Configuring ssh & ftp in OpenBSD for speed and security.
OpenBSD as we all know is secure by default. This much acclaimed operating system is known for its proven approach to security with only two (2) remote holes in over ten years. I will attempt to explain how to configure and setup OpenBSD to run as an ssh and ftp server keeping the key elements of speed and security in mind.
After the initial install of OpenBSD no ports system will be installed. Installing the ports system differs from server to server but largely depends on the installation media. If the operating system was installed from a media such as a cd that was “bought” not downloaded for free it usually contains the appropriate port matching your system specifications; mount your CD and navigate to the directory containing the package “ports.tar.gz” and perform the following steps:
I. Copy the files from the CD to a temp directory with the command:
· cp /my/installation/media /tmp
2. Navigate to the location for your ports system
· # cd /usr/
3. Un-tar the files
· # tar xvzf /tmp/ports.tar.gz
When the files are un-tarred you should have a functional ports system. Alternatively if the files are available as selectable packages during installation, you can select it and let the OpenBSD installer perform all the necessary steps to make them usable.
If you performed an installation from a snapshot CD then navigate to the website where you downloaded the images from and in the snapshots folder you will usually find the required package ports.tar.gz. Download this file with the command
· # wget ftp://path /to/my/installation/source/ports.tar.gz
Since wget downloads to the current directory take note of the directory you are in; downloading to /tmp should be appropriate.
By this time you should have a properly configured ports system. Navigating to the directory “/usr/ports/” should show you all the packages that can be installed in the system. Now to install the appropriate ftp server:
· # cd /usr/ports/net/ ##navigating to the “net” folder
· # make install clean pure-ftpd ##automatically installing ftp server with all dependencies
· # pkg_info ##lists all the installed packages, pure-ftpd should be there
· # reboot ##rebooting the computer
· #kill –HUP `cat /var/run/pure-ftpd.pid` ## to restart the dameon without rebooting
On reboot, your ftp should be properly setup to use the user accounts present on the system. Additional installation options such as enabling the use of an sql database to store user account and changing root directory options can be found at the pure-ftp website.
The ssh on the other hand is much simpler to install. To avoid all the hassles you can simply answer yes to the question that asks you to enable sshd during installation. The configuration file for the sshd can edited by:
· #vi /etc/ssh/sshd_conf ##editing the ssh dameon configuration file
Please don’t edit the file unless it is absolutely necessary. The sshd comes secure by default and editing this file may introduce bugs/exploits if caution is not taken.
To start the sshd service simply edit the file rc.conf
· #vi /etc/rc.conf #replace the No on sshd_flags to “”
More commands to use for package management include the following:
- make search key=”package you are looking for”
- pkg_delete
- pkg_add
- make search name=”name of package”
- make update
- make install clean
- make clean=depends
- make uninstall
- make reinstall
- pkg_info
… fan of chuyeow?
me too. =)
Yeah….thanks for the comment