Skip to content

ssh

Port Forwarding


ssh -L 8080:www.ubuntuforums.org:80 $USER@$HOST

Generate a SSH Key

  • Permissions on private key are 700
# COPY ONE AT A TIME
ssh-keygen -t rsa -b 4096 -C "devgoalposts@protonmail.com"
# Without email
# ssh-keygen -o
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa
# Can add any file as long as it has 700 permissions
# ssh-add -k ~/.ssh/id_rsa
cat ~/.ssh/id_rsa.pub

Setup ssh server

# Install OpenSSH server
sudo apt-get install openssh-server
sudo systemctl start ssh
sudo systemctl enable ssh

Copy SSH keys to server

ssh-copy-id username@domain
ssh-copy-id -f -i <path to public key> username@domain

Disable password login

sudo vi /etc/ssh/sshd_config
# Change the following settings
# ChallengeResponseAuthentication no
# PasswordAuthentication no
# UsePAM no
# PermitRootLogin no

# Now reload the server
/etc/init.d/ssh reload
# or
sudo systemctl reload ssh
# or RHEL style
sudo systemctl reload sshd
# Test password ChallengeResponseAuthentication
ssh dentropy@somedomain.local -o PubkeyAuthentication=no

List ssh identity's

ssh-add -l

Security

Generate public key from private key


ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub

SSH without using private key


ssh -o PreferredAuthentications=password \
    -o PubkeyAuthentication=no user@server

SSH Backlog - TODO