OpenSSH Server on Ubuntu 12.04 LTS

Owned by wqx+qmnstigwu5kzxaiskxnikzy@idp.company.ja.net
Last updated: Mar 02, 2017 by Stefan Paetow
2 min read

Ubuntu 12.04 LTS (Precise Pangolin) does not ship with a version of OpenSSH that is compatible with Moonshot. To get Moonshot support for it, you must install a specific Moonshot-enabled version. We have a precompiled version available in our repositories.

Contents

All of the instructions below assume that you have root access, and will work as the root user (either directly or using sudo).

The instructions on this page will replace the system provided OpenSSH packages with the Moonshot enabled ones (don't worry, standard SSH things will still work!).

Following the instructions on this page will give you a Moonshot-enabled OpenSSH Server only.

1. System Preparation

1.1. Add the Moonshot libraries.

If you have not already done so, you first need to follow the instructions on how to install the Moonshot Libraries on Ubuntu 12.04 LTS.

1.2. Configure APT

Ubuntu 12.04 LTS currently ships with OpenSSH v6, whereas our Moonshot-enabled OpenSSH is v5.9. We must tell apt that the Moonshot repository has precedence over the official Debian repositories so that you can install our OpenSSH, and not have it reverted back to the non Moonshot-enabled system provided OpenSSH next time you do an apt-get upgrade.

  1. Create a file called /etc/apt/preferences.d/moonshot, with the following content:
     

    Package: *
Pin: release o=moonshot
Pin-Priority: 1200

1.3. Ensure that your hostname is correct

The channel bindings check requires that the hostname of your SSH server match the hostname people are SSHing to. That is, the output of the "hostname" command should match the FQDN of the server. If it doesn't, change /etc/hostname to make it so. 

1.4. Install updated libmemcached packages

Ubuntu 12.04 LTS ships with a version of libmemcached that is a little too old for Moonshot. We need to update these packages with newer version.

  1. Download the following package:
    1. http://old-releases.ubuntu.com/ubuntu/pool/main/libm/libmemcached/libmemcached10_1.0.8-1_amd64.deb

  2. Install it:

    $ dpkg -i libmemcached10_1.0.8-1_amd64.deb

2. Installation Instructions

  1. Install the Moonshot-enabled pre-compiled OpenSSH packages using apt. This will replace the system provided OpenSSH.

    $ apt-get install ssh openssh-server openssh-client libapache2-mod-shib2

3. Configuration Instructions

Once installed, the Moonshot-enabled OpenSSH server will still need a few quick tweaks in order to turn on the Moonshot support.

  1. Configure the OpenSSH server to use Moonshot by editing /etc/ssh/sshd_config. Check the following lines are present and uncommented:

    UsePrivilegeSeparation no
GSSAPIAuthentication yes
GSSAPIKeyExchange no
GSSAPIStrictAcceptorCheck yes

  2. Now restart the OpenSSH server

    $ /etc/init.d/ssh restart

  3. Configure the OpenSSH Client.