SSH Connection Setup: Difference between revisions

From WikiMLT
VisualWikitext
Line 40: Line 40:
=== Copy The Public Key to the Remote host ===
=== Copy The Public Key to the Remote host ===
We need to copy the content of the generated public key - <code>id_ed25519.pub</code>, - to the remote hosts user's <code>~/.ssh/authorized_keys</code> file. This could be done in various ways, but if you cold login to the remote in some way - i.e. with password authentication, the most easiest way is to use the command <code>ssh-copy-id</code>, which is a part of the <code>openssh-client</code> package and is already installed.<syntaxhighlight lang="shell" line="1" class="mlw-continue">
We need to copy the content of the generated public key - <code>id_ed25519.pub</code>, - to the remote hosts user's <code>~/.ssh/authorized_keys</code> file. This could be done in various ways, but if you cold login to the remote in some way - i.e. with password authentication, the most easiest way is to use the command <code>ssh-copy-id</code>, which is a part of the <code>openssh-client</code> package and is already installed.<syntaxhighlight lang="shell" line="1" class="mlw-continue">
ssh-copy-id -p 22 -i ~/.ssh/access-szs.space/id_ed25519 pa4080@172.16.1.201
ssh-copy-id -p 22 -i ~/.ssh/access-remote.host.name/id_ed25519 <user>@<ip.address-or-host.name>
</syntaxhighlight>
<syntaxhighlight lang="terraform">
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/<user>/.ssh/<access-remote.host.name>/id_ed25519.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
<user>@<ip.address-or-host.name>'s password:
 
Number of key(s) added: 1
 
Now try logging into the machine, with:  "ssh -p '22' '<user>@<ip.address-or-host.name>'"
and check to make sure that only the key(s) you wanted were added.
 
</syntaxhighlight>
</syntaxhighlight>
== References ==
== References ==

Revision as of 17:54, 5 September 2022

Lin­ux Serv­er
Lin­ux Desk­top

In­stall SSH Serv­er and Client

The SSH client is the soft­ware that makes an SSH con­nec­tion to a re­mote in­stance. The SSH serv­er is the soft­ware that ac­cepts the con­nec­tion no the re­mote in­stance. In case we don't need to con­nect to the client in­stance – i.e. it is lap­top, we do not neet to in­stall the serv­er.

sudo apt install openssh-server openssh-client

When the serv­er is in­stalled its ser­vice is au­to­mat­i­cal­ly en­abled and start­ed, so if we have in­stalled both pack­ages above, we can test whether it is op­er­a­tional by an SSH to the loop-back in­ter­face.

sudo apt install openssh-server openssh-client

By de­fault with­in the SSH server's con­fig­u­ra­tion the pass­word lo­gin is en­abled. It is much safer to use key based au­then­ti­ca­tion and once it is set­up and op­er­a­tional we can safe­ly dis­able the pass­word au­then­ti­ca­tion.

Set­up Key Based Au­then­ti­ca­tion

First we need to gen­er­ate SSH key pair . This should be done at the client's side. It is prefer­able to use ED25519 based key, be­cause it is more se­cure and al­so it is faster be­cause is much short­en es­pe­cial­ly than 4096 bit RSA key.

#Ref­er­ences

Gen­er­ate SSH Key Pair

To gen­er­ate pub­lic and pri­vate SSH keys with­in your user's ~/.ssh di­rec­to­ry use the fol­low­ing com­mands. 

mkdir -m700 ~/.ssh/access-remote.host.name
ssh-keygen -t ed25519 -C 'your@email.com' -f ~/.ssh/access-remote.host.name/id_ed25519

ls -la ~/.ssh/access-remote.host.name

total 16
drwx------  2 <user> <user> 4096 Jul 20 21:36 .
drwx------ 12 <user> <user> 4096 Jul 20 21:28 ..
-rw-------  1 <user> <user> 3381 Jul 20 21:36 id_ed25519
-rw-r--r--  1 <user> <user>  742 Jul 20 21:36 id_ed25519.pub
  • You can add a passphrase to pro­tect your pri­vate key in case it be­come stolen, oth­er­wise leave it emp­ty. You will need to en­ter the passphrase each tine the pri­vate key is used.
  • Is's not manda­to­ry to en­ter a re­al email ad­dress.

Copy The Pub­lic Key to the Re­mote host

We need to copy the con­tent of the gen­er­at­ed pub­lic key – id_ed25519.pub, – to the re­mote hosts user's ~/.ssh/authorized_keys file. This could be done in var­i­ous ways, but if you cold lo­gin to the re­mote in some way – i.e. with pass­word au­then­ti­ca­tion, the most eas­i­est way is to use the com­mand ssh-copy-id, which is a part of the openssh-client pack­age and is al­ready in­stalled.

ssh-copy-id -p 22 -i ~/.ssh/access-remote.host.name/id_ed25519 <user>@<ip.address-or-host.name>

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/<user>/.ssh/<access-remote.host.name>/id_ed25519.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
<user>@<ip.address-or-host.name>'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh -p '22' '<user>@<ip.address-or-host.name>'"
and check to make sure that only the key(s) you wanted were added.

Ref­er­ences


Retrieved from "https://wiki.metalevel.tech/index.php?title=SSH_Connection_Setup&oldid=31165"