo nano /etc/ssh/sshd_config

NOTE:  We recommend you change Port to something other than the default, for example:

Port 2222

Next, this is required to allow the SSH tunneling:

AllowTcpForwarding yes

Now, save the file (/etc/ssh/sshd_config). Press “Control-x” and then follow the prompt to save.

Next, restart the ssh service:

  1. $ sudo /etc/init.d/ssh restart

The following instructions assume that you are logged in as the user that you would like to grant Janova access to. If you need to create a different user you can obtain help by typing "man adduser". 

  1. To add a ‘janova’ user, we need to add Janova's public key to the authorized_keys file:  (Note: The echo “ssh-rsa …… “ >> ~/.ssh/authorized_keys step is all one line):

$ mkdir ~/.ssh

$ echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAu6lPYKOitDu4+O0gHWjRBmzaavNrgMiaqZR

ObHDhUgZEXJYiWq3KmT1vzoMoN+PDPEbRTvCmk6y1XXYHIQ0dK4C8VKuCCMjv3MyHxl8lkDQ

RwlZr5P3edhVbMokaw5+vSkqmELmCjH8EHe2OW4Nd3YOrgyLPVMAoYmPmwVCKrJv1EZgUbLoo

JaFoshMqLpWVNwDdZGNDneRDVnflR10KXlmRq5vDbZgOQXm2tXsORtTmWNnFJ9shLoLoACAm

g2OBhWDlQscLxFLP3DvlXTr5HjE2bxWIGiIfTren0+BatBD/x52YMUwUish+rFzoh3xoAY5NnKl9Cuk

lccjJzjDw== brian.lusenhop@janova.us" >> ~/.ssh/authorized_keys

We suggest that you verify that you can login without being prompted for a password.  In order to do that we recommend you change PasswordAuthentication to no, which will require you to add your public key to the authorized_keys file and will prevent basic password login:

  1. $ sudo nano /etc/ssh/sshd_config

    PasswordAuthentication no

Finally, save the file as before (Control-x and following the prompt) and everything should be set up!
 
Topic is closed for comments