OK, I'm having a little problem with ssh. I have my students in a lab of 24 PCs running the "poor man's dual boot." The 25th machine was knoppix-installer'd as debian. Now I created accounts on this "server" so my kids can save their work in /home. Unfortuantely, using ssh with scp or fish is hit or miss. Some kids have no problem, but some can't even connect! Is this because they should always start sshd? If so, why can some kids connect and others not? I thought that sshd was started at boot time. I suppose sshd needs to be started on both the client and the server end, right?

Let me get this straight.
So I need to setup sshd on the server
/etc/init.d/sshd start

and my students, as clients, need to
/etc/init.d/sshd start
and then
ssh -l sally 10.10.2.64
and then
scp sally@10.10.2.64:/home/sally/MyProg.java .
or
scp MyProg.java sally@10.10.2.64:/home/sally
or
"KONQUEROR fish://sally@10.10.2.64"

right...? I don't have them use /etc/init.d/sshd start - maybe that's the problem? In other words, do my clients need to use sshd start before ssh and do they then need ssh before scp or fish? Also, do I have to sshd start on the server (where my students save work to /home) first?

TIA,

--For the ones who can't connect, make sure they have connectivity and a valid IP address (ifconfig). Make sure they can ping the server.

--To my knowledge, sshd only needs to be running as a daemon on the *Server* end. (You can connect with Putty from Windows, for example.)

--Are you giving out DHCP addresses on the server? If so, make sure you have 25 available addresses JIC. You may also have to generate lines in /etc/hosts on the server for all DHCP addresses, I'm not sure about that part.


OK, I'm having a little problem with ssh. I have my students in a lab of 24 PCs running the "poor man's dual boot." The 25th machine was knoppix-installer'd as debian. Now I created accounts on this "server" so my kids can save their work in /home. Unfortuantely, using ssh with scp or fish is hit or miss. Some kids have no problem, but some can't even connect! Is this because they should always start sshd? If so, why can some kids connect and others not? I thought that sshd was started at boot time. I suppose sshd needs to be started on both the client and the server end, right?

Let me get this straight.
So I need to setup sshd on the server
/etc/init.d/sshd start

and my students, as clients, need to
/etc/init.d/sshd start
and then
ssh -l sally 10.10.2.64
and then
scp sally@10.10.2.64:/home/sally/MyProg.java .
or
scp MyProg.java sally@10.10.2.64:/home/sally
or
"KONQUEROR fish://sally@10.10.2.64"

right...? I don't have them use /etc/init.d/sshd start - maybe that's the problem? In other words, do my clients need to use sshd start before ssh and do they then need ssh before scp or fish? Also, do I have to sshd start on the server (where my students save work to /home) first?

TIA,

I tried this procedure today in class. This line does not work
/etc/init.d/sshd start but this one does /etc/init.d/ssh start.

Now, nothing worked until I issued /etc/init.d/ssh start on the server.

Also, my students had to enter /etc/init.d/ssh start and then ssh -l name 10.10.2.64 and then fish://name@10.10.2.64 where 10.10.2.64 is the (debian knoppix-installer) server ip address. At least we don't need to get into scp....

Dave, you say I need to start sshd on the server? What do I have to do different?

TIA,

--Ah, I think I know what's going on. On the server, /etc/init.d/ssh runs /usr/sbin/sshd. I don't know why they didn't name the script sshd.

--Of course nothing will work unless the ssh daemon is running on the server; nothing is listening on the ssh services port until it gets started. But on the STUDENT side, the ssh script is actually generating ssh keys for the client boxes so that they can communicate over ssh.

--How are your students getting IP addresses? If you want the server to assign them automatically and have the student's Knoppix CD acquire them automatically with pump, I can post my dhcp.conf for you as an example.


I tried this procedure today in class. This line does not work
/etc/init.d/sshd start but this one does /etc/init.d/ssh start.

Now, nothing worked until I issued /etc/init.d/ssh start on the server.

Also, my students had to enter /etc/init.d/ssh start and then ssh -l name 10.10.2.64 and then fish://name@10.10.2.64 where 10.10.2.64 is the (debian knoppix-installer) server ip address. At least we don't need to get into scp....

Dave, you say I need to start sshd on the server? What do I have to do different?

TIA,

OK, you use pump for this. Well, I'd be interested in your dhcp.conf file. This would run on the server, right?

I don't know if this ssh/fish stuff is all its cracked-up to be. I don't know why, but only 10 of my 24 clients can get this working! Maybe I'll just setup ftp services: http://www.knoppix.net/docs/index.php/FaqFTP

TIA,

--On the server, edit /etc/ssh/sshd_config and look around for MaxStartups - if it exists, change the value to 30 or so:


MaxStartups
Specifies the maximum number of concurrent unauthenticated con-
nections to the sshd daemon. Additional connections will be
dropped until authentication succeeds or the LoginGraceTime
expires for a connection. The default is 10.

Alternatively, random early drop can be enabled by specifying the
three colon separated values ``start:rate:full'' (e.g.,
"10:30:60"). sshd will refuse connection attempts with a proba-
bility of ``rate/100'' (30%) if there are currently ``start''
(10) unauthenticated connections. The probability increases lin-
early and all connection attempts are refused if the number of
unauthenticated connections reaches ``full'' (60).


--I also recommend setting:
PermitRootLogin no

--This will not allow root to login directly, a regular user has to login and ' su ' to gain root access.

--Dunno for sure if that will fix the problem, but it's a start. Also make sure everyone is doing the ' /etc/init.d/ssh start ' and can ping the server before trying to connect. In addition, for the ones that are having trouble connecting, you can add a ' -v ' to the ssh command args and debug the connection attempt.

--You will also have to do /etc/init.d/ssh restart (bounce ssh) after saving the file.

--Some suggestions:
o Always use protocol 2 with ssh clients: ' -2 ' with ssh
o Always use ' -c blowfish ' for fastest connections

--Here's my /etc/dhcp3/dhcpd.conf:


# 2003.0921
# For win98?
option domain-name "waldoseries.org";
#option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 5000;
max-lease-time 18000;

authoritative;

subnet 10.0.0.0 netmask 255.0.0.0 {
range 10.0.0.50 10.0.0.55;
}


--Also ' ln /etc/dhcp3/dhcpd.conf /etc/dhcpd.conf -sfn ' for easy editing. You will probably also have to edit /etc/default/dhcp3-server and add "eth0" to interfaces (INTERFACES="eth0").

--Note that the leases file is located at /var/lib/dhcpd3/dhcpd.leases. Lease times are in seconds. Don't forget to issue ' /etc/init.d/dhcp3-server start ' on the server.

--If your campus network already has a DHCP server, talk to your admin before doing this! Putting a dhcp server up should only be done on a network that absolutely does not go outside your classroom. (This dhcp conf is on my laptop, for backing up client machines. I haven't used it on any more than 2-3 machines at once.) You may actually be able to get around any restrictions by physically unplugging any ethernet cable that goes outside what you want your local LAN to be.

--This setup should be considered experimental until proven workable - I don't know what effect dynamic IP addresses will have on the sshd server, but since you're booting from CD anyway it shouldn't be a problem (I hope.) Lemme know how it goes.

--Oh, and when you get everything up and running the way you want it, don't forget to backup the server. ;)


OK, you use pump for this. Well, I'd be interested in your dhcp.conf file. This would run on the server, right?

I don't know if this ssh/fish stuff is all its cracked-up to be. I don't know why, but only 10 of my 24 clients can get this working! Maybe I'll just setup ftp services.

TIA,

Thanx for your help, Dave! I got fish working:
http://www.knoppix.net/forum/viewtopic.php?t=380&start=15

I had to set up sshd, is there anything like that for ftp, like ftpd?

TIA,

--If all you're doing is scp / sftp / fish, all you should need is sshd. ftpd, proftpd, vsftpd and the like are all for unencrypted (regular, insecure) ftp sessions.


Thanx for your help, Dave! I got fish working:
http://www.knoppix.net/forum/viewtopic.php?t=380&start=15

I had to set up sshd, is there anything like that for ftp, like ftpd?

TIA,

OK so there is an ftp daemon. How do I set up ftpd? I want my students to use a shell and access their /home dirs on a remote PC using ftp -u mrg 10.10.2.64, login and then use get and put as needed. Can we do this?

TIA,

--Personally, I use vsftpd because it's the most secure (and fastest I know of.) On the server, ' cd /etc; cp ftpusers ftpusers.bkp ' ; ' apt-get install vsftpd ' ; any client can connect to it (ncftp, lftp, whatever.)

--The config file /etc/vsftpd.conf is really easy to understand, here are some changes I made to mine:


# Allow anonymous FTP?
# XXX 20030805
anonymous_enable=NO

# Uncomment this to allow local users to log in.
local_enable=YES

# Uncomment this to enable any form of FTP write command.
# XXXXX 20030805
write_enable=YES

# You may fully customise the login banner string:
# XXX 20030805
ftpd_banner=Welcome to vsftpd FTP service.

# XXX added 20030805
# Enable standalone
listen=YES
userlist_enable=YES
userlist_file=/etc/ftpusers
use_localtime=YES
max_clients=10


--You will especially want to change the max_clients, and ' mv ftpusers.bkp ftpusers ' after installing so you can use the same blocking file. (Installing vsftpd removes the ftpusers file IIRC.)

--When you have everything configged, ' /etc/init.d/vsftpd start ' on the server; you don't need it started on the clients.

--Just make sure you don't have everyone using the mrg ID, they should all use their own usernames. ;-)


OK so there is an ftp daemon. How do I set up ftpd? I want my students to use a shell and access their /home dirs on a remote PC using ftp -u mrg 10.10.2.64, login and then use get and put as needed. Can we do this?

TIA,

Oh, this sounds very nice - I'm going to have to try it on Monday!

Thanx,

--Did you get dhcp working, and all the students can connect at once now?


Oh, this sounds very nice - I'm going to have to try it on Monday!

Thanx,

I have sshd working with fish. This will do for now. I've been spending way too much time networking my students and way too little time teaching them java!

There is one weird thing I've noticed with my knoppix-installed as debian server running sshd. If I have to reboot this PC, I have to restart sshd every time. OK, I expected that. The weird thing, though, is that I have to run netcardconfig every time I reboot or ifconfig only shows lo! My knoppix-installed as knoppix clients running ssh all have their ethernet cards configured properly every time they're rebooted. So what gives here???

BTW, I can't get a dhcp server up for the Knoppix Terminal Server, there must by another server on the LAN conflicting. My ethernet cards seem to be booting OK with PXE....

TIA,

--On the server, ' ln /etc/init.d/ssh /etc/rc5.d/S20ssh -sfn ' and it should startup ssh after a reboot.

--While the server is running, do ' lsmod ' and compare with the /etc/modules file. You may have to put your network adapter in /etc/modules.


I have sshd working with fish. This will do for now. I've been spending way too much time networking my students and way too little time teaching them java!

There is one weird thing I've noticed with my knoppix-installed as debian server running sshd. If I have to reboot this PC, I have to restart sshd every time. OK, I expected that. The weird thing, though, is that I have to run netcardconfig every time I reboot or ifconfig only shows lo! My knoppix-installed as knoppix clients running ssh all have their ethernet cards configured properly every time they're rebooted. So what gives here???

BTW, I can't get a dhcp server up for the Knoppix Terminal Server, there must by another server on the LAN conflicting. My ethernet cards seem to be booting OK with PXE....

TIA,