README.md 1.8 KB
Secure Shell (SSH)
Generate SSH key pair
$ ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "john@example.com"
Change private key permissions
$ chmod 600 ~/.ssh/id_ed25519
Client usage
To connect to a server, run:
$ ssh -p port user@server-address
port for default is 22
Copy SSH key
$ doas pacman -S xclip
$ xclip -sel clip < ~/.ssh/id_ed25519.pub
Configuration
The client can be configured to store common options and hosts. All options can be declared globally or restricted to specific hosts. For example:
$ nano -w ~/.ssh/config
# host-specific options
Host myserver
HostName ssh.heckyel.ga
IdentityFile ~/.ssh/id_ed25519
user Snowden
Port 22
ServerAliveInterval 5
With such a configuration, the following commands are equivalent
$ ssh -p port user@server-address
$ ssh myserver
Server usage
Configuration
The SSH daemon configuration file can be found and edited in /etc/ssh/sshd_config.
To allow access only for some users add this line:
AllowUsers user1 user2
To allow access only for some groups:
AllowGroups group1 group2
To add a nice welcome message (e.g. from the /etc/issue file), configure the Banner option:
Banner /etc/issue
Copy public key to server
$ ssh-copy-id -i ~/.ssh/mykey.pub user@host
Securing the authorized_keys file
For additional protection, you can prevent users from adding new public keys and connecting from them.
In the server, make the authorized_keys file read-only for the user and deny all other permissions:
$ chmod 400 ~/.ssh/authorized_keys