Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

SSH OPENSOURCE

advertisement 
Title: SFTP Configuration v 1.2
Last changed by: Documentation Team
Date: 27/04/04
e-mail: bsplink.support@adpclearing.com
BSPlink SFTP Configuration
version 1.2
1
Title: SFTP Configuration v 1.2
Last changed by: Documentation Team
Date: 27/04/04
e-mail: bsplink.support@adpclearing.com
Index
1. Introduction.................................................................................................................................. 3
2. SSH Server Technical Description ............................................................................................ 3
3. Unix System Installation ............................................................................................................. 4
3.1 SSH Opensource Installation Process ................................................................................ 4
3.2 Use of SFTP to connect ........................................................................................................ 5
4. Window System Installation and Configuration....................................................................... 6
4.1 Secure FX Installation ........................................................................................................... 6
4.2 Client Windows Use .............................................................................................................. 6
5. Revision Chart ........................................................................................................................... 11
2
Title: SFTP Configuration v 1.2
Last changed by: Documentation Team
Date: 27/04/04
e-mail: bsplink.support@adpclearing.com
1. Introduction
The SSH Server manual will guide the user through the configuration of secure FTP and the connection to
the sever, in order to access BSPlink secure FTP services.
Before trying to set up the secure FTP, the user should create an FTP account by means of the BSPlink
Secure FTP Account option. A login and a password will be required for this purpose: the login will be
automatically provided by the system, while the password will have to be entered by the user. Once the
account has been created, it will be updated in the server (in approximately 24 hours). The account will then
be active and the user will be able to proceed as indicated in this manual.
Furthermore, it is very important that whenever a proxy or a firewall is used to connect to the internet, SFTP
traffic through port 22 should be previously allowed in such devices, otherwise the connection to BSPlink
communications server will not be possible.
The manual includes a technical description of the SSH server and the installation procedures both for Unix
and Windows systems.
2. SSH Server Technical Description
Important data about FTP can be found below:
-
Manufacturer: VanDyke Software.
Product: Vshell SSH2 (Compatible with SSH1)
Version: 1.2.2
Encryption Software Manufacturer: RSA Security Inc.
Characteristics at functional level in our server are the following:
a) Cipher: Coded algorithm used to encrypt data. Our server works with the following algorithms:
Twofish, Blowfish, AES-128, AES-192, AES-256, 3DES and RC4, and even the possibility of noncoded data (although it is currently deactivated in our server)
b) MAC: Digital signature of all the packets that are sent or received in the transmission of files.
Therefore, with this method, packets are not lost, and even more important, no undesirable packet
is wrongly sent in the transmission. The different digital signature types currently available are the
following:
MD5, MD5-96, SHA1 and SHA1-96, even the possibility of non-signed files (although it is currently
deactivated in our server).
c) Compression: All packets are compressed, before being sent, in order to minimise the traffic. The
accepted levels are from 1 to 9. Now it is in 5.
d) Authentication: It is formed by two different methods:
a. Password: This system adds the password used in Windows 2000.
b. Public Key: It consists of generating a public key (either of file type or of X.509 Certificate)
in the client. Then, this public key will be sent to the server to be later authorised.
At this moment, the server is configured with the Password or Public/Private Key (only IETF format)
method.
3
Title: SFTP Configuration v 1.2
Last changed by: Documentation Team
Date: 27/04/04
e-mail: bsplink.support@adpclearing.com
SSH clients should be SSH2, and not SSH1, as this might be obsolete. Some of the recommended client
applications are:
-
Secure FX
Linux Ftps
3. Unix System Installation
3.1 SSH Opensource Installation Process
There are several steps that should be followed in order to install the SSH Opensource.
1. The product for the correct platform should be downloaded from www.openssh.com. The version
should be superior to 2.4.0 in order to stand SSH1 and SSH2. It is recommended to install the
version ssh-3.5.1.
2. Once the product has been downloaded, we enter as root and execute the following:
#gunzip ssh-x.x.x.tar.gz
#tar –xvf ssh-x.x.x.tar
The result is a folder named: “ssh-x.x.x”
3. We enter the folder and execute the following:
#cd ssh-x.x.x
4. Once the above has been executed, you must run the script configuration, it is called “configure”
and has the following parameters:
 prefix = PREFIX: it is where the ‘binary’ elements are installed. (default / user/ local)
 with-etcdir: It is the path where the system information can be obtained. (Default /etc)
 with-libwrap = [PATH]: It uses libwrap (tcp_wrappers) and inetd.
 with-socks4 = [PATH]: It includes support for SOCKS4 (Firewall Crossing).
 with-socks5 = [PATH]: It includes support to SOCKS5 (Firewall Crossing).
 enable-warnigs: It enables the generation of errors in the compiler gcc.
This step configures the ssh environment and adapts it to our requirements.
5. Next step is to compile the binary elements. This is done by using GCC compiler. Therefore, the
following sentence should be executed:
#make
#make install
Once this step has been carried out, the system is configured as follows:
/etc  ssh_host_key and sshd_config files
/usr/local/bin  ssh and scp client application
/usr/local/sbin  sshd daemon
6. The service should be included in the /etc/inetd.conf file. To run it up, the following sentence has to
be included:

With TCP Wrappers:
ssh tcp root nowait /usr/local/sbin/sshd /usr/local/sbin/sshd –i
4
Title: SFTP Configuration v 1.2
Last changed by: Documentation Team
Date: 27/04/04
e-mail: bsplink.support@adpclearing.com

Without TCP Wrappers:
ssh tcp root nowait /usr/local/etc/tcpd /usr/local/sbin/sshd –i
7. Edit the file /etc/services and include the following:
ssh
ssh
22/tcp
22/upd
Secure Shell
Secure Shell
8. Depending on the inetd version, it is possible that the service may reboot the system.
Once all these steps have been carried out, the packet ssh installation has been completed. This includes
both, server application and client application.
3.2 Use of SFTP to connect
We are going to analyse two different systems, as an example to know how to use Secure FTP to connect.
The two systems that are analysed are the following: Password and Public/Private Key systems.

Password System: #sftp %username%@ftp.adpclearing.com
The first time the connection is made, the ‘Finger Print’ file should be pressed and, when required,
press ‘YES’. Then, the password should be entered.
Note: Remember that BSPlink secure FTP password expire 3 months later than its last modification.
After its expiration you should reactivate it by using the form in BSPlink again.

Public/Private key System:
This system consists of a Private and a Public keys. These keys are generated in the client’s device
and then, the Public key should be expressly sent to BSPlink. The way to generate the keys is as
follows:


#ssh-keygen –d
( –d generates the DSA key type)
Two files are generated in the ~/.ssh/. directory:
id_dsa.pub  Public Key
id_dsa  Private Key. (The client maintains this key).

Our Public key is formed with the OpenSource format. However, our server only works with
IETF; therefore, the key should be changed:
# ssh-keygen -e -f id_dsa.pub > file.out


The Public key is personally sent to Bsplink.
Once the confirmation from BSPlink has been received, the user should connect to the
server: #sftp %username%@ftp.adpclearing.com
The first time the user connects to the server, he should accept the ‘Finger Print’ file and press ‘yes’,
when required. Therefore, the system will not ask for a password.
Note: Although the account will expire after three months, the public key will be kept in the server.
This means that it will not be necessary to send again the public key to BSPlink once the account is
reactivated.
5
Title: SFTP Configuration v 1.2
Last changed by: Documentation Team
Date: 27/04/04
e-mail: bsplink.support@adpclearing.com
4. Window System Installation and Configuration
Here it is important to note that the following is just an example and other sFTP clients might be used.
4.1 Secure FX Installation
These two steps should be followed in order to install the Secure FX:
a.
b.
The Secure FX software should be downloaded from the web: http://www.vandyke.com. The version
should not be inferior to 2.0.1. Last version is recommended.
Install the software, in the profile of the user that uses such application.
4.2 Client Windows Use
We are going to explain, separately, the Password and Public/Private key systems:

Password System: A user’s session is to be created. For instance, these are the steps to be followed
with Secure FX secure FTP client:
a.
Go to ‘File  Connect..’ option in the main menu.
In the tool bar, click the second icon on the left, and select the following options:
Protocol: SFTP
Host Address: ftp.adpclearing.com
Port: 22
Username: It is the login provided by the Secure FTP Account option in BSPlink application.
Password: ***********
6
Title: SFTP Configuration v 1.2
Last changed by: Documentation Team
Date: 27/04/04
e-mail: bsplink.support@adpclearing.com
Initial download folder: This field should be left blank. The system will automatically connect to the
user’s folder. NOTE that if the path is indicated, the connection will not be possible, and an error
message will be displayed.
b.
Now, execute the session, by double clicking on the name.
Note: Remember that BSPlink secure FTP password expire 3 months later than its last modification. After
its expiration you should reactivate it by using the form in BSPlink again.

Public/Private key System:
a.
b.
Start the application and go to ‘Options  Global Configuration’ in the main menu.
Select the SSH2 option and press ‘Create Identity File’
c.
The Public/Private key are to be generated. Follow the steps below:
Key type DSA
Passphrase Null
Comment  Left as it is shown by default.
Key length  1024
Private Key filename  Left as it is shown by default.
Public Key filename  The user should write down this path, as it would be the place where the
Public key will be saved, and then, be expressly sent to BSPlink.
7
Title: SFTP Configuration v 1.2
Last changed by: Documentation Team
Date: 27/04/04
e-mail: bsplink.support@adpclearing.com
A user’s session is to be created. These are the steps to be followed:
d.

Go to ‘File  Connect..’ option in the main menu.

In the tool bar, click the second icon on the left, and select the following options:
Protocol: SFTP
Host Address: ftp.adpclearing.com
Port: 22
Username: It is the login provided by the Secure FTP Account option in BSPlink
application.
Password: ***********
Initial download folder: This field should be left blank. The system will automatically connect to
the user’s folder. NOTE that if the path is indicated, the connection will not be possible, and an
error message will be displayed.
8
Title: SFTP Configuration v 1.2
Last changed by: Documentation Team
Date: 27/04/04
e-mail: bsplink.support@adpclearing.com
e.
Once the session has been created, with the right button of the mouse on the session, select
‘Properties’ option.
Go to ‘Authentication  Primary’, and select ‘Public Key’. Then, press ‘Properties’ in order to check that the
‘Use global identity file’ option is selected.
The path where the identity file has been previously saved will be shown in the use identity file box.
9
Title: SFTP Configuration v 1.2
Last changed by: Documentation Team
Date: 27/04/04
e-mail: bsplink.support@adpclearing.com
f.
Before using the connection, the user should have received the BSPlink confirmation that the
corresponding public key was received accurately. Then, double click to connect with the created
session.
Note: Although the account will expire after three months, the public key will be kept in the server. This
means that it will not be necessary to send again the public key to BSPlink once the account is reactivated.
10
Title: SFTP Configuration v 1.2
Last changed by: Documentation Team
Date: 27/04/04
e-mail: bsplink.support@adpclearing.com
5. Revision Chart
Revision Nº
1.1
Issue date
28/04/03
Changes
4.2 Client Windows Use: change in Initial Download
Folder
explanation
in
Password
System
and
Public/Private Key System.
1.2
27/04/04
Document updated with standard format.
Web value logo included in first page.
Notes included in sections: 3.2 and at the end of 4.2.
11
Related documents
Checklist for customer SystemSmart upload interface:
Checklist for customer SystemSmart upload interface:
SFTP fact sheet - Do Not Call Register
SFTP fact sheet - Do Not Call Register
Automated SFTP
Automated SFTP
How to start Whitepins - AMAS-Team
How to start Whitepins - AMAS-Team
Slide 1
Slide 1
Use of Secure File Transfer over SSH to facilitate the
Use of Secure File Transfer over SSH to facilitate the
Download
advertisement