To run an OpenSSH server, you must first make sure that you have
the proper RPM packages installed. The
openssh-server package is required and depends on
the openssh package.
The OpenSSH daemon uses the configuration file
/etc/ssh/sshd_config. The default configuration
file should be sufficient for most
purposes. If you want to configure the daemon in ways not provided by
the default sshd_config, read the
sshd man page for a list of the keywords that can
be defined in the configuration file.
To start the OpenSSH service, use the command /sbin/service
sshd start. To stop the OpenSSH server, use the command
/sbin/service sshd stop. If you want the daemon to
start automatically at boot time, refer to Chapter 20 Controlling Access to Services
for information on how to manage services.
If you reinstall, the reinstalled system creates a new set of
identification keys. Any clients who had connected to the system with
any of the OpenSSH tools before the reinstall will see the following
message:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed. |
If you want to keep the host keys generated for the system, backup the
/etc/ssh/ssh_host*key* files and restore them after
the reinstall. This process retains the system's identity, and when
clients try to connect to the system after the reinstall, they will not
receive the warning message.
