Home Explore Help
Register Sign In
shmalebx9
/
Glowfull
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
Glowfull
/
HomeServer
/
ssh.md

ssh.md 2.3 KB
Permalink History Raw

title: Basic SSH Guide x-toc-enable: true ...

Introduction

In order to make use of your home server, you'll want to make sure you are running a properly configured ssh daemon. Your home server does not need a display since you'll be managing it with ssh. It is possible to perform a network install with many common distros, but I'll assume that you are configuring ssh with a display for the sake of simplicity.

Install and enable sshd: If your distro does not come with openssh installed you need to install it before moving forward. To make your home server reachable via ssh, you also need to enable and run the service. For example, on a SystemD system, you can run:

systemctl enable sshd
systemctl start sshd

Securing SSH

Once you open your server to the internet you might be the target of constant spamming by bots trying to break into your system. The main way bots will try to break in is by spamming port 22 with password guesses. In order to prevent such an attack you need to disable password authentication and change to a non-standard port.

Before switching off password authentication you need to configure ssh-key authentication. Make sure you have an ssh-key generated on all the devices you'll be using to connect to your server by running ssh-keygen. Accepting all of the defaults is generally sufficient.

Copy your public keys from all your devices by running ssh-copy-id myserver@192.168.1.47. Your server will no longer ask for a password when you log in.

From the server, edit the sshd config (usually at /etc/ssh/sshd_config). You need to change the port to a random port, disable password authentication, and prevent root login. Make sure your config does not have any conflicting settings. For example:

> vim /etc/ssh/sshd_config
PasswordAuthentication no
AuthenticationMethods publickey
Port 3033
PermitRootLogin no

Make sure the port you pick is between 1024 and 65535 and is not used by any other services on the network. Restart the sshd service and try connecting with the specified port from another device. For example:

systemctl restart sshd
ssh myserver@192.168.1.47 -p 3033 # from the other device

If you've set up everything correctly, you can now connect to your server without a screen and manage it from any of your devices.