Everyone says you need to install SSH on your raq and disable telenet.
OK, where's a tutorial on this? I am completely ignorant.
Full Version: The skinny on SSH
I guess there's no tutorial because there's not much to do...
I installed the SSH pkg.
Went to the server management control panel for web services turned off telenet.
Downloaded a free SSH client for my Mac, logged in securely!
Tested to see if telenet would work, and got a 'no services', so Telenet is disabled.
Whew, that was easy, took about 10 minutes.
I installed the SSH pkg.
Went to the server management control panel for web services turned off telenet.
Downloaded a free SSH client for my Mac, logged in securely!
Tested to see if telenet would work, and got a 'no services', so Telenet is disabled.
Whew, that was easy, took about 10 minutes.
When you generate your key file, where do you save it to on the server?
I'm not sure where you put the key, but you don't have to use it. From what I understand, the key will just keep you from having to type your password in.
Unless you machine is very secure (the one you'll be ssh'ing from not the RaQ) I would not use the key. Anyone can walk up to your machine and ssh in.
Frank
Unless you machine is very secure (the one you'll be ssh'ing from not the RaQ) I would not use the key. Anyone can walk up to your machine and ssh in.
Frank
Let me add a dumb question to this.....
I know with telnet a user who is a site admin and has telnet access can browse all the sites on the box, does SSH stop that from happening???
And also, how do I determine who has SSH access?? Does every user get SSH access with thier username and password or what?
Thanks,
I know with telnet a user who is a site admin and has telnet access can browse all the sites on the box, does SSH stop that from happening???
And also, how do I determine who has SSH access?? Does every user get SSH access with thier username and password or what?
Thanks,
You can control who has ssh access by checking shell access next to their account.
This sounds funny, but what you do is turn off telnet at the server level (via the control panel) but turn on shell access to which ever users you want to have it. Because telnet is off, they can not telnet in, but the ssh is still active, so that works.
If you don't give them shell access, as soon as they entier their id/password they will get kicked out with a message that they do not have shell access.
ssh does not do anything to keep them out of directories. Normal unix permissions do that.
The only difference between telnet and ssh is that all ssh traffic is encrypted.
Frank
This sounds funny, but what you do is turn off telnet at the server level (via the control panel) but turn on shell access to which ever users you want to have it. Because telnet is off, they can not telnet in, but the ssh is still active, so that works.
If you don't give them shell access, as soon as they entier their id/password they will get kicked out with a message that they do not have shell access.
ssh does not do anything to keep them out of directories. Normal unix permissions do that.
The only difference between telnet and ssh is that all ssh traffic is encrypted.
Frank
More questions,
Why is telenet so easy to easedrop and ftp/http isn't?
Don't you ftp into your server with your same admin/root login? Isn't that a risk?
And the admin panel of the raq isn't encrypted either, why can't that be snooped?
Why is telenet so easy to easedrop and ftp/http isn't?
Don't you ftp into your server with your same admin/root login? Isn't that a risk?
And the admin panel of the raq isn't encrypted either, why can't that be snooped?
ftp/http is insecure.
Very secure sites don't allow ftp. They make you use scp (secure copy). On the PC there are a few ftp programs that allow this protocal. There is also a program called pscp.
HTTP is not secure unless is running with SSL (secure socket layers). Unless you are passing passwords/credit card info, you really don't need SSL for web pages.
Yes you are passing your admin id/password in an insecure method. There is documentation in the RaQ manual on how to setup the admin page with a secure connection.
Frank
Very secure sites don't allow ftp. They make you use scp (secure copy). On the PC there are a few ftp programs that allow this protocal. There is also a program called pscp.
HTTP is not secure unless is running with SSL (secure socket layers). Unless you are passing passwords/credit card info, you really don't need SSL for web pages.
Yes you are passing your admin id/password in an insecure method. There is documentation in the RaQ manual on how to setup the admin page with a secure connection.
Frank
They all can be snooped...ftp username and information is sent in plain text...so is httpd information.
There are some secure ftp programs out there, but most people are still waiting for the sftp package from openssh.
I would suggest generating a self signed Cert for your main site on the rack. Then your site admin information will be encrypted.
.02
There are some secure ftp programs out there, but most people are still waiting for the sftp package from openssh.
I would suggest generating a self signed Cert for your main site on the rack. Then your site admin information will be encrypted.
.02
QUOTE
Originally posted by ffeingol
You can control who has ssh access by checking shell access next to their account.
This sounds funny, but what you do is turn off telnet at the server level (via the control panel) but turn on shell access to which ever users you want to have it. Because telnet is off, they can not telnet in, but the ssh is still active, so that works.
If you don't give them shell access, as soon as they entier their id/password they will get kicked out with a message that they do not have shell access.
ssh does not do anything to keep them out of directories. Normal unix permissions do that.
The only difference between telnet and ssh is that all ssh traffic is encrypted.
Frank
You can control who has ssh access by checking shell access next to their account.
This sounds funny, but what you do is turn off telnet at the server level (via the control panel) but turn on shell access to which ever users you want to have it. Because telnet is off, they can not telnet in, but the ssh is still active, so that works.
If you don't give them shell access, as soon as they entier their id/password they will get kicked out with a message that they do not have shell access.
ssh does not do anything to keep them out of directories. Normal unix permissions do that.
The only difference between telnet and ssh is that all ssh traffic is encrypted.
Frank
Frank,
Thanks for this information as I have been looking for this kind of stuff for a while now. But what about the Raqs owner/admin, you know, the guy who gets the dedicated account and decides to be a host. Do they also lose the capability to telnet into their customer's accounts to fix file ownership problems and whatnot?
On my machine, my home account (/home/sites/home) has shell accounts disabled, but I'm allowed to ssh in as admin.
The only way you would loose shell access to the box as admin, is to turn off telnet in the GUI and not have installed the SSH pkg.
Also, you can't 'Telnet into customer's accounts'. You telnet into the machine with a username/password. Depending on the username/password, your limited to the usual unix permissions set for that username.
Not quite sure if thats the answer to the question you had, hope I've helped!
The only way you would loose shell access to the box as admin, is to turn off telnet in the GUI and not have installed the SSH pkg.
Also, you can't 'Telnet into customer's accounts'. You telnet into the machine with a username/password. Depending on the username/password, your limited to the usual unix permissions set for that username.
Not quite sure if thats the answer to the question you had, hope I've helped!
QUOTE
Originally posted by driverdave
On my machine, my home account (/home/sites/home) has shell accounts disabled, but I'm allowed to ssh in as admin.
The only way you would loose shell access to the box as admin, is to turn off telnet in the GUI and not have installed the SSH pkg.
Also, you can't 'Telnet into customer's accounts'. You telnet into the machine with a username/password. Depending on the username/password, your limited to the usual unix permissions set for that username.
Not quite sure if thats the answer to the question you had, hope I've helped!
On my machine, my home account (/home/sites/home) has shell accounts disabled, but I'm allowed to ssh in as admin.
The only way you would loose shell access to the box as admin, is to turn off telnet in the GUI and not have installed the SSH pkg.
Also, you can't 'Telnet into customer's accounts'. You telnet into the machine with a username/password. Depending on the username/password, your limited to the usual unix permissions set for that username.
Not quite sure if thats the answer to the question you had, hope I've helped!
Okay, thanks I think I've got it. So you can SSH to the box as admin and get the same access as a super user (i.e. su to root kind of thing). Then if I have to, say for instance chown some customer's files because they've screwed things all up by selecting multiple admins in their CP (this is soooo common), I can get into their accounts via their user ID, etc. to make corrections. Right?
Now all I have to do is find some good low cost (as in no cost) SSH client programs to offer evey one who needs telnet-like access, then I'll be set,,,,, I think.
Thanks again.
The user admin only has access to files set by unix permissions. But on the cobalt, admin and root have the same pass, so you just su to root (superuser), then you can do anything you like 
Free SSH clients
- windows I use putty.exe
- mac Nifty Telnet
Check out tucows.com for the download.
Free SSH clients
- windows I use putty.exe
- mac Nifty Telnet
Check out tucows.com for the download.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.