Back to main index

Secure Shell

Install openssh with:

dnf install openssh

Configure ssh client
emacs /etc/ssh/ssh_config

Host *
HashKnownHosts yes
StrictHostKeyChecking ask
Protocol 2

Configure ssh daemon
emacs /etc/ssh/sshd_config

Port 22
# HostKey - do not change these lines; Host identity defers a man-in-the-middle attack.
Protocol 2
PermitRootLogin no
MaxAuthTries 6
MaxSessions 10
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
AllowUsers mihai

Open ssh port 22 in firewall (iptables)

Check /etc/hosts.allow and /hosts.deny

Start the service

systemctl  enable  sshd.service
systemctl  start   sshd

Login to server with the user account and generate the ssh keys

Generate a RSA (Rivest-Shamir-Adleman) on 4096 bits -can be imported by Putty

ssh-keygen -t rsa -b 4096

The public key contains data for the server

The private key id_rsa contains private data for the client (mobile@localdomain)

cat ~/.ssh/
cat ~/.ssh/id_rsa
cat ~/.ssh/ >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Copy the keys from the remote computer to local computer.
You should not be logged into the remote computer.
scp does not require a pre-existing ssh connection.
scp example 1 and scp example 2

scp mihai@     /home/mihai
scp mihai@$DIGITALOCEAN:/home/mihai/.ssh/  /home/mihai

You can remove the keys from the server.

rm ~/.ssh/id_rsa
rm ~/.ssh/

Restart ssh to test the new key.

systemctl restart sshd.service
systemctl status  sshd.service

You have now the private key (id_rsa) on client computer (mobile#localdomain)

mv ~/.ssh/id_rsa ~/.ssh/id_rsa_home_key
chmod 400 ~/.ssh/id_rsa_home_key

I do not set a ssh-agent as I need to remember always the pass-phrase for my keys

Login into sshd on my home server (, port 22)

ssh -l mihai -i ~/.ssh/id_rsa_home_key

ssh login with X11 forwarding

ssh -X -l mihai -i ~/.ssh/id_rsa_home_key

ssh login with tunnelling to C7 running in virtualbox

ssh -L 5903: -i ~/.ssh/id_rsa_c7 -l mihai

Set up a connection alias

emacs ~/.bashrc

alias server='ssh -l mihai -i ~/.ssh/id_rsa_home_key'

# copy files into server's home over ssh
    scp -i $HOME/.ssh/id_rsa_home_key $1$HOME

alias scp2server=scp_copy

Back to main index