Ssh

SSH (the Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It’s the most popular way to access a remote Linux or BSD server, although SSH also works on Windows. It is intended to provide secure encrypted communications between two untrusted hosts over an insecure network.

On the server, you have an SSH daemon that is constantly listening to a specific TCP/IP port for possible client connection requests. Once a client initiates a connection, the SSH daemon will respond and the two machines will exchange their identification data. Once a connection is established, your command prompt will change from user@host on your local machine to remote-user@remote-host. The commands you enter will now affect the remote machine rather than your local machine.

• You need the openssh-server (Ubuntu) package installed on the machine that acts as the server (the remote machine).
• You need the openssh-client (Ubuntu) package installed on the machine that acts as the client (your local computer).
• On Arch Linux, just install the openssh package. It has both the server and client functionality.

• sudo systemctl status ssh (it should read active)
• If it’s not running, then: sudo systemctl enable –now ssh
• If using ufw (the uncomplicated firewall): sudo ufw allow ssh NOTE: It is very important not to disable SSH on the remote machine if that is your only way into it.

• Stop SSH with: sudo systemctl stop ssh
• Start SSH with: sudo systemctl start ssh
• Disable SSH with: sudo systemctl disable ssh NOTE: This will not disable current session but it will prevent you from logging into the machine in the future. It is very important not to disable SSH on the remote machine if that is your only way into it.

• Create key pair on client machine: ssh-keygen -t ed25519
• Enter file in which to save the key (home/sammy.ssh/id_ed25519): Go with default name or change it if you wish.
• Enter passphrase (empty for no passphrase): Up to you to do this or not, but it’s strongly recommended.

NOTE: Should a private key with no passphrase fall into an unauthorized user’s possession, they will be able to log in to any server you’ve configured with the associated public key.

• Copy public key to server: ssh-copy-id sammy@your_server_address You can copy the public key into the server’s authorized_keys file with the ssh-copy-id command. Once the command completes, you will be able to log into the server via SSH without being prompted for a password. However, if you set a passphrase when creating your SSH key, you will be asked to enter the passphrase at that time. This is your local ssh client asking you to decrypt the private key, it is not the remote server asking for a password.

• sudo vim /etc/ssh/sshd_config
• PasswordAuthentication no (also make sure line isn’t commented with a #)
• sudo systemctl reload sshd (to put config changes into effect)

Warning: before you disable password-based authentication, be certain you can successfully log onto the server with your SSH key, and that there are no other users on the server using passwords to log in.

• sudo vim /etc/ssh/sshd_config
• PermitRootLogin no
• AllowUsers derek (or whatever user name)

Copyright © 2020-2021 Derek Taylor (DistroTube)

This page is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License (CC-BY-ND 4.0).

The source code for distro.tube can be found on GitLab. User-submitted contributions to the site are welcome, as long as the contributor agrees to license their submission with the CC-BY-ND 4.0 license.