home       inleiding       sysadmin       services       links       bash       werk       nothing      

ssh-server (inleiding)

Als je de oefening ssh-client uitvoert, dan heb je ook al een ssh-server geïnstalleerd. En hem getest, misschien zelfs laten testen door een lesgenoot. In deze web-pagina gebruiken we de ssh-service ook om alle linux services even van dichter bij te bekijken.
 
We maken kennis met installatie, versies, executables, configuratie files en service beheer.
 
In de inleiding op linux maken we meestal gebruik van linuxmint en van ubuntu-server. Linuxmint is een afgeleide distro van ubuntu, en ubuntu is zelf debian based. In linux advanced gebruiken we ookRedhat based distro's, zoals CentOS. Die verschilt in mindere mate van ubuntu, vooral qua software administratie.

  1. zoeken van ssh-server
     
    Hoe vinden we welk pakket we moeten installeren ...
    Met aptitude search kunnen we zoeken op keywords:
    user@mint18-srv ~ $ aptitude search gdisk
    i   gdisk                           - GPT fdisk text-mode partitioning tool  
    p   gdisk:i386                      - GPT fdisk text-mode partitioning tool  

    Maar als we zoeken op ssh vinden we te veel. Zoeken op 2 zoektermen doen we als volgt:

    user@mint18-srv ~ $ aptitude search "ssh server"
     
    p   aolserver4-nssha1               - AOLserver4 module: performs SHA1 hashes Pr
    p   aolserver4-nssha1:i386          - AOLserver4 module: performs SHA1 hashes Pr
    p   openssh-server                  - secure shell (SSH) server, for secure acce
    p   openssh-server:i386             - secure shell (SSH) server, for secure acce
    p   openssh-sftp-server             - secure shell (SSH) sftp server module, for
    p   openssh-sftp-server:i386        - secure shell (SSH) sftp server module, for
    v   ssh-server                      -                                           
    v   ssh-server:i386 
    • p aan het begin van een resultaat betekent dat een packet niet geinstalleerd is
    • i betekent geïnstalleerd
    • v betekent virtueel packet
      A virtual package is a generic name that applies to any one of a group of packages, all of which provide similar basic functionality. For example, both the konqueror and firefox-esr programs are web browsers, and should therefore satisfy any dependency of a program that requires a web browser on a system, in order to work or to be useful. They are therefore both said to provide the "virtual package" called www-browser.
       
  2. installatie van ssh-server
     
    Nu we weten dat we openssh-server moeten installeren, doen we dit als volgt:
    $ sudo apt-get install openssh-server
    Reading package lists... Done
    Building dependency tree       
    Reading state information... Done
    The following additional packages will be installed:
    openssh-sftp-server
    Suggested packages:
    rssh molly-guard monkeysphere
    Recommended packages:
    ncurses-term ssh-import-id
    The following NEW packages will be installed:
    openssh-server openssh-sftp-server
    0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
    Need to get 376 kB of archives.
    After this operation, 1.021 kB of additional disk space will be used.
    Do you want to continue? [Y/n] y
    Get:1 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 openssh-sftp-server amd64 1:7.2p2-4ubuntu2.2 [38,7 kB]
    Get:2 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 openssh-server amd64 1:7.2p2-4ubuntu2.2 [338 kB]
    Fetched 376 kB in 0s (1.969 kB/s)   
    Preconfiguring packages ...
    Selecting previously unselected package openssh-sftp-server.
    (Reading database ... 225998 files and directories currently installed.)
    Preparing to unpack .../openssh-sftp-server_1%3a7.2p2-4ubuntu2.2_amd64.deb ...
    Unpacking openssh-sftp-server (1:7.2p2-4ubuntu2.2) ...
    Selecting previously unselected package openssh-server.
    Preparing to unpack .../openssh-server_1%3a7.2p2-4ubuntu2.2_amd64.deb ...
    Unpacking openssh-server (1:7.2p2-4ubuntu2.2) ...
    Processing triggers for man-db (2.7.5-1) ...
    Processing triggers for ufw (0.35-0ubuntu2) ...
    Processing triggers for systemd (229-4ubuntu17) ...
    Processing triggers for ureadahead (0.100.0-19) ...
    Setting up openssh-sftp-server (1:7.2p2-4ubuntu2.2) ...
    Setting up openssh-server (1:7.2p2-4ubuntu2.2) ...
    Creating SSH2 RSA key; this may take some time ...
    2048 SHA256:Ryo0GopuAf8pOEFJstkkEW5TeBNbiyjhYH1P8NtcoUo root@mint18-srv (RSA)
    Creating SSH2 DSA key; this may take some time ...
    1024 SHA256:F56CpIaNaELDaLSIKQQrzZnd+LCDWlD8UF2mk5ZWniI root@mint18-srv (DSA)
    Creating SSH2 ECDSA key; this may take some time ...
    256 SHA256:6f+dLmtd7PpJhmDs38FRYfFY/ELXjsYhYED5d/wD/EM root@mint18-srv (ECDSA)
    Creating SSH2 ED25519 key; this may take some time ...
    256 SHA256:gFpJg/mAqM3lCN/xcd93OOeCfWFYSNP7twFyRqXVzPc root@mint18-srv (ED25519)
    Processing triggers for systemd (229-4ubuntu17) ...
    Processing triggers for ureadahead (0.100.0-19) ...
    Processing triggers for ufw (0.35-0ubuntu2) ...

    We kunnen ssh-server testen met het commando
    $ ssh localhost
     
    vergeet niet exit te tikken als je klaar bent.
     

  3. versie van openssh-server
     
    tik het volgende in:
     
    $ dpkg -l | grep openssh
    ii  openssh-client                              1:7.2p2-4ubuntu2.2                         amd64        secure shell (SSH) client, for secure access to remote machines
    ii  openssh-server                              1:7.2p2-4ubuntu2.2                         amd64        secure shell (SSH) server, for secure access from remote machines
    ii  openssh-sftp-server                         1:7.2p2-4ubuntu2.2                         amd64        secure shell (SSH) sftp server module, for SFTP access from remote machines

     

  4. inhoud van openssh-server
     
    Met dpkg -L kunnen we alle files van een pakket op scherm brengen:
     
    user@mint18-srv ~ $ dpkg -L openssh-server

    /lib
    /lib/systemd
    /lib/systemd/system
    /lib/systemd/system/ssh.service
    /lib/systemd/system/ssh@.service
    /lib/systemd/system/ssh.socket
    /etc
    /etc/ufw
    /etc/ufw/applications.d
    /etc/ufw/applications.d/openssh-server
    /etc/default
    /etc/default/ssh
    /etc/network
    /etc/network/if-up.d
    /etc/network/if-up.d/openssh-server
    /etc/init.d
    /etc/init.d/ssh
    /etc/init
    /etc/init/ssh.conf
    /etc/pam.d
    /etc/pam.d/sshd
    /usr
    /usr/lib
    /usr/lib/tmpfiles.d
    /usr/lib/tmpfiles.d/sshd.conf
    /usr/sbin
    /usr/sbin/sshd
    /usr/share
    /usr/share/lintian
    /usr/share/lintian/overrides
    /usr/share/lintian/overrides/openssh-server
    /usr/share/apport
    /usr/share/apport/package-hooks
    /usr/share/apport/package-hooks/openssh-server.py
    /usr/share/doc
    /usr/share/doc/openssh-client
    /usr/share/doc/openssh-client/examples
    /usr/share/doc/openssh-client/examples/sshd_config
    /usr/share/man
    /usr/share/man/man5
    /usr/share/man/man5/sshd_config.5.gz
    /usr/share/man/man8
    /usr/share/man/man8/sshd.8.gz
    /usr/share/doc/openssh-server
    /usr/share/man/man5/authorized_keys.5.gz
    • libraries staan in /lib en/of /usr/lib
    • system binary executables staan in /sbin of /usr/sbin (services staan altijd in /usr/sbin)
    • in /usr/share staan docs, manpages, pictogrammen e.a.
    • in /etc staan config-files
       
      a) Voor openssh-server is de binary daemon /usr/sbin/sshd
      wikipedia: In multitasking computer operating systems, a daemon (/ˈdiːmən/ or /ˈdeɪmən/)[1] is a computer program that runs as a background process, rather than being under the direct control of an interactive user. Traditionally, the process names of a daemon end with the letter d, for clarification that the process is, in fact, a daemon, and for differentiation between a daemon and a normal computer program. For example, syslogd is the daemon that implements the system logging facility, and sshd is a daemon that serves incoming SSH connections.
       
      b) De config-file van openssh-server is /etc/ssh/sshd_config
       
  5. oefeningen op software:

    • zoek met aptitude search alle pakketten met vim op
    • zoek met aptitude search het pakket vim nox op (twee argumenten)
    • kijk met dpkg -l en grep of het pakket mc (Midnight Commander) geinstalleerd is, zoniet, installeer het
    • onderzoek het pakket mc en zijn dependency mc-data met dpkg -L
    • wat is een dependency
       
  6. oefeningen op openssh:
    • zoek met dpkg -l en grep of openssh-server is geinstalleerd
    • test met ssh localhost -- indien dit niet werkt installeer dan openssh-server
    • kijk met dpkg -L naar de inhoud van dit pakket
    • bekijk even de configfile: /etc/ssh/sshd_config
    • verander het poortnummer van sshd in de sshd_config Port=2222
      herstart de service: sudo systemctl restart sshd
      test opnieuw met ssh -p 2222 localhost en met ssh localhost