SSHD
Have you ever wished you could remotely access your server's admin console without having to setup a complex remote access system? Now you can with SSHD.
SSHD securely exposes your bukkit admin console using the SSH protocol - the same protocol that serves as the secure foundation for nearly all remote server administration.
- Compatible with all ssh clients, regardless of operating system.
- Remotely view your server log in real-time.
- Remotely issue commands from the server console, just as if you were on the server itself.
- Supports multiple concurrent remote connections.
- Strong identity support using public key authentication.
- Remotely script your server by issuing one-off console commands with ssh.
Why should I use SSHD?
- Your server runs on Windows.
- You are in a shared hosting environment that only gives you access to the log files.
- You want to share access to your server console, but don't want to give anybody access to the machine its running on.
- You always wanted to use RCON, but want to see the server log as well.
- You are tired of running your server in a Screen session.
- You just want to access your server console using SSH.
Configuration
- listenAddress - The network interface(s) SSHD should listen on. Default all
- port - Specify the port SSHD should listen on. Default 22
- username/password - The credentials used to log into the server console. Default blank
Note: By default, only public key authentication is enabled. This is the most secure authentication mode! Setting a username and password will make your server less secure.
Setting Up Public Key Authentication
Setting up public key authentication with SSH requires first generating a public and private key pair and then installing just the public key on your Bukkit server.
On Windows
1. Download PuttyGen
2. Use PuttyGen to create a new public/private key pair. Here is a tutorial video.
- Make sure to set a key passphrase
- Make sure your key type is SSH-2 RSA
- Save the public key with your login name
- Save the private key in a secure location
3. Copy the public key to the authorized_keys directory in the SSHD plugin directory.
- Make sure the public key file name matches the user name you want to log in with. Remove the file extension.
On Linux/OS X
1. Check to see if you have an existing ssh key
- $ ls -al /.ssh
- If you get a directory not found error or an empty list, go to step 2, otherwise go to step 3
2. Create your SSH public/private key pair.
- $ ssh-keygen -t rsa
- - Press Enter to accept the default path (.ssh\id_rsa)
- - Set a passphrase
- $ eval "$(ssh-agent -s)"
- $ ssh-add /.ssh/id_rsa
3. Export your SSH public key in PEM format.
- $ ssh-keygen -ef /.ssh/id_rsa > your_username
- replace your_username with your Minecraft login name
4. Copy the your_username file to the authorized_keys directory in the SSHD plugin directory.
Commands
None - just install and go.
Permissions
None - SSHD uses cryptographic certificates or a secure username and password to verify remote access.
Source Code
Metrics
This plugin utilizes Hidendra's plugin metrics system. the following information is collected and sent to mcstats.org unless opted out:
- A unique identifier
- The server's version of Java
- Whether the server is in offline or online mode
- Plugin's version
- Server's version
- OS version/name and architecture
- core count for the CPU
- Number of players online
- Metrics version
Opting out of this service can be done by editing plugins/Plugin Metrics/config.yml and changing opt-out to true.
can someone tell me how to change the timeout for the ssh session?
In reply to collinator2483163:
In reply to toxuin:
Can somebody forward me to a working version of this with Spigot 1.8.8? Bukkit never died, its a shame this plugin was abaondened.
In reply to GodsDead:
In reply to Haarolean:
Why don't you change to Spigot?
@ThisUsernameIsMine
I've heard that from another user, but couldn't replicate myself. I'll look into fixing the problem in the next release.
Not sure if this is a bug, but i had an active SSH session but stopped the server without ending/exiting the session/program, and the server locked up at "[SSHD] Disabling SSHD v1.2".
@deltahat
Sigh.. i have now :D (tyvm)
@ThisUsernameIsMine
The public key goes in authorized_keys. Did you instruct Putty to present your private key? http://www.howtoforge.com/ssh_key_based_logins_putty_p3
@deltahat
public key
But i noticed the key was in "authorized_keys" whereas the commenting in config.yml stated "authorized_users".
Yet, moving the file to the other dir doesn't change anything.
@ThisUsernameIsMine
Are you trying to use password or public key authentication?
When tying to authenticate using PuTTY, it keeps showing:
Further authentication required
SSH server: Password authentication
Using keyboard-interactive authentication.
Password:
under SpigotMC 1.7.10 #1622 =(
@CyberGod101
Approved
@CyberGod101
I've added specific interface binding in version 1.2 (awaiting approval). I tried reproducing the server shutdown problem but was unable to reproduce it.
Okay, got that one working now, alltho its not a good behavior to just bind to all interfaces, as it blocks ports unnecessary on those interfaces. have to block them via firewall to prevent access over certain ips, oh well.
Found another problem tho. When the Server shuts down and somebody is still logged in via SSHD Plugin, then he doesnt get kicked like i expected. Instead the Shutdown process gets blocked, effectivly blocking restart scripts etc, since the Server is unable to shutdown.
@CyberGod101
Interesting. Reviewing the source code for the SSH library I am using, the plugin should be binding to all available interfaces. Is this not the case?
I just tested locally and the plugin seems to bind to the IPv4 loopback, IPv6 loopback, IPv4 public address, and IPv6 public address.
Problem: Cant use this on a Bungee setup when the MC Servers are running localhost, as you cant set what ip the plugin listens on, only the port, so plugin listens on localhost:port that is not accessable from outside.
@nbagf
I looked into a whitelist, but realized it won't solve the spam problem. You should really install a firewall on your server and block requests at the transport level instead of the application level.