Installing SSH on the HP Digital Entertainment Center

SSH provides a secure shell for accessing a server and is a common replacement for rsh, rlogin, or telnet. The benefit of SSH is that it encrypts the network communication between the client and the server, so traffic such as passwords are not transmitted over a network in clear text. This is especially useful if you're remotely managing your DEC from across the Internet. OpenSSH is a common SSH package for Linux. Installation is fairly straightforward and will be described here.

Please note: these instructions describe the installation of an older version of OpenSSH (v2.5.2), which contains known vulnerabilities. (Of course, so does telnet.) Use at your own risk.

Instructions:

1. Unlock the DEC
   As with almost any hacking to the DEC, the first thing you'll need to do is unlock the DEC.
2. Download the RPMs
   You'll need to download the following RPMs and move them to the DEC. The openssh-clients RPM is not required if you don't want an SSH client on the DEC, but I find it useful (you may right click on the RPM files and 'save link as' or the server may not download them properly):
   • openssl-0.9.5a-8mdk.i586.rpm
   • openssh-2.5.2p2-1.6mdk.i586.rpm
   • openssh-server-2.5.2p2-1.6mdk.i586.rpm
   • (optional) openssh-clients-2.5.2p2-1.6mdk.i586.rpm
3. Install the RPMs
   In the same order, install each of the RPMs:
   • rpm --install openssl-0.9.5a-8mdk.i386.rpm
   • rpm --install openssh-2.5.2p2-1.6mdk.i586.rpm
   • rpm --install openssh-server-2.5.2p2-1.6mdk.i586.rpm
   • (optional) rpm --install openssh-clients-2.5.2p2-1.6mdk.i586.rpm
4. Configure the SSH daemon to start on system boot
   The RPMs place the SSH daemon startup script in the standard Linux rc.d startup directories. Unfortunately, the DEC uses its own location for startup scripts, so we'll need to update this configuration manually.
   1. Change to the DEC startup directory: cd /etc/rc.d/rcb5.d
   2. Create a symbolic link to the sshd startup script: ln -s ../init.d/sshd S55sshd
5. Start the SSH server
   Now that everything is installed and configured, the SSH server can be started. Execute the command /etc/rc.d/init.d/sshd start. A few keys should be generated and the SSH server should start. (You may prefer to reboot the DEC, just to be sure the startup configuration works properly: shutdown -r 0)
6. Verify the SSH server is working properly
   You should now be able to SSH to your DEC. If you're using Linux, SSH should be included in the base installation... just execute the command ssh <IP_Address_of_your_DEC>. If you're using Windows, putty is likely to be the best choice for an SSH client.
7. (Optional) Disable Telnet access
   Before proceeding, make sure that you can SSH into your DEC! (I would recommend rebooting the DEC to make sure the startup configuration is working properly: shutdown -r 0) The following steps will disable telnet, the only other remote management access to your DEC. Although it is not required, it is highly recommended that you disable telnet in order to make your DEC more secure. This is simply a matter of updating the xinetd configuration and restarting xinetd. Preferably these steps should be completed through your SSH connection, to avoid your connection being dropped:
   1. Change to the /etc directory: cd /etc
   2. Remove the existing symbolic link, which points to the configuration with telnet enabled: rm xinetd.conf
   3. Create a new symoblic link, which points to the configuration with telnet disabled: ln -s xinetd.conf.noTelnet xinetd.conf
   4. Restart xinetd: /etc/rc.d/init.d/xinetd restart
8. You're done!
   That's all there is to it! You now have a more secure DEC at your disposal.