Versions Compared

Old Version 34

changes.mady.by.user Stefan Paetow

Saved on

compared with

New Version 35

changes.mady.by.user Stefan Paetow

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Numberedheadings

Overview

When using OpenSSH as an SSH client, Moonshot is natively supported.

This is only true for OpenSSH as a client - if you want a Moonshot enabled OpenSSH server, see the section.

Compatibility List

Any versions of Linux not in the below list have not yet been tested. If you do so, please let us know!

OS versionCompatible?Notes
CentOS 6 
CentOS 7 
Debian 8 
RHEL 6 
RHEL 7 
Scientific Linux 6  
Ubuntu 12.04 LTS 
Ubuntu 14.04 LTS 

Installation Instructions

This software does not require any special installation instructions - install it as you normally would.

Configuration Instructions

The OpenSSH client only needs a few quick tweaks in order to enable Moonshot support.

For more information on the SSH client configuration, visit the ssh_config(5) man page.

It is worth remembering the order in which the SSH client obtains its options, and that the first configuration value found overrides any later values.

Other GSSAPI authentication mechanisms

Moonshot is a GSSAPI-based mechanism. Using any of the below configuration instructions to control Moonshot may have an undesirable effect on other GSSAPI-based mechanisms, such as Kerberos or GSI authentication.

Configuring the OpenSSH client globally

Configure the OpenSSH client to use Moonshot by editing /etc/ssh/ssh_config. Check the following lines are present and uncommented:

true

You can put these declarations in Host blocks if you wish them to only apply to some hosts.

Configuring the OpenSSH client locally

Configure the OpenSSH client to use Moonshot by editing ~/.ssh/config. Check the following lines are present and uncommented:

true

You can put these declarations in a Host block if you wish them to only apply to some hosts.

Additionally, you can change the type or order of authentication mechanisms the client tries by changing the following default option in your ~/.ssh/config file:

true

You can put your changed declaration in Host blocks if you wish it to only apply to some hosts.

For more information on how to customise the local ssh_config file to suit your preferences, visit Nerderati's page on SSH configuration. 

Configuring the OpenSSH client on the command-line

You can configure the OpenSSH client on its command-line to use Moonshot.

  1. To use GSSAPI, use the -K switch:

  2. To not use GSSAPI, use the -k switch:

  3. To change the preferred authentication mechanisms for the specific host you are connecting to, use the -o switch with the PreferredAuthentications option:

    Using public key and password authentication first

Credential forwarding and proxying

The standard OpenSSH client supports proxying. While the Moonshot standards currently do not support credential forwarding or credential delegation, we recommend using the OpenSSH ProxyCommand option together with either the netcat(1) utility or the -W option to forward your Moonshot credentials securely along the chain of hosts to authenticate with Moonshot.

  1. Configure the OpenSSH configuration to set the ProxyCommand by editing ~/.ssh/config:

    Using netcat(1)Using -WWhen using to store your credentials, you must use the -X switch in the ProxyCommand command-line to forward X11 connections.

    To create a chain of intermediate proxies, create separate Host entries to set up different proxy connections.

  2. To initiate your connection to the end host, simply connect to it with the usual command-line:

    bash

    When using the nulluser patch (included in the build of ), specifying the -l "" option will function throughout the proxy chain.

For more information on SSH proxy forwarding, see SSHMenu: Transparent Multihop.

Server Compatibility

The following servers are known to work with this server software using Moonshot authentication (click on the link to see further information about enabling Moonshot in that server):