Differences

This shows you the differences between two versions of the page.

--- deb9:ssh [2021/07/21 00:34] – [Linux Host] Bernard Condrau
+++ deb9:ssh [2025/11/08 14:09] (current) – [Settings] Bernard Condrau
@@ Line 1: / Line 1: @@
 ====== SSH Client and Server ======
 To login to any machine with SSH, you need to install the ssh server. The client is installed on Debian by default. Terminology used is "Server" for the remote machine to get access to, and "Host" for the local machine which needs access to a server. This guide was updated 8<sup>th</sup> August 2020.
+<color red>Need to update: Iapetus, Pandora</color>
 ===== Linux Server =====
@@ Line 7: / Line 9: @@
   * Do the same for Windows Subsystem for Linux on Windows 10
 ==== Settings ====
-  * Modify /etc/ssh/sshd_conf:<code>Port 22
+  * Modify /etc/ssh/sshd_config:<code>Port 22
 LoginGraceTime 20
 AuthorizedKeysFile .ssh/authorized_keys
 PasswordAuthentication no
 PermitEmptyPasswords no
-PermitRootLogin no</code>
+PermitRootLogin without-password</code>
   * If you want to allow ssh root access from a regular user on the same host, or from another host (e.g. BackupPC), add the following lines to the end of sshd_config:<code>Match Address my.host.subnet.ip
   PermitRootLogin without-password</code>
@@ Line 20: / Line 22: @@
 PrintLastLog yes
 TCPKeepAlive yes</code>
-  * Restart the SSH server:<code>sudo /etc/init.d/ssh restart</code>
+  * Restart the SSH server:<code>sudo service ssh restart</code>
 ===== Linux Host =====
@@ Line 43: / Line 45: @@
     * **Save public key** and **Save private key**
+===== Access through Relais Hosts =====
+I have machines in a location without fixed IP address, and where external access is only possible through a relais host.
+  * Avoid SSH disconnects after inacitivity by adding the following to ''sshd_config'' of each machine which need to be accessed.<code>ClientAliveInterval 300
+ClientAliveCountMax 2</code>
+  * Alternatively, add the following lines to ''ssh_config'' of each client, or set the keep alive setting in PuTTY.<code>Host *
+  ServerAliveInterval 300
+  ServerAliveCountMax 2</code>
+  * I have restricted SSH access to machines with known IP addresses, so find from where (relais machine) you connect through SSH<code>$ who</code>
+  * Add or modify the restriction to your ''authorized_keys'' file<code>restrict,from="aaa.bbb.ccc.ddd,eee.fff/16"</code>
+  * See [[deb10:backuppc|BackupPC]] how to setup a BackupPC host behind a relais host
+==== Links ====
+  * [[https://patrickmn.com/aside/how-to-keep-alive-ssh-sessions/#:~:text=On%20Linux%20(ssh)&text=These%20settings%20will%20make%20the,to%20have%20been%20discarded%20anyway.|How to Keep Alive SSH Sessions]]
+  * [[https://superuser.com/questions/1272875/relay-two-ssh-connections-together|Relay two SSH connections together]]
+  * [[https://www.thethingsnetwork.org/docs/gateways/kerlink/reverse-ssh/|Reverse SSH]]
+  * [[http://man.openbsd.org/sshd_config#:~:text=The%20client%20alive%20mechanism%20is,disconnected%20after%20approximately%2045%20seconds.|sshd_config — OpenSSH daemon configuration file]]
+===== Copy file from remote host =====
+  * ''$ rsync -a -e "ssh -p 50922" --info=progress2 bco@192.168.1.13:/home/bco/site-backup/site*.zip /home/bco/''
+  * [[https://linuxize.com/post/how-to-transfer-files-with-rsync-over-ssh/|How to Transfer Files with Rsync over SSH]]
 ===== X Client =====
 ==== Debian ====

Differences

Know How