Trace:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
deb9:ssh [2021/07/21 00:34] – [Linux Host] Bernard Condraudeb9:ssh [2024/11/14 14:01] (current) – [Settings] Bernard Condrau
Line 1: Line 1:
 ====== SSH Client and Server ====== ====== SSH Client and Server ======
 To login to any machine with SSH, you need to install the ssh server. The client is installed on Debian by default. Terminology used is "Server" for the remote machine to get access to, and "Host" for the local machine which needs access to a server. This guide was updated 8<sup>th</sup> August 2020. To login to any machine with SSH, you need to install the ssh server. The client is installed on Debian by default. Terminology used is "Server" for the remote machine to get access to, and "Host" for the local machine which needs access to a server. This guide was updated 8<sup>th</sup> August 2020.
 +
 +<color red>Need to update: Iapetus, Pandora</color>
  
 ===== Linux Server ===== ===== Linux Server =====
Line 12: Line 14:
 PasswordAuthentication no PasswordAuthentication no
 PermitEmptyPasswords no PermitEmptyPasswords no
-PermitRootLogin no</code>+PermitRootLogin without-password</code>
   * If you want to allow ssh root access from a regular user on the same host, or from another host (e.g. BackupPC), add the following lines to the end of sshd_config:<code>Match Address my.host.subnet.ip   * If you want to allow ssh root access from a regular user on the same host, or from another host (e.g. BackupPC), add the following lines to the end of sshd_config:<code>Match Address my.host.subnet.ip
   PermitRootLogin without-password</code>   PermitRootLogin without-password</code>
Line 20: Line 22:
 PrintLastLog yes PrintLastLog yes
 TCPKeepAlive yes</code> TCPKeepAlive yes</code>
-  * Restart the SSH server:<code>sudo /etc/init.d/ssh restart</code>+  * Restart the SSH server:<code>sudo service ssh restart</code>
  
 ===== Linux Host ===== ===== Linux Host =====
Line 43: Line 45:
     * **Save public key** and **Save private key**     * **Save public key** and **Save private key**
  
 +===== Access through Relais Hosts =====
 +I have machines in a location without fixed IP address, and where external access is only possible through a relais host.
 +  * Avoid SSH disconnects after inacitivity by adding the following to ''sshd_config'' of each machine which need to be accessed.<code>ClientAliveInterval 300
 +ClientAliveCountMax 2</code>
 +  * Alternatively, add the following lines to ''ssh_config'' of each client, or set the keep alive setting in PuTTY.<code>Host *
 +  ServerAliveInterval 300
 +  ServerAliveCountMax 2</code>
 +  * I have restricted SSH access to machines with known IP addresses, so find from where (relais machine) you connect through SSH<code>$ who</code>
 +  * Add or modify the restriction to your ''authorized_keys'' file<code>restrict,from="aaa.bbb.ccc.ddd,eee.fff/16"</code>
 +  * See [[deb10:backuppc|BackupPC]] how to setup a BackupPC host behind a relais host
 +==== Links ====
 +  * [[https://patrickmn.com/aside/how-to-keep-alive-ssh-sessions/#:~:text=On%20Linux%20(ssh)&text=These%20settings%20will%20make%20the,to%20have%20been%20discarded%20anyway.|How to Keep Alive SSH Sessions]]
 +  * [[https://superuser.com/questions/1272875/relay-two-ssh-connections-together|Relay two SSH connections together]]
 +  * [[https://www.thethingsnetwork.org/docs/gateways/kerlink/reverse-ssh/|Reverse SSH]]
 +  * [[http://man.openbsd.org/sshd_config#:~:text=The%20client%20alive%20mechanism%20is,disconnected%20after%20approximately%2045%20seconds.|sshd_config — OpenSSH daemon configuration file]]
 +===== Copy file from remote host =====
 +  * ''$ rsync -a -e "ssh -p 50922" --info=progress2 bco@192.168.1.13:/home/bco/site-backup/site*.zip /home/bco/''
 +  * [[https://linuxize.com/post/how-to-transfer-files-with-rsync-over-ssh/|How to Transfer Files with Rsync over SSH]]
 ===== X Client ===== ===== X Client =====
 ==== Debian ==== ==== Debian ====

Know How

© 2007-2024 Bernard Condrau - Powered by DokuWiki