DIY/wiki
2
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
wiki/pages/en/server/services/ssh.txt

130 lines
No EOL
3.2 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

====== OpenSSH ======
OpenSSH (also known as OpenBSD Secure Shell) is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a clientserver architecture.
OpenSSH started as a fork of the free SSH program developed by Tatu Ylönen; later versions of Ylönen's SSH were proprietary software offered by SSH Communications Security. OpenSSH was first released in 1999 and is currently developed as part of the OpenBSD operating system.
OpenSSH is not a single computer program, but rather a suite of programs that serve as alternatives to unencrypted protocols like Telnet and FTP. OpenSSH is integrated into several operating systems, namely Microsoft Windows, macOS and most Linux operating systems, while the portable version is available as a package in other systems.
===== Package =====
<code>
pacman -S openssh
</code>
===== Start/restart =====
<code>
systemctl enable --now sshd.service
</code>
<alert type="info" icon="fa fa-info">Any change to ''/etc/ssh/sshd_config'' requires a restart of the service. Keep that in mind.</alert>
<code>
systemctl restart sshd.service
</code>
===== Allow root and password authentication =====
If you need quick access, for example to set up your server.
<code>
nano /etc/ssh/sshd_config
</code>
<code>
Port 22
PermitRootLogin yes
PasswordAuthentication yes
</code>
===== SSH key =====
This is not only more secure, it also simplifies the connection to the server without having to enter the password every time.
==== Config - server ====
<code>
nano /etc/ssh/sshd_config
</code>
<code>
Port 22
HostKey /etc/ssh/ssh_host_ed25519_key
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
</code>
==== Create key - desktop ====
Whether you want to use a passphrase or not, depends on how you want to use your infrastructure and whether you want/need an additional layer of security. For example, keepassxc can handle passphrases and add the key to the ssh agent for automatic connections.
<code>
ssh-keygen -t ed25519
</code>
Copy the content of ''id_ed25519.pub'' for your server.
<code>
cat ~/.ssh/id_ed25519.pub
</code>
=== Add host - desktop ===
Change ''$USER''.
<code>
nano .ssh/config
</code>
<code>
Host server
HostName 192.168.1.1
Port 22
User $USER
IdentitiesOnly yes
IdentityFile "~/.ssh/id_ed25519"
</code>
=== Add pub key - server ===
Paste the content of ''id_ed25519.pub'' in ''authorized_keys''.
<code>
cd
mkdir .ssh
chmod 700 .ssh
touch .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
nano .ssh/authorized_keys
</code>
==== SSH-agent - desktop ====
<code>
mkdir -p ~/.config/systemd/user/
nano ~/.config/systemd/user/ssh-agent.service
</code>
<code>
[Unit]
Description=SSH key agent
[Service]
Type=simple
Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket
ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK
[Install]
WantedBy=default.target
</code>
<code>
systemctl --user enable ~/.config/systemd/user/ssh-agent.service
systemctl --user start ssh-agent.service
</code>
<alert type="info" icon="fa fa-info-circle">Reboot might be necessary if Keepassxc get's an error like "No agent running, cannot add identity".</alert>
Reference in a new issue View git blame Copy permalink