DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 16th February 2011
MarinosK MarinosK is offline
New User
 
Join Date: Feb 2011
Posts: 2
Thanked 0 Times in 0 Posts
Default ssh server on OpenBSD

Hello all,

first post for me in this forum !

I want to setup a file server mainly for private use at home - later I might add functionality for some friends.

my prior concern is to be able to ssh in this machine so I can up/down-load files and even change things - later I might add ftp, mail and other services

I am totally newbie to the unix world in general - I have some console and even programming experience from linux and macos machines though - so I read a lot of tutorials online, asked friends and did these:

- set up a dyndns acount and my router so that it updates my ip (I tested this and it works, everytime I reboot the server and ping my alias I get my new public ip)

- forwarded port 22 in my router. not sure if it' s as supposed, but when I nmap my public ip I can see it open.

- I messed around a bit with /etc/ssh/sshd_config file and tried some several other things I found online / I tried different configurations

now

on all configurations I tried,
ssh localhost
connects me and all is ok

but
ssh myalias.dyndns.org
asks for passwd and whatever I enter it says "not permited" or sth similar

worthnoticing is that on
/usr/sbin/sshd
I get a message that the files that hold the keys for the hosts (ssh_hosts_dsa_..sth like this) could not be opened - even when my configuration was for passwd only security

anyway,

anybody could help me with a step by step guide for begginers or just a couple of advices of how to setup ssh in an OpenBSD machine ??

thx
Reply With Quote
  #2   (View Single Post)  
Old 16th February 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,612
Thanked 214 Times in 189 Posts
Default

If you are able to connect on the local loop ... but not using your dyndns domain name, this could be for a lot of reasons.

That you are prompted for a password is good, it means that you can reach the externally facing address.

If /usr/sbin/sshd cannot open files in /etc/ssh/*, that is a good reason for failed authentication. Your client cannot confirm it is communicating with the correct host. You can get a lot more information on what is happening, or not happening, by looking at logs from sshd -- you'll may find information from /var/log/authlog, /var/log/daemon, and /var/log/messages very helpful.

What do YOU get when you issue the following command as root?

# ls /etc/ssh

Because the host keys should have been created by /etc/rc during your first boot of the OS.

There's always the possibility you're connecting to an sshd daemon on your router, or another machine on your network, rather than on your OBSD machine.
Reply With Quote
  #3   (View Single Post)  
Old 16th February 2011
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,873
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by MarinosK View Post
I read a lot of tutorials online, asked friends...
First of all, welcome!

The OpenBSD culture is different. Your single best source for information is the documentation supplied by the OpenBSD project. These include:
  • the manpages.
  • information found at the project's Website, including the FAQ.
  • information uttered by project developers on the project's mailing lists.
Quote:
- forwarded port 22 in my router. not sure if it' s as supposed, but when I nmap my public ip I can see it open.
SSH can be installed & given a default configuration at installation. You will find information about this in Section 4.5.2 of the FAQ. SSH is a common service/daemon most use, so it can be set up at install time.
Quote:
- forwarded port 22 in my router. not sure if it' s as supposed, but when I nmap my public ip I can see it open.
I assume that SSH was then configured upon installation.
Quote:
- set up a dyndns acount...
Here is where you begin talking about two separate issues. One, is whether SSH is configured as you like. Two, whether DNS is configured as you like. Let us take these one at a time.

Assuming SSH is installed on multiple computers in your network, connect to each machine first by IP address. This simplifies the overall problem by taking DNS lookups out of the picture initially, & allows you to focus solely on SSH issues. Once you have tweaked the configurations via information found on the sshd(8), sshd_config(5), ssh(1), & ssh_config(5) (amongst others...) to your liking, then worry about DNS.

Lastly, we find most members on this site search/mine previous threads for information. As such, we try to keep threads on topic with a minimum of straying. Because this thread is initially on SSH issues, please keep discussion on this topic. Once you are satisfied with your SSH configuration, start a new thread on any remaining DNS issues you wish to discuss. Thanks.
Reply With Quote
  #4   (View Single Post)  
Old 16th February 2011
Oko's Avatar
Oko Oko is offline
Fsck Surgeon
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 762
Thanked 36 Times in 32 Posts
Default

Quote:
Originally Posted by ocicat View Post
Because this thread is initially on SSH issues, please keep discussion on this topic. Once you are satisfied with your SSH configuration, start a new thread on any remaining DNS issues you wish to discuss. Thanks.
SSH has no issues on OpenBSD. It just works out of box without any configuration (for most users) as long as it is enabled during the installation and as long as port 22 is open in PF.

I am assuming that it is safe to assume that the guy who posted original question is not even aware of PF which is now turn on by default with (pass all keep state default rule).

Step 1. Make sure to have

Code:
sshd_flags=" "
in /etc/rc.conf.local

Step 2. Temporary disable PF with
Code:
pfctl -d
Step 3. From the computer on the local LAN (the same 192.168.1.xxx ) try to ssh.

Once the above works turn on PF back and we will tell you how to pass in SSH traffic.

Once that is done we will explain you how to use DynDNS to solve DNS issue so that you can log into your computer from anywhere on the Web.

Last edited by Oko; 16th February 2011 at 07:13 PM.
Reply With Quote
  #5   (View Single Post)  
Old 16th February 2011
MarinosK MarinosK is offline
New User
 
Join Date: Feb 2011
Posts: 2
Thanked 0 Times in 0 Posts
Default

thx very much for the help !

I recall I' ve checked rc.conf and it had this this line - but I didn' t look at rc.conf.local

unfortunately, I' ll be away for a week,
first thing to do when I' m back is to check all these and post back

thx again !
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to build a OpenBSD server? fender0107401 OpenBSD Installation and Upgrading 6 15th October 2010 07:11 PM
Openbsd x terminal server wyginwys OpenBSD General 2 9th June 2010 12:11 PM
OpenBSD as a PPP Dialup Server jjjustjjjay OpenBSD General 2 20th April 2010 01:58 PM
OpenBSD Xterminal Server jjjustjjjay OpenBSD General 0 17th April 2010 12:46 PM
Caching-only DNS server on OpenBSD Oko OpenBSD General 1 13th September 2009 08:30 PM


All times are GMT. The time now is 05:45 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick