ssh server on OpenBSD

[MarinosK]

Hello all,

first post for me in this forum !

I want to setup a file server mainly for private use at home - later I might add functionality for some friends.

my prior concern is to be able to ssh in this machine so I can up/down-load files and even change things - later I might add ftp, mail and other services

I am totally newbie to the unix world in general - I have some console and even programming experience from linux and macos machines though - so I read a lot of tutorials online, asked friends and did these:

- set up a dyndns acount and my router so that it updates my ip (I tested this and it works, everytime I reboot the server and ping my alias I get my new public ip)

- forwarded port 22 in my router. not sure if it' s as supposed, but when I nmap my public ip I can see it open.

- I messed around a bit with /etc/ssh/sshd_config file and tried some several other things I found online / I tried different configurations

now

on all configurations I tried,
ssh localhost
connects me and all is ok

but
ssh myalias.dyndns.org
asks for passwd and whatever I enter it says "not permited" or sth similar

worthnoticing is that on
/usr/sbin/sshd
I get a message that the files that hold the keys for the hosts (ssh_hosts_dsa_..sth like this) could not be opened - even when my configuration was for passwd only security

anyway,

anybody could help me with a step by step guide for begginers or just a couple of advices of how to setup ssh in an OpenBSD machine ??

thx

[jggimi]

If you are able to connect on the local loop ... but not using your dyndns domain name, this could be for a lot of reasons.

That you are prompted for a password is good, it means that you can reach the externally facing address.

If /usr/sbin/sshd cannot open files in /etc/ssh/*, that is a good reason for failed authentication. Your client cannot confirm it is communicating with the correct host. You can get a lot more information on what is happening, or not happening, by looking at logs from sshd -- you'll may find information from /var/log/authlog, /var/log/daemon, and /var/log/messages very helpful.

What do YOU get when you issue the following command as root?

# ls /etc/ssh

Because the host keys should have been created by /etc/rc during your first boot of the OS.

There's always the possibility you're connecting to an sshd daemon on your router, or another machine on your network, rather than on your OBSD machine.

[ocicat]

Quote:

Originally Posted by MarinosK

I read a lot of tutorials online, asked friends...

First of all, welcome!

The OpenBSD culture is different. Your single best source for information is the documentation supplied by the OpenBSD project. These include:

• the manpages.
• information found at the project's Website, including the FAQ.
• information uttered by project developers on the project's mailing lists.

Quote:

- forwarded port 22 in my router. not sure if it' s as supposed, but when I nmap my public ip I can see it open.

SSH can be installed & given a default configuration at installation. You will find information about this in Section 4.5.2 of the FAQ. SSH is a common service/daemon most use, so it can be set up at install time.

Quote:

- forwarded port 22 in my router. not sure if it' s as supposed, but when I nmap my public ip I can see it open.

I assume that SSH was then configured upon installation.

Quote:

- set up a dyndns acount...

Here is where you begin talking about two separate issues. One, is whether SSH is configured as you like. Two, whether DNS is configured as you like. Let us take these one at a time.

Assuming SSH is installed on multiple computers in your network, connect to each machine first by IP address. This simplifies the overall problem by taking DNS lookups out of the picture initially, & allows you to focus solely on SSH issues. Once you have tweaked the configurations via information found on the sshd(8), sshd_config(5), ssh(1), & ssh_config(5) (amongst others...) to your liking, then worry about DNS.

Lastly, we find most members on this site search/mine previous threads for information. As such, we try to keep threads on topic with a minimum of straying. Because this thread is initially on SSH issues, please keep discussion on this topic. Once you are satisfied with your SSH configuration, start a new thread on any remaining DNS issues you wish to discuss. Thanks.

[Oko]

Quote:

Originally Posted by ocicat

Because this thread is initially on SSH issues, please keep discussion on this topic. Once you are satisfied with your SSH configuration, start a new thread on any remaining DNS issues you wish to discuss. Thanks.

SSH has no issues on OpenBSD. It just works out of box without any configuration (for most users) as long as it is enabled during the installation and as long as port 22 is open in PF.

I am assuming that it is safe to assume that the guy who posted original question is not even aware of PF which is now turn on by default with (pass all keep state default rule).

Step 1. Make sure to have

Code:

sshd_flags=" "

in /etc/rc.conf.local

Step 2. Temporary disable PF with

Code:

pfctl -d

Step 3. From the computer on the local LAN (the same 192.168.1.xxx ) try to ssh.

Once the above works turn on PF back and we will tell you how to pass in SSH traffic.

Once that is done we will explain you how to use DynDNS to solve DNS issue so that you can log into your computer from anywhere on the Web.

[MarinosK]

thx very much for the help !

I recall I' ve checked rc.conf and it had this this line - but I didn' t look at rc.conf.local

unfortunately, I' ll be away for a week,
first thing to do when I' m back is to check all these and post back

thx again !