SSH Connection Setup: Difference between revisions
Line 40: | Line 40: | ||
=== Copy The Public Key to the Remote host === | === Copy The Public Key to the Remote host === | ||
We need to copy the content of the generated public key - <code>id_ed25519.pub</code>, - to the remote hosts user's <code>~/.ssh/authorized_keys</code> file. This could be done in various ways, but if you cold login to the remote in some way - i.e. with password authentication, the most easiest way is to use the command <code>ssh-copy-id</code>, which is a part of the <code>openssh-client</code> package and is already installed.<syntaxhighlight lang="shell" line="1" class="mlw-continue"> | We need to copy the content of the generated public key - <code>id_ed25519.pub</code>, - to the remote hosts user's <code>~/.ssh/authorized_keys</code> file. This could be done in various ways, but if you cold login to the remote in some way - i.e. with password authentication, the most easiest way is to use the command <code>ssh-copy-id</code>, which is a part of the <code>openssh-client</code> package and is already installed.<syntaxhighlight lang="shell" line="1" class="mlw-continue"> | ||
ssh-copy-id -p 22 -i ~/.ssh/access- | ssh-copy-id -p 22 -i ~/.ssh/access-remote.host.name/id_ed25519 <user>@<ip.address-or-host.name> | ||
</syntaxhighlight> | |||
<syntaxhighlight lang="terraform"> | |||
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/<user>/.ssh/<access-remote.host.name>/id_ed25519.pub" | |||
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed | |||
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys | |||
<user>@<ip.address-or-host.name>'s password: | |||
Number of key(s) added: 1 | |||
Now try logging into the machine, with: "ssh -p '22' '<user>@<ip.address-or-host.name>'" | |||
and check to make sure that only the key(s) you wanted were added. | |||
</syntaxhighlight> | </syntaxhighlight> | ||
== References == | == References == |
Revision as of 16:54, 5 September 2022
Install SSH Server and Client
The SSH client is the software that makes an SSH connection to a remote instance. The SSH server is the software that accepts the connection no the remote instance. In case we don't need to connect to the client instance – i.e. it is laptop, we do not neet to install the server.
sudo apt install openssh-server openssh-client
When the server is installed its service is automatically enabled and started, so if we have installed both packages above, we can test whether it is operational by an SSH to the loop-back interface.
sudo apt install openssh-server openssh-client
By default within the SSH server's configuration the password login is enabled. It is much safer to use key based authentication and once it is setup and operational we can safely disable the password authentication.
Setup Key Based Authentication
First we need to generate SSH key pair . This should be done at the client's side. It is preferable to use ED25519 based key, because it is more secure and also it is faster because is much shorten especially than 4096 bit RSA key.
Generate SSH Key Pair
To generate public and private SSH keys within your user's ~/.ssh
directory use the following commands.
mkdir -m700 ~/.ssh/access-remote.host.name
ssh-keygen -t ed25519 -C 'your@email.com' -f ~/.ssh/access-remote.host.name/id_ed25519
ls -la ~/.ssh/access-remote.host.name
total 16
drwx------ 2 <user> <user> 4096 Jul 20 21:36 .
drwx------ 12 <user> <user> 4096 Jul 20 21:28 ..
-rw------- 1 <user> <user> 3381 Jul 20 21:36 id_ed25519
-rw-r--r-- 1 <user> <user> 742 Jul 20 21:36 id_ed25519.pub
- You can add a passphrase to protect your private key in case it become stolen, otherwise leave it empty. You will need to enter the passphrase each tine the private key is used.
- Is's not mandatory to enter a real email address.
Copy The Public Key to the Remote host
We need to copy the content of the generated public key – id_ed25519.pub
, – to the remote hosts user's ~/.ssh/authorized_keys
file. This could be done in various ways, but if you cold login to the remote in some way – i.e. with password authentication, the most easiest way is to use the command ssh-copy-id
, which is a part of the openssh-client
package and is already installed.
ssh-copy-id -p 22 -i ~/.ssh/access-remote.host.name/id_ed25519 <user>@<ip.address-or-host.name>
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/<user>/.ssh/<access-remote.host.name>/id_ed25519.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
<user>@<ip.address-or-host.name>'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -p '22' '<user>@<ip.address-or-host.name>'"
and check to make sure that only the key(s) you wanted were added.
References
- …
- …