OpenSSH Server on RHEL/CentOS/SL

Owned by wqx+qmnstigwu5kzxaiskxnikzy@idp.company.ja.net
Last updated: Sept 12, 2019 by Alex Perez Mendez
2 min read

Neither RHEL, CentOS nor Scientific Linux (RHEL/CentOS/SL) ship with a version of OpenSSH that is compatible with Moonshot. To get Moonshot support for it, you must install a specific Moonshot-enabled version. We have a precompiled version available in our repositories.

Contents

All of the instructions below assume that you have root access, and will work as the root user (either directly or using sudo).

The instructions on this page will replace the system provided OpenSSH packages with the Moonshot enabled ones (don't worry, standard SSH things will still work!)

Following the instructions on this page will give you a Moonshot-enabled OpenSSH Server only.

1. System Preparation

1.1. Add the Moonshot libraries

If you have not already done so, you first need to follow the instructions on how to Install Moonshot Libraries on a RHEL / CentOS / SL Server.

1.2. Enable the Moonshot OpenSSH Repository

The OpenSSH packages have their own dedicated repository, to avoid replacing system's one when not strictly required.

This repository needs to be manually enabled, by editing the /etc/yum.repos.d/moonshot.repo file and setting enabled=1 for the MoonshotSSH repository.

...
# Moonshot SSH repository (including sources)
[MoonshotSSH]
name=MoonshotSSH
baseurl=http://repository.project-moonshot.org//rpms/centos7-openssh
failovermethod=priority
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-MOONSHOT
priority=1

1.3. Ensure that your hostname is correct

The channel bindings check requires that the hostname of your SSH server match the hostname people are SSHing to. That is, the output of the hostname and hostname -f commands should match the FQDN of the server. If it doesn't, change the relevant line in /etc/sysconfig/network to make it so.

2. Installation Instructions

  1. Install the Moonshot-enabled pre-compiled OpenSSH packages using yum. This will replace the system-provided OpenSSH:

    yum update openssh*

  2. If you have already installed the latest version of OpenSSH from the CentOS updates repository and its version is either the same or is newer than the version in our repository, you must use the yum downgrade command to switch the packages to our version:

    yum downgrade openssh*

3. Configuration Instructions

Once installed, the Moonshot-enabled OpenSSH server will still need a few quick tweaks in order to turn on the Moonshot support.

Follow the configuration instructions on the OpenSSH Server page to configure the server.