Difference between revisions of "Debian Linux Distribution Reference"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
(Remote Connection)
Line 27: Line 27:
 
Supporting legacy ciphers for backwards compatibility is necessary to connect "ssh" with SecureCRT.  The ssh server "sshd" ciphers can be configured via the file:
 
Supporting legacy ciphers for backwards compatibility is necessary to connect "ssh" with SecureCRT.  The ssh server "sshd" ciphers can be configured via the file:
 
  vi /etc/ssh/sshd_config
 
  vi /etc/ssh/sshd_config
 
+
See what ciphers are available on your system:
 +
ssh -Q cipher localhost
 +
Even though 3des-cbc is enabled in the configuration, the client using 3des-cbc is rejected, as evidence in the log
 +
cat /var/log/auth.log
 +
It turns out that number of version 2 ciphers have been disabled in the 6.7p1-1 release of openssh.  Lets see what version of OpenSSH we have.
 +
dpkg-query -l|grep -i openssh
 +
Debian Linux Jessie reports openssh-server 1:6.7p1-5+deb8u3 which has the following ciphers disabled: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,arcfour128,arcfour256,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
  
 
== See Also ==
 
== See Also ==

Revision as of 00:05, 27 February 2017

Installation

Debian Linux distribution Codenamed Jessie was released April 25, 2015.

The installer boot screen looks like this:

Installer boot menu 

Install
Graphical install
Advanced options             >
Help
Install with speech synthesis

Kernel Selection: linux-image-486, linux-image-586, linux-image-686-pae are all meta packages which will install one of the these two: linux-image-3.16.0-4-586 and linux-image-3.16.0-4-686-pae

The advantage to the meta package is that it will ensure that the kernel gets a release (version) upgrade - in a stable release this is not so important, but it's best to install the meta package anyway.

585 kernel is for older 586 class CPUs while 686-pae is for newer 686 class CPUs with PAE/NX bit support. Find out if your CPU support PAE/NX and install the relevant kernel meta package.

PAE stands for Physical Address Extension. Normally a 32-bit OS will only be able to access 4GB of RAM while essentially using only 3GB. PAE enables 32-bit processors to access more than 4GB RAM. NX stands for No Execute page protection. NX processor bit allows the processor to help and safeguard PC from malicious attacks. See Technize.net for more info.

Package Mirror: During install you will be asked what mirror to pull additional packages from. You can use ftp.debian.org although you should note that ftp.debian.org is not canonical location of Debian packages, instead it is merely one of several servers that get updated from an internal Debian server.

Configuration

Remote Connection

Install sshd to allow remote secure shell connection to the terminal.

Supporting legacy ciphers for backwards compatibility is necessary to connect "ssh" with SecureCRT. The ssh server "sshd" ciphers can be configured via the file:

vi /etc/ssh/sshd_config

See what ciphers are available on your system:

ssh -Q cipher localhost

Even though 3des-cbc is enabled in the configuration, the client using 3des-cbc is rejected, as evidence in the log

cat /var/log/auth.log

It turns out that number of version 2 ciphers have been disabled in the 6.7p1-1 release of openssh. Lets see what version of OpenSSH we have.

dpkg-query -l|grep -i openssh

Debian Linux Jessie reports openssh-server 1:6.7p1-5+deb8u3 which has the following ciphers disabled: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,arcfour128,arcfour256,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se

See Also