Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 25 Next »

RHEL 6 / CentOS 6 / Scientific Linux 6 (RHEL/CentOS/SL 6) does not ship with a version of OpenSSH that is compatible with Moonshot (they ship with a non-Moonshot-enabled v5.3 of OpenSSH). To get Moonshot support for it, you must install a specific Moonshot-enabled version (v5.9). We have a precompiled version available in our repositories.

Contents

All of the instructions below assume that you have root access, and will work as the root user (either directly or using sudo).

The instructions on this page will replace the system provided OpenSSH packages with the Moonshot enabled ones (don't worry, standard SSH things will still work!)

Following the instructions on this page will give you a Moonshot-enabled OpenSSH Server only.

1. System Preparation

1.1. Add the Moonshot libraries.

If you have not already done so, you first need to follow the instructions on how to install the Moonshot Libraries on RHEL/CentOS/SL 6.

1.2. Add the Moonshot OpenSSH Repository

  1. We've moved the OpenSSH packages from the main Moonshot repository into their own, so add the Moonshot RedHat OpenSSH repository to your system by creating a new file at /etc/yum.repos.d/moonshot.repo with the following content:

    [Moonshot-OpenSSH]
    name=Moonshot-OpenSSH
    baseurl=http://repository.project-moonshot.org/rpms/centos6-openssh/
    failovermethod=priority
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/Moonshot

1.3. Ensure that your hostname is correct

The channel bindings check requires that the hostname of your SSH server match the hostname people are SSHing to. That is, the output of the "hostname" and "hostname -f" commands should match the FQDN of the server. If it doesn't, change the relevant line in /etc/sysconfig/network to make it so.

2. Installation Instructions

  1. Install the Moonshot-enabled pre-compiled OpenSSH packages using yum. This will replace the system provided OpenSSH.

    $ yum --disablerepo=updates,base downgrade ssh openssh-server openssh-client openssh-askpass openssh

3. Configuration Instructions

Once installed, the Moonshot-enabled OpenSSH server will still need a few quick tweaks in order to turn on the Moonshot support.

  1. Configure the OpenSSH server to use Moonshot by editing /etc/ssh/sshd_config. Check the following lines are present and uncommented:

    UsePrivilegeSeparation no
    GSSAPIAuthentication yes
    GSSAPIKeyExchange yes
    GSSAPIStrictAcceptorCheck yes
    
  2. Now restart the OpenSSH server

    $ /etc/init.d/sshd restart
  3. Configure the OpenSSH Client.

  • No labels