Novell Home

Using OpenSSH to Manage Your Novell OES Server Remotely

Novell Cool Solutions: AppNote
By Dave Simons

Digg This - Slashdot This

Posted: 18 Apr 2007
 

In this AppNote I will explain how you can use OpenSSH to manage your Novell OES server remotely.

Most Novell administrators know what telnet, ftp and other such programs are and how to use them. What some don't know is that these programs send data and, more important, passwords unencrypted over the network. If a hacker has a packet sniffer connected to the network, he can see all your important information.

With OES Linux and OES NetWare there is a nice tool available called OpenSSH. OpenSSH sends all the data encrypted over your network. Now you can configure your remote OES servers but much more safely.

What you can do with OpenSSH

  • Users can securely access and copy files to and from their Home Directories.
  • You can securely access your server console from any remote site.
  • You also can use OpenSSH in script files.
  • You can use ssh to copy files securely from OES NetWare to and from an OES Linux server.

How to setup OpenSSH on the OES Linux Server

The configuration file is /etc/ssh/sshd_conf.

In the configuration file there are a couple of parameters that will be used:

  • AllowUsers
  • DenyUsers

With AllowUsers:

The parameter can be followed by a list of user names that can connect to the server.

With DenyUser:

The default configuration is so that all users can establish a connection. If you would like to exclude some users from the default configuration, you can add the users behind the DenyUser parameter.

Lets test these two settings.

I will create a very simple configuration file.

Open /etc/ssh/sshd_conf.

At the end of the file add the line:

AllowUsers admin

This tells the ssh deamon that only the user admin may connect to the server.

Before I can test the new setting, I have to restart the SSH deamon.

Open a terminal window and enter "rcsshd restart"

As you can see the deamon is restarted.

Now open the OES NetWare console screen and enter "ssh admin@10.200.200.1" this will establish a connection to the OES Linux server with ip address 10.200.200.1.

As password screen comes up, enter the password of user admin.

As you can see the connection is established.

Now I will change the /etc/ssh/sshd_conf file so that only user Root may connect to the server.

If I now try to connect to the OES Linux server with user admin: ssh admin@10.200.200.1

you will see this:

You will have to enter your password tree times, every time the password will NOT be accepted.

The message:

fatal: Permission denied (publickey,keyboard-interactive)

indicates that you have a UserAllow setting in your "/etc/ssh/sshd_conf" file.

Now you have some protection in your SSH configuration so only allowed users can create a connection to the server.

The configuration file for the NetWare server can be found in "sys:\etc\ssh\sshd_conf". The same options can be used as on the OES Linux server.

To start SSH on OES NetWare load the sshd.nlm

After you changed the SYS:\etc\ssh\sshd_conf file you can reload the ssh deamon as follows:

Open the Server console and enter:

unload sshd
load sshd

Now the new configuration will be active.

Next, I will show you how to copy data from the OES Linux server to the OES NetWare server with SSH.

Copy the Desktop file "backup.tar.gz" from user "dsimons" to the SYS:\datatmp directory of the OES NetWare server.

From the OES NetWare server enter:

scp /home/dsimons/backup.tar.gz admin@10.200.200.2/datatmp

After the command, you have to enter the password of the admin user. Than you will see that the file is being copied to the OES NetWare server.

As you can see, OpenSSH is a very nice tool you can use to securely copy data from one server to another. You can also use the ssh command "scp" in *.ncf files. This way you can create a scheduled action to copy a backup file to another server.

The last thing I will show you is how you can connect to another ssh servers server console remotely.

Lets see how I can remotely manage my OES NetWare server from my OES Linux Server.

Open a terminal window and enter the command:

ssh admin@10.200.200.2

Enter the password of the eDirectory Admin user. Click Enter. Now I can manage the OES NetWare server console.

You can also see that the connection is accepted from the server with ip-address 10.200.200.1.

Now, lets see if I can show some information from the NetWare server by entering some commands:

How much memory is in the server:

Processor Speed:

Time:

As you can see, you can perform all of the commands that you use when you are physically working on the OES Linux server.

So, if you ever need to copy files to remotely manage your OES servers, use SSH.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell