Changes

There are two methods of connecting to the server's shell

There are two methods of connecting to the server's shell

**Console**

'''Console'''

This one is easy, simply use the keyboard and monitor that is connected to the box.

This one is easy, simply use the keyboard and monitor that is connected to the box.

Hitting Alt+F2, Alt+F3 etc etc will switch to another session allowing you to have multiple logons at the same console, e.g. you may have "tail -f" running on a logfile on one screen while making some changes in another.  This is similar to Windows XP's "Switch User" functionality, although *Nix has had the capability for years.

Hitting Alt+F2, Alt+F3 etc etc will switch to another session allowing you to have multiple logons at the same console, e.g. you may have "tail -f" running on a logfile on one screen while making some changes in another.  This is similar to Windows XP's "Switch User" functionality, although *Nix has had the capability for years.

Finally, hitting CTRL+ALT+DEL will perform a controlled shutdown and restart of the system.

Finally, hitting CTRL+ALT+DEL will perform a controlled shutdown and restart of the system.

**SSH**

'''SSH'''

This is the preferred method of connecting to SME, as you can connect from any machine with an SSH Client.

This is the preferred method of connecting to SME, as you can connect from any machine with an SSH Client.

SSH is similar in function to Telnet, with the main difference being that it is heavily encrypted.  It has many other very useful features, such as tunnelling, which are outside the scope of this section of the manual.

SSH is similar in function to Telnet, with the main difference being that it is heavily encrypted.  It has many other very useful features, such as tunnelling, which are outside the scope of this section of the manual.

There are three SSH Options Here:

There are three SSH Options Here:

**Secure Shell Access**

'''Secure Shell Access'''

By default, SSH access is set to //No Access//, you need to change this to either //Allow Access Only from Local Networks// or //Allow Public Access (Entire Internet)//

By default, SSH access is set to //No Access//, you need to change this to either //Allow Access Only from Local Networks// or //Allow Public Access (Entire Internet)//

**Allow administrative command line access over secure shell**

'''Allow administrative command line access over secure shell'''

This basically enables or disables your ability to logon as "root" via SSH.  If this is set to "No" then the root login will always get "Access Denied".

This basically enables or disables your ability to logon as "root" via SSH.  If this is set to "No" then the root login will always get "Access Denied".

**Allow secure shell access using standard passwords**

'''Allow secure shell access using standard passwords'''

This allows or denies access using passwords.  If this is set to no, then you will only be able to connect if you are using a Public/Private Key pair (More later)

This allows or denies access using passwords.  If this is set to no, then you will only be able to connect if you are using a Public/Private Key pair (More later)

In both the above cases (SSH and Console access), there are, by default only two users that you can log on as:

In both the above cases (SSH and Console access), there are, by default only two users that you can log on as:

**Admin** will give you access to the "Server Console" from here you can make changes to the configuration of the server, test internet access, reboot / shutdown, set up RAID and access the Server-Manager (Using a text-based browser)

'''admin'''will give you access to the "Server Console" from here you can make changes to the configuration of the server, test internet access, reboot / shutdown, set up RAID and access the Server-Manager (Using a text-based browser)

**Root** will log you on to the console as the Super-User.  BEWARE.  As Root, you have full access to everything. If you don't know what you are doing, you could inadvertently delete the entire contents of the hard drive or otherwise break the server.  Unless you are VERY sure of what you are doing you should always get a good backup of your system before starting to change anything.

'''root''' will log you on to the console as the Super-User.  BEWARE.  As Root, you have full access to everything. If you don't know what you are doing, you could inadvertently delete the entire contents of the hard drive or otherwise break the server.  Unless you are VERY sure of what you are doing you should always get a good backup of your system before starting to change anything.

Both the Admin and Root users share the same password.

Both the Admin and Root users share the same password.

Stuff you type is in !!RED!!

Stuff you type is in !!RED!!

**Step One - Create the Keys**

'''Step One - Create the Keys'''

Log onto the server as root and cd to ~/.ssh

Log onto the server as root and cd to ~/.ssh

!!cd ~/.ssh!!

!!cd ~/.ssh!!

You will now have two new files in the current Directory: id_dsa & id_dsa.pub

You will now have two new files in the current Directory: id_dsa & id_dsa.pub

**Step Two - Activate the Public Key**

'''Step Two - Activate the Public Key'''

Enter the following command to add the Public key to the list of allowed keys for root:

Enter the following command to add the Public key to the list of allowed keys for root:

!!cat id_dsa.pub >> authorized_keys!!

!!cat id_dsa.pub >> authorized_keys!!

**Step Three - Get the Private Key**

'''Step Three - Get the Private Key'''

Now all we need to do is get the Private Key onto your client.

Now all we need to do is get the Private Key onto your client.

(The Following instructions assume your ClientPC is Running Windows, and you are using Putty as your SSH Client)

(The Following instructions assume your ClientPC is Running Windows, and you are using Putty as your SSH Client)

Failing that, you can use SCP to get the file off, or move the file into an iBay and copy it out using SMB.

Failing that, you can use SCP to get the file off, or move the file into an iBay and copy it out using SMB.

**Step Four - Convert the Private Key**

'''Step Four - Convert the Private Key'''

Once you have the file on your windows machine, you need to convert it from OpenSSH Format to PPK (Putty Private Key) format.

Once you have the file on your windows machine, you need to convert it from OpenSSH Format to PPK (Putty Private Key) format.

To do this you need PuttyGen.  This is part of the Windows installation of Putty, but if you just downloaded the Putty.exe executable then you will need to visit ((http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html)) and download the PuttyGen executable.

To do this you need PuttyGen.  This is part of the Windows installation of Putty, but if you just downloaded the Putty.exe executable then you will need to visit ((http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html)) and download the PuttyGen executable.

Once the Key is Imported, Click "Save Private Key" and save your new ppk file somewhere safe.

Once the Key is Imported, Click "Save Private Key" and save your new ppk file somewhere safe.

**Step Five - Use the Key & Test**

'''Step Five - Use the Key & Test'''

Now when you use Putty, you just have to tell it to use the Private Key

Now when you use Putty, you just have to tell it to use the Private Key

Put your Server IP address / FQDN in the main screen as normal, then go to //Connection -> SSH -> Auth// from the menu, and browse for the PPK file you created earlier.

Put your Server IP address / FQDN in the main screen as normal, then go to //Connection -> SSH -> Auth// from the menu, and browse for the PPK file you created earlier.

Passphrase for key "imported-openssh-key":

Passphrase for key "imported-openssh-key":

**Step Six - Lock it down**

'''Step Six - Lock it down'''

As long as the above worked, then you now need to disable logging in using passwords.

As long as the above worked, then you now need to disable logging in using passwords.

Go to the Server-manager, and switch Off //Allow secure shell access using standard passwords//

Go to the Server-manager, and switch Off //Allow secure shell access using standard passwords//