Trace:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
deb9:ssh [2020/08/08 16:52] – [Links] Bernard Condraudeb9:ssh [2024/11/14 14:01] (current) – [Settings] Bernard Condrau
Line 1: Line 1:
 ====== SSH Client and Server ====== ====== SSH Client and Server ======
 To login to any machine with SSH, you need to install the ssh server. The client is installed on Debian by default. Terminology used is "Server" for the remote machine to get access to, and "Host" for the local machine which needs access to a server. This guide was updated 8<sup>th</sup> August 2020. To login to any machine with SSH, you need to install the ssh server. The client is installed on Debian by default. Terminology used is "Server" for the remote machine to get access to, and "Host" for the local machine which needs access to a server. This guide was updated 8<sup>th</sup> August 2020.
 +
 +<color red>Need to update: Iapetus, Pandora</color>
  
 ===== Linux Server ===== ===== Linux Server =====
Line 12: Line 14:
 PasswordAuthentication no PasswordAuthentication no
 PermitEmptyPasswords no PermitEmptyPasswords no
-PermitRootLogin no</code>+PermitRootLogin without-password</code>
   * If you want to allow ssh root access from a regular user on the same host, or from another host (e.g. BackupPC), add the following lines to the end of sshd_config:<code>Match Address my.host.subnet.ip   * If you want to allow ssh root access from a regular user on the same host, or from another host (e.g. BackupPC), add the following lines to the end of sshd_config:<code>Match Address my.host.subnet.ip
   PermitRootLogin without-password</code>   PermitRootLogin without-password</code>
Line 20: Line 22:
 PrintLastLog yes PrintLastLog yes
 TCPKeepAlive yes</code> TCPKeepAlive yes</code>
-  * Restart the SSH server:<code>sudo /etc/init.d/ssh restart</code>+  * Restart the SSH server:<code>sudo service ssh restart</code>
  
 ===== Linux Host ===== ===== Linux Host =====
-  * Run ssh-keygen with the following command to generate a key pair.<code>ssh-keygen  -t ecdsa -b 521</code>+  * Run ssh-keygen with the following command to generate a key pair.<code>ssh-keygen -t ecdsa -b 521</code>
   * Leave the password empty so you don't need to enter it every time when establishing a connection. Accept the defaults, which puts the generated key pair into ~/.ssh   * Leave the password empty so you don't need to enter it every time when establishing a connection. Accept the defaults, which puts the generated key pair into ~/.ssh
   * Copy the public key file (extension .pub) to all servers you need access to, then add the content of the file to the ~/.ssh/authorized_keys file   * Copy the public key file (extension .pub) to all servers you need access to, then add the content of the file to the ~/.ssh/authorized_keys file
Line 29: Line 31:
   * Observe permissions, folder .ssh, the private key file, and the authorized_keys file must have read/write permissions of the user only, all others must not have any access   * Observe permissions, folder .ssh, the private key file, and the authorized_keys file must have read/write permissions of the user only, all others must not have any access
  
 +[[https://superuser.com/questions/624720/how-much-data-does-ssh-typically-use|How much data does SSH typically use?]]
 ===== Windows Host ===== ===== Windows Host =====
-  * Run PuTTYgen to import or generate a key+  * Install [[https://www.putty.org/|PuTTY]] with the installer or as [[https://portableapps.com/apps/internet/putty_portable|PuTTY Portable]] app. Make sure to keep the installation updated. 
 +  * Run PuTTYgen to import or generate a key. Always use the updated version, which gets updated along with PuTTY.
   * If you have an existing key pair generated on a Linux Host, then do the following:   * If you have an existing key pair generated on a Linux Host, then do the following:
     * Select **Conversions -> Import key** in the menu     * Select **Conversions -> Import key** in the menu
Line 41: Line 45:
     * **Save public key** and **Save private key**     * **Save public key** and **Save private key**
  
 +===== Access through Relais Hosts =====
 +I have machines in a location without fixed IP address, and where external access is only possible through a relais host.
 +  * Avoid SSH disconnects after inacitivity by adding the following to ''sshd_config'' of each machine which need to be accessed.<code>ClientAliveInterval 300
 +ClientAliveCountMax 2</code>
 +  * Alternatively, add the following lines to ''ssh_config'' of each client, or set the keep alive setting in PuTTY.<code>Host *
 +  ServerAliveInterval 300
 +  ServerAliveCountMax 2</code>
 +  * I have restricted SSH access to machines with known IP addresses, so find from where (relais machine) you connect through SSH<code>$ who</code>
 +  * Add or modify the restriction to your ''authorized_keys'' file<code>restrict,from="aaa.bbb.ccc.ddd,eee.fff/16"</code>
 +  * See [[deb10:backuppc|BackupPC]] how to setup a BackupPC host behind a relais host
 +==== Links ====
 +  * [[https://patrickmn.com/aside/how-to-keep-alive-ssh-sessions/#:~:text=On%20Linux%20(ssh)&text=These%20settings%20will%20make%20the,to%20have%20been%20discarded%20anyway.|How to Keep Alive SSH Sessions]]
 +  * [[https://superuser.com/questions/1272875/relay-two-ssh-connections-together|Relay two SSH connections together]]
 +  * [[https://www.thethingsnetwork.org/docs/gateways/kerlink/reverse-ssh/|Reverse SSH]]
 +  * [[http://man.openbsd.org/sshd_config#:~:text=The%20client%20alive%20mechanism%20is,disconnected%20after%20approximately%2045%20seconds.|sshd_config — OpenSSH daemon configuration file]]
 +===== Copy file from remote host =====
 +  * ''$ rsync -a -e "ssh -p 50922" --info=progress2 bco@192.168.1.13:/home/bco/site-backup/site*.zip /home/bco/''
 +  * [[https://linuxize.com/post/how-to-transfer-files-with-rsync-over-ssh/|How to Transfer Files with Rsync over SSH]]
 ===== X Client ===== ===== X Client =====
 ==== Debian ==== ==== Debian ====

Know How

© 2007-2024 Bernard Condrau - Powered by DokuWiki