InterWorx SSH Guide =================== History ------- Historically, before the implementation of SSH (Secure Shell), computers on the Internet were controlled remotely through such insecure protocols as rsh, rexec, and telnet (which sends data in plaintext). This obviously caused massive security issues as data such as passwords were sent via plaintext and could be intercepted via packet analysis. SSH fixed this vulnerability by providing a cryptographically secure public-key cryptography protocol to control remote computers on the Internet. InterWorx provides an graphical control for SSH to make life easier for the server administrator. Shell Users graph ----------------- .. figure:: /images/nodeworx/ssh/ssh-graph.png :alt: ssh rrd graph ssh rrd graph At the top, you can see a graph of the number of active SSH sessions by time. This can be useful for the server administrator who wants to track how many shell users are active at specific times. This graph can be toggled on and off, and updated via the buttons below. SSH Server Control ------------------ .. figure:: /images/nodeworx/ssh/ssh-control.png :alt: SSH control SSH control Status ^^^^^^^ This table shows the status of the SSH server and allows you to stop, start or restart the SSH server. Start on boot-up ^^^^^^^^^^^^^^^^ If set to “Yes”, SSH will be automatically started when the server starts up. This is recommended to be set to Yes so that if your server dies or is rebooted, you will have remote shell access available, rather than having to physically be at the server to control it. Auto-restart SSH ^^^^^^^^^^^^^^^^ With this option on you can have SSH restarted automatically if SSH goes down unexpectedly. SSH Server Info --------------- .. figure:: /images/nodeworx/ssh/ssh-info.png :alt: ssh info ssh info Version ^^^^^^^ The version of SSH installed on this system. SSHD Config File Syntax ^^^^^^^^^^^^^^^^^^^^^^^ This tells you whether there are any syntax errors in your sshd_config file. If there are, you can click on the details link to see where the problem lies. This is recomended for advanced users who need atypical SSH configurations. SSH Server Options ------------------ .. figure:: /images/nodeworx/ssh/ssh-options.png :alt: ssh options ssh options Port ^^^^ This is the port that shell users will connect to, by default this is port 22. Allow Root Login Sets whether the root user can login via ssh. Yes """" Root user is permitted to login Without Password """""""""""""""" Disables password authentication for the root user Forced Command Only """""""""""""""""""" Login is allowed but only if a command option was specified. Example: ssh root@test.com uptime No """ Root user is not permitted to login Loglevel ^^^^^^^^ Sets the verbosity that is used when logging sshd messages Privilege Seperation ^^^^^^^^^^^^^^^^^^^^ Toggles privilege separation. Used to prevent privilege escalation during the authentication process. Two Potential Configurations ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If you plan on giving SiteWorx users shell access, you should make sure to set the port to its default of 22. This is the standard that most end users will be used to. If SSH is set to listen on port 22, then you should set Allow Root Login to either No or Without Pass. http://www.linuxproblem.org/art_9.html Passwordless SSH is more secure and ties your root login to a single computer with the correct keys. If you don’t plan on giving SiteWorx users shell acces, then you may want to Allow Root Login to yes but set the port to something arbitrary but not in use by another service on your system. http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers For example, a potential port to use is 2220. Current Shell Sessions ---------------------- This table shows the shell sessions currently active. Including the following information: User ^^^^^ Shell user currently logged in. From ^^^^^ The IP address the shell user is currently logged in from. Time The time the shell user logged in. Idle Time ^^^^^^^^^^ The amount of time the shell user has been idle. Command ^^^^^^^^ The current command the shell user is running. This box can also be used to Terminate active SSH sessions.