I was wondering how to configure my machine so that I can login
thru something like putty or SSH. Is it possible to configure it so I can
pass commands thru bash. Since my machine is multi-user would it matter if somebody is logged into their account as long as it isn't mine. Since I am root is it wise to log into my root account or my unprivileged account and then if I have to do administrative work use sudo

You should never directly log into a machine via the root account, as there is a possibility that the root credentials can be sniffed. This is even true of older implementations of SSH (which you might unknowingly use, if the client and or server is misconfigured).

You should be using sudo whenever possible, both remotely and locally.

As for multiple users logged into the machine at once, that is no problem at all. It is what Unix operating systems were designed for from the start.

Enabling SSH would vary depending on which OS/distro we are actually talking about here (I see you use Linux as well as BSD).

Well, the ssh pkg comes a std on Linux, so its prob already installed.
Just turn off remote logins for root and instead login as yourself, then use sudo or 'su -' to get to root.

in your /etc/ssh/sshd_config file

Protocol 2
PermitRootLogin no

Only use root acct for tasks that require root privs. Do all normal work as your unpriv user acct.
Remote or local logins are effectively the same for each user, so you don't need to differentiate them.

I think that I will use my Linux installation for this(I might try BSD later). I kinda knewnot to log into my root account but I am a noob when it comes to remote login. I knew of Linux's Multitasking abilities but I was wondering if there would be a noticeable speed loss for the user at the machine as well as the one using remote login. I gather that it should be no problem setting up SSH, I was wondering if anybody had any tips or tricks to help me

Thanks for helping a idiot(me)

John

I'd recommend using public key authentication.

First read through the manpages for sshd and sshd_config.
Also read through the /etc/sshd_config file. It should be well commented explaining which settings you want:

For a secure ssh setup check these setting for public key authentication:
Some people also change the default port number. This can reduce the noise from script kiddie brute force attacks.
The "AllowUsers" list will deny all other users including system users.

Make sure the $HOME and $HOME/.ssh/ directories are not world readable (including users added using setfacl). This is true for the public keys as well.

Use a good ssh passphrase. You can add a "from=" entry to the public key on the server. That way if you lost your keys, a hacker couldn't use them unless they also spoofed your IP address. However this will only work if you give a subnet range, or have a fixed IP address. The sshd manpage has more info on this field. Using a good passphrase should protect the key as well.

Consider using ssh-agent and ssh-add before logging in. This way you only need to enter the passphrase once per session:

If you use putty from Windows on the client machine, their keygen.exe program lets you load in your key. An openssh pubic key is displayed near the top of the window. So you can use public key authentication using windows as well. Although, I would install Cygwin/X instead. Using Cygwin/X, you would configure the same openssh client and you could run graphical programs remotely as well.

I have reviewed all of your suggestions and I was lost from the moment
I read the first sentence. I am using ubuntu as the SSH Server and
I want it to be secure as possible.Is there is a way to do this simply
and still have security?

"Wiz," it will be necessary for you move beyond "lost" and learn some new stuff about how to do this... but, really, it's not that hard and the Internet is actually stuffed with good information about it.

Basically, here's some "common-sense food for thought," that ought to help you move in the right direction...

First of all, you want to make sure that the only way to log in to the box is through ssh, a "secure shell" that encrypts traffic.

Next, you really don't want people being able to log on to 'root' directly... so you configure ssh never to allow direct logins to that account.

Next, you don't want "just anyone" plinking away at your system, firing username/password combinations at it... even through ssh. You want them to have to identify themselves in a way that is basically un-forgeable... and that's called "digital certificates." (Think of 'em as identification-badges.)

Also, since ssh will fall-back to easier-and-easier authentication mechanisms by-default, you'll set things up so that it won't actually ever fall-back to "password authentication."

The nice thing about digital certificates is the very same nice-thing that we say for badges: if someone gets fired, say, their digital certificate can be made to drop-dead. Conversely, unless someone "gets hired," he never gets a certificate... and therefore he simply can't get anywhere-near the point of actually logging in.

The lines I included where the ones that I changed in the default /etc/ssh/sshd_config file. Although the "UsePam=Yes" line is the same, the other changes disable user/password authentication, so PAM is just used to check that the account exists and enforces limits on the user.

You create a key pair on the client machine using the "ssh-keygen" program. This creates a public and a private key in ~/.ssh/. If you generate an RSA key pair they will be called ~/.ssh/rsa_id and ~/.ssh_id.pub. The ~/.ssh_id.pub is the public key.

Here is a sample public key (id_rsa.pub) that I generated for this post. The ssh-keygen program asked for a keyphrase which I included as well. This keyphrase will scramble the private key so that it can only be unlocked and useable after entering the keyphrase. You will be prompted for it at the client when you use ssh to connect to any server.

In my case I would log into a server named "hpmedia". So I need to log into hpmedia and add this key (id_rsa.pub) to the authorized keys file:
Notice that at the end of the public key is the name of the user and the hostname of the client.

Next I would edit the /etc/ssh/sshd_config file on the server (hpmedia) and make the changes I listed in my last post. Then I would restart the sshd daemon on the server.

---

If your client is a windows machine, I would recommend installing Cygwin/X. This will install an X server and a bare bones unix like system that can run Linux scripts, console programs and the fvwm2 windows manager. Using this you can run gui programs remotely on the server and have them displayed on your local X server display.

Another option is to use putty. Putty has a puttygen.exe ( I got the name wrong in the last message ) program. You can use this program to run a keypair in putty. The files will have a .ppk extension. You can use this program to generate a private and public key pair in windows and then save the key. If you already have a key pair generated you can click on "Load Private Key". There is a line at the top of the dialog that says:
Public key for pasting into OpenSSH authorized_keys file:

The public key is displayed. Highlight and copy the public key and save it into a scrap file. Add that key to the end of the ~/.ssh/authorized_keys file on the server.

---

Now when you log in from your client (such as a laptop) to the server (the Ubuntu server), The client (laptop) will use it's private key (~/.ssh/id_rsa) to send a message to the server. The server will only be able to decode this message by using the public key that you added to the ~/.ssh/authorized_keys file. Without the public key, the private key won't make any sense and the authentication will fail.

---

If you use a passphrase ( which I highly recommend ) you will need to enter the passphrase at the client to unlock the private key before using it. It can be a pain to do this every time you log in to a remote server. You can do this once using two programs, ssh-agent and ssh-add. You run this at the console before logging in, like this:

You will be prompted to the passphrase. It will be held securely in memory and used to unlock the private key everytime you log into an ssh server.

Suppose someone steals the files from your laptop! They now have your key pair (very bad). But because it is passphrase protected, they can't unlock the private key without your passphrase. The only way to unlock the private key is by brute force, trying different passphrases.

Good Luck!