Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.



Panel

RHEL 6 / CentOS 6 / Scientific Linux 6 Neither RHEL, CentOS nor Scientific Linux (RHEL/CentOS/SL 6) does not ship with a version of OpenSSH that is compatible with Moonshot (they ship with a non-Moonshot-enabled v5.3 of OpenSSH). To get Moonshot support for it, you must install a specific Moonshot-enabled version (v5. 9). We have a precompiled version available in our repositories.

Contents

Table of Contents

...

Numberedheadings

System Preparation

Add the Moonshot libraries

If you have not already done so, you first need to follow the instructions on how to .

Install the Yum priorities plug-in

Install the Yum Priorities plugin to enable repository priority management: 

bash

For more information on the yum-plugin-priorities package, please see https://wiki.centos.org/PackageManagement/Yum/Priorities

Check that the yum-priorities plugin is enabled in your yum configuration:

bash
  • If the plugin is not enabled, change the enabled line in /etc/yum/pluginconf.d/priorities.conf to 1.

  • Add the Enable the Moonshot OpenSSH Repository

    We've moved the

    The OpenSSH packages

    from the main Moonshot repository into

    have their own

    , so add the Moonshot RedHat OpenSSH repository to your system by creating a new file at 

    dedicated repository, to avoid replacing system's one when not strictly required.

    This repository needs to be manually enabled, by editing the /etc/yum.repos.d/moonshot

    -ssh

    .repo

     with the following content:

     file and setting enabled=1 for the MoonshotSSH repository.

    true

    Ensure that your hostname is correct

    The channel bindings check requires that the hostname of your SSH server match the hostname people are SSHing to. That is, the output of the "hostname" and " and hostname -f" commands  commands should match the FQDN of the server. If it doesn't, change the relevant line in /etc/sysconfig/network to make it so.

    Installation Instructions

    1. Install the Moonshot-enabled pre-compiled OpenSSH packages using yum. This will replace the system-provided OpenSSH:

      bashtrue


    2. If you have already installed the latest version of OpenSSH from the CentOS updates repository and its version is either the same or is newer than the version in our repository, you must use the yum downgrade command to switch the packages to our version:

      bashtrue


    Configuration Instructions

    Once installed, the Moonshot-enabled OpenSSH server will still need a few quick tweaks in order to turn on the Moonshot support.

    Ensure that the certificates referenced in /etc/radsec.conf can be read by the SSH user:

    bash

    If they cannot be read by the SSH user, add the SSH user to the group that can read the certificates.

    Configure the OpenSSH server to use Moonshot by editing /etc/ssh/sshd_config. Check the following lines are present and uncommented:

    true

    Now restart the OpenSSH server

    Configure the

    Follow the configuration instructions on the page to configure the server.