Pick a Free OS

User login


Replacing Telnet; OpenSSH, a secure alternative

tar zxvf openssl-0.9.5a.tar.gz

cd openssl-0.9.5a



su -c "make install"


RPM: rpm -ivh openssh-2.3.0p1-1.i386.rpm <- Should be installed first

rpm -ivh openssh-clients-2.3.0p1-1.i386.rpm

rpm -ivh openssh-server-2.3.0p1-1.i386.rpm

For the tar.gz

tar zxvf openssh-2.3.0p1.tar.gz

cd openssh-2.3.0p1

./configure --sysconfdir=/etc/ssh

By default OpenSSH places the configuration files under /usr/local/etc. Using

the --sysconfdir allows you to set your own.


su -c "make install"

su -c "make host-key"

This will create the RSA and DSA host keys for your system. SSH works on

the public/private key pair method. RSA is the older format whereas DSA is

the new format and the one used by SSH2.

Enter the contrib sub-directory. There are a few files of importance here.

First is ssh.pam.generic. Most new Linux distributions use PAM for

authentication. This is a generic file that suits most distributions. A

version for Red Hat can be found in the redhat sub-directory. Copy this

file to /etc/pam.d as sshd.

cp sshd.pam.generic /etc/pam.d/sshd

Also provided here are init script for use with SuSE and Red Hat. The SuSE

directory also contains a configuration file that you should copy to


cat rc.config.sshd >> /etc/rc.config

You can use these scripts across most distributions with a few changes.

One of the changes that we needed to make to the SuSE script was to change

the path from /usr/sbin to /usr/local/sbin. Copy the startup script to

/etc/rc.d/init.d (Red Hat) /sbin/init.d (SuSE).

Now you can start the ssh daemon by

/etc/rc.d/init.d/sshd start (Red Hat)


/sbin/init.d/sshd start (SuSE)

To check whether SSH is running, telnet to port 22 on your machine. You

should see the following.


Connected to localhost.

Escape character is '^]'.



First thing that each user needs to do is create a public/private key

pair. This is done using the ssh-keygen program.

ssh-keygen -d

The command ssh-keygen is enough to prepare an RSA key for usage. The '-d'

bit makes a DSA key instead for use with SSH2. You will be asked for the

filename to store the key as. This allows you to have different

private/public key pairs for the various hosts that you will be connecting