System Preparation

Add the Moonshot libraries.

If you have not already done so, you first need to follow the instructions on how to .

Add the Moonshot OpenSSH Repository

1. We've moved the OpenSSH packages from the main Moonshot repository into their own, so add the Moonshot RedHat OpenSSH repository to your system by creating a new file at /etc/yum.repos.d/moonshot-ssh.repo with the following content:

   true

2. Check that the yum-priorities plugin is enabled in your yum configuration:

   bash

3. If the plugin is not enabled, change the enabled line in /etc/yum/pluginconf.d/priorities.conf to 1.

   yum-plugin-priorities

   If the yum-plugin-priorities package is not installed, please see https://wiki.centos.org/PackageManagement/Yum/Priorities for more information.

Ensure that your hostname is correct

The channel bindings check requires that the hostname of your SSH server match the hostname people are SSHing to. That is, the output of the "hostname" and "hostname -f" commands should match the FQDN of the server. If it doesn't, change the relevant line in /etc/sysconfig/network to make it so.

Installation Instructions

1. Install the Moonshot-enabled pre-compiled OpenSSH packages using yum. This will replace the system-provided OpenSSH:

   bash

2. If you have already installed the latest version of OpenSSH from the CentOS updates repository and its version is either the same or is newer than the version in our repository, you must use the yum downgrade command to downgrade the packages to our version:

   bash

Configuration Instructions

Once installed, the Moonshot-enabled OpenSSH server will still need a few quick tweaks in order to turn on the Moonshot support.

1. Configure the OpenSSH server to use Moonshot by editing /etc/ssh/sshd_config. Check the following lines are present and uncommented:

   true

2. Now restart the OpenSSH server

3. Configure the .