SSH Connection Setup: Difference between revisions

From WikiMLT
Browse history interactively
← Older editNewer edit →
VisualWikitext
Spas (talk | contribs)
Image-reviewer, Public, Bots, Bureaucrats, Check users, Structured Discussions bots, Interface administrators, Oversighters, smwadministrator, smwcurator, Suppressors, Administrators, translator, Upload Wizard campaign editors, widgeteditor
31,240 edits
mNo edit summary
Spas (talk | contribs)
Image-reviewer, Public, Bots, Bureaucrats, Check users, Structured Discussions bots, Interface administrators, Oversighters, smwadministrator, smwcurator, Suppressors, Administrators, translator, Upload Wizard campaign editors, widgeteditor
31,240 edits
Line 23: Line 23:
<syntaxhighlight lang="shell" line="1" class="mlw-continue">
<syntaxhighlight lang="shell" line="1" class="mlw-continue">
mkdir -m700 ~/.ssh/access-remote.host.name
mkdir -m700 ~/.ssh/access-remote.host.name
ssh-keygen -t ed25519 -C 'sshfwd@local.host' -f ~/.ssh/access-remote.host.name/id_ed25519
ssh-keygen -t ed25519 -C 'your@email.com' -f ~/.ssh/access-remote.host.name/id_ed25519
</syntaxhighlight>
</syntaxhighlight>
<syntaxhighlight lang="shell" line="1" class="mlw-shell-gray">
<syntaxhighlight lang="shell" line="1" class="mlw-shell-gray">
Line 36: Line 36:
</syntaxhighlight>  
</syntaxhighlight>  
*You can add a passphrase to protect your private key in case it become stolen, otherwise leave it empty. You will need to enter the passphrase each tine the private key is used.  
*You can add a passphrase to protect your private key in case it become stolen, otherwise leave it empty. You will need to enter the passphrase each tine the private key is used.  
*Is's not mandatory to enter a real email address.


=== Copy The Public Key to the Remote host ===
=== Copy The Public Key to the Remote host ===
We need to copy the content of the generated public key - <code>id_ed25519.pub</code>, - to the remote hosts user's <code>~/.ssh/authorized_keys</code> file. This could be done in various ways, but if you cold login to the remote in some way - i.e. with password authentication, the most easiest way is to use the command `ssh-copy-id, which is a part of the <code>openssh-client</code> package and is already installed.
We need to copy the content of the generated public key - <code>id_ed25519.pub</code>, - to the remote hosts user's <code>~/.ssh/authorized_keys</code> file. This could be done in various ways, but if you cold login to the remote in some way - i.e. with password authentication, the most easiest way is to use the command <code>ssh-copy-id</code>, which is a part of the <code>openssh-client</code> package and is already installed.<syntaxhighlight lang="shell" line="1" class="mlw-continue">
 
ssh-copy-id -p 22 -i ~/.ssh/access-szs.space/id_ed25519 pa4080@172.16.1.201
</syntaxhighlight>
== References ==
== References ==
* ...
* ...

Revision as of 16:26, 5 September 2022

Lin­ux Serv­er
Lin­ux Desk­top

In­stall SSH Serv­er and Client

The SSH client is the soft­ware that makes an SSH con­nec­tion to a re­mote in­stance. The SSH serv­er is the soft­ware that ac­cepts the con­nec­tion no the re­mote in­stance. In case we don't need to con­nect to the client in­stance – i.e. it is lap­top, we do not neet to in­stall the serv­er.

sudo apt install openssh-server openssh-client

When the serv­er is in­stalled its ser­vice is au­to­mat­i­cal­ly en­abled and start­ed, so if we have in­stalled both pack­ages above, we can test whether it is op­er­a­tional by an SSH to the loop-back in­ter­face.

sudo apt install openssh-server openssh-client

By de­fault with­in the SSH server's con­fig­u­ra­tion the pass­word lo­gin is en­abled. It is much safer to use key based au­then­ti­ca­tion and once it is set­up and op­er­a­tional we can safe­ly dis­able the pass­word au­then­ti­ca­tion.

Set­up Key Based Au­then­ti­ca­tion

First we need to gen­er­ate SSH key pair . This should be done at the client's side. It is prefer­able to use ED25519 based key, be­cause it is more se­cure and al­so it is faster be­cause is much short­en es­pe­cial­ly than 4096 bit RSA key.

#Ref­er­ences

Gen­er­ate SSH Key Pair

To gen­er­ate pub­lic and pri­vate SSH keys with­in your user's ~/.ssh di­rec­to­ry use the fol­low­ing com­mands. 

mkdir -m700 ~/.ssh/access-remote.host.name
ssh-keygen -t ed25519 -C 'your@email.com' -f ~/.ssh/access-remote.host.name/id_ed25519

ls -la ~/.ssh/access-remote.host.name

total 16
drwx------  2 <user> <user> 4096 Jul 20 21:36 .
drwx------ 12 <user> <user> 4096 Jul 20 21:28 ..
-rw-------  1 <user> <user> 3381 Jul 20 21:36 id_ed25519
-rw-r--r--  1 <user> <user>  742 Jul 20 21:36 id_ed25519.pub
  • You can add a passphrase to pro­tect your pri­vate key in case it be­come stolen, oth­er­wise leave it emp­ty. You will need to en­ter the passphrase each tine the pri­vate key is used.
  • Is's not manda­to­ry to en­ter a re­al email ad­dress.

Copy The Pub­lic Key to the Re­mote host

We need to copy the con­tent of the gen­er­at­ed pub­lic key – id_ed25519.pub, – to the re­mote hosts user's ~/.ssh/authorized_keys file. This could be done in var­i­ous ways, but if you cold lo­gin to the re­mote in some way – i.e. with pass­word au­then­ti­ca­tion, the most eas­i­est way is to use the com­mand ssh-copy-id, which is a part of the openssh-client pack­age and is al­ready in­stalled.

ssh-copy-id -p 22 -i ~/.ssh/access-szs.space/id_ed25519 pa4080@172.16.1.201

Ref­er­ences


Retrieved from "https://wiki.metalevel.tech/index.php?title=SSH_Connection_Setup&oldid=31164"