Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Opennav
 
Panel

Debian 7 does not ship with a version of OpenSSH that is compatible with Moonshot. To get Moonshot support for it, you must install a specific Moonshot-enabled version. We have a precompiled version available in our repositories.

Contents

Table of Contents

Note

All of the instructions below assume that you have root access, and will work as the root user (either directly or using sudo).

Note

The instructions on this page will replace the system provided OpenSSH packages with the Moonshot enabled ones (don't worry, standard SSH things will still work!)

Info

Following the instructions on this page will give you a Moonshot-enabled OpenSSH Server only.

Numbered Headings

System Preparation

Add the Moonshot libraries.

If you have not already done so, you first need to follow the instructions on how to install the Moonshot Libraries on Debian 7.

Add the Moonshot OpenSSH Repository

  1. We've moved the OpenSSH packages from the main Moonshot repository into their own, so add the Moonshot Debian OpenSSH repository to your system. To do this, run the following command (as root, or using sudo):

    Code Block
    languagebash
    $ echo "deb http://repository.project-moonshot.org/debian-moonshot wheezy openssh" > /etc/apt/sources.list.d/moonshot-ssh.list

Configure APT

Debian 7 currently ships with OpenSSH v6, whereas our Moonshot-enabled OpenSSH is v5.9. So that you can install our OpenSSH, and not have it reverted back to the non-Moonshot-enabled system provided OpenSSH next time you do an apt-get upgrade, we must tell apt that the Moonshot repository has precedence over the official Debian repositories.

  1. Create a file called /etc/apt/preferences.d/moonshot, with the following content:
     

    Code Block
    linenumberstrue
    Package: *
    Pin: release o=moonshot
    Pin-Priority: 1200
     
    Package: openssh*
    Pin: release o=Debian
    Pin-Priority: -10 

Ensure that your hostname is correct

The channel bindings check requires that the hostname of your SSH server match the hostname people are SSHing to. That is, the output of the "hostname" and "hostname -f" commands should match the FQDN of the server. If it doesn't, change /etc/hostname to make it so.

 

Installation Instructions

  1. Install the Moonshot-enabled pre-compiled OpenSSH packages using apt. This will replace the system provided OpenSSH.

    Code Block
    languagebash
    $ apt-get install ssh openssh-server openssh-client libapache2-mod-shib2

Configuration Instructions

Note
titleUsePrivilegeSeparation

 This version of OpenSSH does not support the use of privilege separation when using Moonshot authentication. Please follow the UsePrivilegeSeparation instructions in the configuration.

Once installed, the Moonshot-enabled OpenSSH server will still need a few quick tweaks in order to turn on the Moonshot support.

Follow the configuration instructions on the OpenSSH Server page to configure the server.